cuqmbr/auto.bus_api
1
0
Fork 0
Code Issues Pull Requests Activity

refactor: modify refresh token field names, add authorization & cookie deletion in revoke-session endpoint

Browse Source
This commit is contained in:
cuqmbr 2022-11-15 17:21:26 +02:00
parent d3ed7abe89
commit 9b076610ca
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Server/Controllers/AuthenticationController.cs
View File

@ -1,3 +1,4 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
using Server.Configurations; using Server.Configurations;
@ -71,11 +72,12 @@ public class AuthenticationController : ControllerBase
return Ok(authResponse); return Ok(authResponse);
} }
[Authorize(AuthenticationSchemes = "Bearer")]
[HttpPost("revoke-session")] [HttpPost("revoke-session")]
public async Task<IActionResult> RevokeToken([FromBody] RevokeRefreshTokenRequest revokeRequest) public async Task<IActionResult> RevokeToken()
{ {
// accept token from request body or cookie // accept token from request body or cookie
var token = revokeRequest.RefreshToken ?? Request.Cookies["refreshToken"]; var token = Request.Cookies["refreshToken"];
if (string.IsNullOrEmpty(token)) if (string.IsNullOrEmpty(token))
{ {
return BadRequest(new ResponseBase{ Message = "Refresh token is required." }); return BadRequest(new ResponseBase{ Message = "Refresh token is required." });
@ -87,6 +89,8 @@ public class AuthenticationController : ControllerBase
return NotFound(new ResponseBase{ Message = "Refresh token not found." }); return NotFound(new ResponseBase{ Message = "Refresh token not found." });
} }
Response.Cookies.Delete("refreshToken");
return Ok(new ResponseBase{ Message = "Refresh token revoked." }); return Ok(new ResponseBase{ Message = "Refresh token revoked." });
} }

6
Server/Models/RefreshToken.cs
View File

@ -6,9 +6,9 @@ namespace Server.Models;
public class RefreshToken public class RefreshToken
{ {
public string Token { get; set; } = null!; public string Token { get; set; } = null!;
public DateTime Expires { get; set; } public DateTime ExpiryDateTime { get; set; }
public bool IsExpired => DateTime.UtcNow >= Expires; public bool IsExpired => DateTime.UtcNow >= ExpiryDateTime;
public DateTime Created { get; set; } public DateTime CreationDateTime { get; set; }
public DateTime? Revoked { get; set; } public DateTime? Revoked { get; set; }
public bool IsActive => Revoked == null && !IsExpired; public bool IsActive => Revoked == null && !IsExpired;
} }

10
Server/Services/AuthenticationService.cs
View File

@ -87,13 +87,13 @@ public class AuthenticationService : IAuthenticationService
var activeRefreshToken = var activeRefreshToken =
user.RefreshTokens.First(t => t.IsActive); user.RefreshTokens.First(t => t.IsActive);
refreshTokenString = activeRefreshToken.Token; refreshTokenString = activeRefreshToken.Token;
authResponse.RefreshTokenExpirationDate = activeRefreshToken.Expires; authResponse.RefreshTokenExpirationDate = activeRefreshToken.ExpiryDateTime;
} }
else else
{ {
var refreshToken = CreateRefreshToken(); var refreshToken = CreateRefreshToken();
refreshTokenString = refreshToken.Token; refreshTokenString = refreshToken.Token;
authResponse.RefreshTokenExpirationDate = refreshToken.Expires; authResponse.RefreshTokenExpirationDate = refreshToken.ExpiryDateTime;
user.RefreshTokens.Add(refreshToken); user.RefreshTokens.Add(refreshToken);
await _userManager.UpdateAsync(user); await _userManager.UpdateAsync(user);
} }
@ -135,7 +135,7 @@ public class AuthenticationService : IAuthenticationService
var jwtSecurityToken = await CreateJwtToken(user); var jwtSecurityToken = await CreateJwtToken(user);
authResponse.Token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken); authResponse.Token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
authResponse.RefreshTokenExpirationDate = newRefreshToken.Expires; authResponse.RefreshTokenExpirationDate = newRefreshToken.ExpiryDateTime;
return (true, authResponse, newRefreshToken.Token); return (true, authResponse, newRefreshToken.Token);
} }
@ -208,8 +208,8 @@ public class AuthenticationService : IAuthenticationService
return new RefreshToken return new RefreshToken
{ {
Token = Convert.ToBase64String(randomNumber), Token = Convert.ToBase64String(randomNumber),
Created = DateTime.UtcNow, CreationDateTime = DateTime.UtcNow,
Expires = DateTime.UtcNow.AddDays(_jwt.RefreshTokenValidityInDays) ExpiryDateTime = DateTime.UtcNow.AddDays(_jwt.RefreshTokenValidityInDays)
}; };
} }
} }