Added refresh tokens and reorganized file structure
This commit is contained in:
Veljko Tosic
@@ -2,17 +2,21 @@ using AipsCore.Application.Common.Authentication;
|
||||
using AipsCore.Domain.Common.Validation;
|
||||
using AipsCore.Domain.Models.User.External;
|
||||
using AipsCore.Domain.Models.User.Validation;
|
||||
using AipsCore.Infrastructure.Persistence.Db;
|
||||
using AipsCore.Infrastructure.Persistence.User.Mappers;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication;
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication.AuthService;
|
||||
|
||||
public class EfAuthService : IAuthService
|
||||
{
|
||||
private readonly AipsDbContext _dbContext;
|
||||
private readonly UserManager<User.User> _userManager;
|
||||
|
||||
public EfAuthService(UserManager<User.User> userManager)
|
||||
public EfAuthService(AipsDbContext dbContext, UserManager<User.User> userManager)
|
||||
{
|
||||
_dbContext = dbContext;
|
||||
_userManager = userManager;
|
||||
}
|
||||
|
||||
@@ -61,4 +65,28 @@ public class EfAuthService : IAuthService
|
||||
|
||||
return new LoginResult(entity.MapToModel(), roles);
|
||||
}
|
||||
|
||||
public async Task<LoginResult> LoginWithRefreshTokenAsync(Application.Common.Authentication.Models.RefreshToken refreshToken, CancellationToken cancellationToken = default)
|
||||
{
|
||||
var entity = await _userManager.FindByIdAsync(refreshToken.UserId);
|
||||
|
||||
if (entity is null)
|
||||
{
|
||||
throw new ValidationException(UserErrors.InvalidCredentials());
|
||||
}
|
||||
|
||||
var roles = new List<UserRole>();
|
||||
var rolesNames = await _userManager.GetRolesAsync(entity);
|
||||
|
||||
foreach (var roleName in rolesNames)
|
||||
{
|
||||
var role = UserRole.FromString(roleName);
|
||||
|
||||
if (role is null) throw new Exception($"Role {roleName} not found");
|
||||
|
||||
roles.Add(role);
|
||||
}
|
||||
|
||||
return new LoginResult(entity.MapToModel(), roles);
|
||||
}
|
||||
}
|
||||
@@ -1,4 +1,4 @@
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication;
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication.Jwt;
|
||||
|
||||
public sealed class JwtSettings
|
||||
{
|
||||
@@ -6,4 +6,5 @@ public sealed class JwtSettings
|
||||
public string Audience { get; init; } = null!;
|
||||
public string Key { get; init; } = null!;
|
||||
public int ExpirationMinutes { get; init; }
|
||||
public int RefreshTokenExpirationDays { get; init; }
|
||||
}
|
||||
@@ -1,11 +1,12 @@
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
using AipsCore.Application.Abstract.UserContext;
|
||||
using AipsCore.Domain.Models.User.External;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication;
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication.Jwt;
|
||||
|
||||
public class JwtTokenProvider : ITokenProvider
|
||||
{
|
||||
@@ -16,7 +17,7 @@ public class JwtTokenProvider : ITokenProvider
|
||||
_jwtSettings = jwtSettings;
|
||||
}
|
||||
|
||||
public string Generate(Domain.Models.User.User user, IList<UserRole> roles)
|
||||
public string GenerateAccessToken(Domain.Models.User.User user, IList<UserRole> roles)
|
||||
{
|
||||
var claims = new List<Claim>
|
||||
{
|
||||
@@ -42,4 +43,9 @@ public class JwtTokenProvider : ITokenProvider
|
||||
|
||||
return new JwtSecurityTokenHandler().WriteToken(token);
|
||||
}
|
||||
|
||||
public string GenerateRefreshToken()
|
||||
{
|
||||
return Convert.ToBase64String(RandomNumberGenerator.GetBytes(64));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication.RefreshToken;
|
||||
|
||||
public class RefreshToken
|
||||
{
|
||||
[Key]
|
||||
public Guid Id { get; set; }
|
||||
|
||||
[Required]
|
||||
[MaxLength(255)]
|
||||
public required string Token { get; set; }
|
||||
|
||||
|
||||
public Guid UserId { get; set; }
|
||||
public User.User User { get; set; } = null!;
|
||||
|
||||
public DateTime ExpiresAt { get; set; }
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication.RefreshToken;
|
||||
|
||||
public class RefreshTokenException : Exception
|
||||
{
|
||||
private const string InvalidTokenMessage = "Invalud token";
|
||||
private const string TokenExpiredMessage = "Token expired";
|
||||
|
||||
public RefreshTokenException(string message)
|
||||
: base(message)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
public static RefreshTokenException InvalidToken() => new(InvalidTokenMessage);
|
||||
public static RefreshTokenException TokenExpired() => new(TokenExpiredMessage);
|
||||
}
|
||||
@@ -0,0 +1,12 @@
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication.RefreshToken;
|
||||
|
||||
public static class RefreshTokenMappers
|
||||
{
|
||||
public static Application.Common.Authentication.Models.RefreshToken MapToModel(this RefreshToken entity)
|
||||
{
|
||||
return new Application.Common.Authentication.Models.RefreshToken(
|
||||
entity.Token,
|
||||
entity.UserId.ToString(),
|
||||
entity.ExpiresAt);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,64 @@
|
||||
using AipsCore.Application.Abstract.UserContext;
|
||||
using AipsCore.Domain.Models.User.ValueObjects;
|
||||
using AipsCore.Infrastructure.Persistence.Authentication.Jwt;
|
||||
using AipsCore.Infrastructure.Persistence.Db;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication.RefreshToken;
|
||||
|
||||
public class RefreshTokenRepository : IRefreshTokenRepository
|
||||
{
|
||||
private readonly AipsDbContext _dbContext;
|
||||
private readonly JwtSettings _jwtSettings;
|
||||
|
||||
public RefreshTokenRepository(AipsDbContext dbContext, JwtSettings jwtSettings)
|
||||
{
|
||||
_dbContext = dbContext;
|
||||
_jwtSettings = jwtSettings;
|
||||
}
|
||||
|
||||
|
||||
public async Task AddAsync(string token, UserId userId, CancellationToken cancellationToken = default)
|
||||
{
|
||||
var refreshToken = new RefreshToken()
|
||||
{
|
||||
Id = Guid.NewGuid(),
|
||||
Token = token,
|
||||
UserId = new Guid(userId.IdValue),
|
||||
ExpiresAt = DateTime.UtcNow.AddDays(_jwtSettings.RefreshTokenExpirationDays)
|
||||
};
|
||||
|
||||
await _dbContext.AddAsync(refreshToken, cancellationToken);
|
||||
}
|
||||
|
||||
public async Task<Application.Common.Authentication.Models.RefreshToken> GetByValueAsync(string token, CancellationToken cancellationToken = default)
|
||||
{
|
||||
var entity = await _dbContext.RefreshTokens.FirstOrDefaultAsync(x => x.Token == token, cancellationToken);
|
||||
|
||||
if (entity is null)
|
||||
{
|
||||
throw RefreshTokenException.InvalidToken();
|
||||
}
|
||||
|
||||
if (entity.ExpiresAt < DateTime.UtcNow)
|
||||
{
|
||||
throw RefreshTokenException.TokenExpired();
|
||||
}
|
||||
|
||||
return entity.MapToModel();
|
||||
}
|
||||
|
||||
public async Task RevokeAsync(string token, CancellationToken cancellationToken = default)
|
||||
{
|
||||
await _dbContext.RefreshTokens
|
||||
.Where(x => x.Token == token)
|
||||
.ExecuteDeleteAsync(cancellationToken);
|
||||
}
|
||||
|
||||
public async Task RevokeAllAsync(UserId userId, CancellationToken cancellationToken = default)
|
||||
{
|
||||
await _dbContext.RefreshTokens
|
||||
.Where(x => x.UserId == new Guid(userId.IdValue))
|
||||
.ExecuteDeleteAsync(cancellationToken);
|
||||
}
|
||||
}
|
||||
@@ -3,7 +3,7 @@ using AipsCore.Application.Abstract.UserContext;
|
||||
using AipsCore.Domain.Models.User.ValueObjects;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication;
|
||||
namespace AipsCore.Infrastructure.Persistence.Authentication.UserContext;
|
||||
|
||||
public class HttpUserContext : IUserContext
|
||||
{
|
||||
Reference in New Issue
Block a user