diff --git a/Server/Controllers/AuthenticationController.cs b/Server/Controllers/AuthenticationController.cs index 2f25cd9..5e7e26a 100644 --- a/Server/Controllers/AuthenticationController.cs +++ b/Server/Controllers/AuthenticationController.cs @@ -1,3 +1,4 @@ +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Options; using Server.Configurations; @@ -71,11 +72,12 @@ public class AuthenticationController : ControllerBase return Ok(authResponse); } + [Authorize(AuthenticationSchemes = "Bearer")] [HttpPost("revoke-session")] - public async Task RevokeToken([FromBody] RevokeRefreshTokenRequest revokeRequest) + public async Task RevokeToken() { // accept token from request body or cookie - var token = revokeRequest.RefreshToken ?? Request.Cookies["refreshToken"]; + var token = Request.Cookies["refreshToken"]; if (string.IsNullOrEmpty(token)) { return BadRequest(new ResponseBase{ Message = "Refresh token is required." }); @@ -87,6 +89,8 @@ public class AuthenticationController : ControllerBase return NotFound(new ResponseBase{ Message = "Refresh token not found." }); } + Response.Cookies.Delete("refreshToken"); + return Ok(new ResponseBase{ Message = "Refresh token revoked." }); } diff --git a/Server/Models/RefreshToken.cs b/Server/Models/RefreshToken.cs index 940584f..493e274 100644 --- a/Server/Models/RefreshToken.cs +++ b/Server/Models/RefreshToken.cs @@ -6,9 +6,9 @@ namespace Server.Models; public class RefreshToken { public string Token { get; set; } = null!; - public DateTime Expires { get; set; } - public bool IsExpired => DateTime.UtcNow >= Expires; - public DateTime Created { get; set; } + public DateTime ExpiryDateTime { get; set; } + public bool IsExpired => DateTime.UtcNow >= ExpiryDateTime; + public DateTime CreationDateTime { get; set; } public DateTime? Revoked { get; set; } public bool IsActive => Revoked == null && !IsExpired; } \ No newline at end of file diff --git a/Server/Services/AuthenticationService.cs b/Server/Services/AuthenticationService.cs index 7578c91..11f0b9c 100644 --- a/Server/Services/AuthenticationService.cs +++ b/Server/Services/AuthenticationService.cs @@ -87,13 +87,13 @@ public class AuthenticationService : IAuthenticationService var activeRefreshToken = user.RefreshTokens.First(t => t.IsActive); refreshTokenString = activeRefreshToken.Token; - authResponse.RefreshTokenExpirationDate = activeRefreshToken.Expires; + authResponse.RefreshTokenExpirationDate = activeRefreshToken.ExpiryDateTime; } else { var refreshToken = CreateRefreshToken(); refreshTokenString = refreshToken.Token; - authResponse.RefreshTokenExpirationDate = refreshToken.Expires; + authResponse.RefreshTokenExpirationDate = refreshToken.ExpiryDateTime; user.RefreshTokens.Add(refreshToken); await _userManager.UpdateAsync(user); } @@ -135,7 +135,7 @@ public class AuthenticationService : IAuthenticationService var jwtSecurityToken = await CreateJwtToken(user); authResponse.Token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken); - authResponse.RefreshTokenExpirationDate = newRefreshToken.Expires; + authResponse.RefreshTokenExpirationDate = newRefreshToken.ExpiryDateTime; return (true, authResponse, newRefreshToken.Token); } @@ -208,8 +208,8 @@ public class AuthenticationService : IAuthenticationService return new RefreshToken { Token = Convert.ToBase64String(randomNumber), - Created = DateTime.UtcNow, - Expires = DateTime.UtcNow.AddDays(_jwt.RefreshTokenValidityInDays) + CreationDateTime = DateTime.UtcNow, + ExpiryDateTime = DateTime.UtcNow.AddDays(_jwt.RefreshTokenValidityInDays) }; } } \ No newline at end of file