cuqmbr/auto.bus_api
1
0
Fork 0
Code Issues Pull Requests Activity

feat: add api authentication refresh tokens

Browse Source
This commit is contained in:
cuqmbr 2022-09-02 20:57:12 +03:00
parent 4170609af9
commit dc05ff589a
15 changed files with 607 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
Server/Controllers/AuthenticationController.cs
View File

@ -1,18 +1,23 @@
using System.Diagnostics.CodeAnalysis;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Server.Services;
using Server.Settings;
using SharedModels.Requests;
namespace Server.Controllers;
[Route("api/[controller]")]
[Route("api/authentication")]
[ApiController]
public class AuthenticationController : ControllerBase
{
private readonly IAuthenticationService _authService;
private readonly Jwt _jwt;
public AuthenticationController(IAuthenticationService authService)
public AuthenticationController(IAuthenticationService authService, IOptions<Jwt> jwt)
{
_authService = authService;
_jwt = jwt.Value;
}
[HttpPost("register")]
@ -28,16 +33,67 @@ public class AuthenticationController : ControllerBase
return Ok(result);
}
[HttpPost("token")]
[HttpPost("authenticate")]
public async Task<IActionResult> GetTokenAsync(AuthenticationRequest authRequest)
{
var authResponse = await _authService.GetTokenAsync(authRequest);
var authResponse = await _authService.AuthenticateAsync(authRequest);
if (!authResponse.IsAuthenticated)
{
return BadRequest(authResponse);
}
SetRefreshTokenInCookie(authResponse.RefreshToken);
return Ok(authResponse);
}
[HttpPost("renew-session")]
public async Task<IActionResult> RenewTokens()
{
var refreshToken = Request.Cookies["refreshToken"];
var authResponse = await _authService.RenewRefreshTokenAsync(refreshToken);
if (!authResponse.IsAuthenticated)
{
return BadRequest(authResponse);
}
if (!String.IsNullOrEmpty(authResponse.RefreshToken))
{
SetRefreshTokenInCookie(authResponse.RefreshToken);
}
return Ok(authResponse);
}
[HttpPost("revoke-session")]
public async Task<IActionResult> RevokeToken([FromBody] RevokeRefreshTokenRequest revokeRequest)
{
// accept token from request body or cookie
var token = revokeRequest?.Token ?? Request.Cookies["refreshToken"];
if (string.IsNullOrEmpty(token))
{
return BadRequest(new { message = "Refresh token is required." });
}
var response = await _authService.RevokeRefreshToken(token);
if (!response)
{
return NotFound(new { message = "Refresh token not found." });
}
return Ok(new { message = "Refresh token revoked." });
}
private void SetRefreshTokenInCookie(string refreshToken)
{
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Expires = DateTime.UtcNow.AddDays(_jwt.RefreshTokenValidityInDays)
};
Response.Cookies.Append("refreshToken", refreshToken, cookieOptions);
}
}

2
Server/Controllers/SecuredController.cs
View File

@ -4,7 +4,7 @@ using Microsoft.AspNetCore.Mvc;
namespace Server.Controllers;
[Authorize(Roles = "Admin")]
[Route("api/[controller]")]
[Route("api/secured")]
[ApiController]
public class SecuredController : ControllerBase
{

14
Server/Entities/RefreshToken.cs Normal file
View File

@ -0,0 +1,14 @@
using Microsoft.EntityFrameworkCore;
namespace Server.Entities;
[Owned]
public class RefreshToken
{
public string Token { get; set; } = null!;
public DateTime Expires { get; set; }
public bool IsExpired => DateTime.UtcNow >= Expires;
public DateTime Created { get; set; }
public DateTime? Revoked { get; set; }
public bool IsActive => Revoked == null && !IsExpired;
}

319
Server/Migrations/20220902061345_Add refresh tokens.Designer.cs generated Normal file
View File

@ -0,0 +1,319 @@
// <auto-generated />
using System;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
using Server.Data;
#nullable disable
namespace Server.Migrations
{
[DbContext(typeof(ApplicationDbContext))]
[Migration("20220902061345_Add refresh tokens")]
partial class Addrefreshtokens
{
protected override void BuildTargetModel(ModelBuilder modelBuilder)
{
#pragma warning disable 612, 618
modelBuilder
.HasAnnotation("ProductVersion", "6.0.8")
.HasAnnotation("Relational:MaxIdentifierLength", 63);
NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Name")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedName")
.IsUnique()
.HasDatabaseName("RoleNameIndex");
b.ToTable("AspNetRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("RoleId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("RoleId");
b.ToTable("AspNetRoleClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
b.Property<string>("ClaimType")
.HasColumnType("text");
b.Property<string>("ClaimValue")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("Id");
b.HasIndex("UserId");
b.ToTable("AspNetUserClaims", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("ProviderKey")
.HasColumnType("text");
b.Property<string>("ProviderDisplayName")
.HasColumnType("text");
b.Property<string>("UserId")
.IsRequired()
.HasColumnType("text");
b.HasKey("LoginProvider", "ProviderKey");
b.HasIndex("UserId");
b.ToTable("AspNetUserLogins", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("RoleId")
.HasColumnType("text");
b.HasKey("UserId", "RoleId");
b.HasIndex("RoleId");
b.ToTable("AspNetUserRoles", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.Property<string>("UserId")
.HasColumnType("text");
b.Property<string>("LoginProvider")
.HasColumnType("text");
b.Property<string>("Name")
.HasColumnType("text");
b.Property<string>("Value")
.HasColumnType("text");
b.HasKey("UserId", "LoginProvider", "Name");
b.ToTable("AspNetUserTokens", (string)null);
});
modelBuilder.Entity("Server.Models.ApplicationUser", b =>
{
b.Property<string>("Id")
.HasColumnType("text");
b.Property<int>("AccessFailedCount")
.HasColumnType("integer");
b.Property<string>("ConcurrencyStamp")
.IsConcurrencyToken()
.HasColumnType("text");
b.Property<string>("Email")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<bool>("EmailConfirmed")
.HasColumnType("boolean");
b.Property<string>("FirstName")
.HasColumnType("text");
b.Property<string>("LastName")
.HasColumnType("text");
b.Property<bool>("LockoutEnabled")
.HasColumnType("boolean");
b.Property<DateTimeOffset?>("LockoutEnd")
.HasColumnType("timestamp with time zone");
b.Property<string>("NormalizedEmail")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("NormalizedUserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("PasswordHash")
.HasColumnType("text");
b.Property<string>("PhoneNumber")
.HasColumnType("text");
b.Property<bool>("PhoneNumberConfirmed")
.HasColumnType("boolean");
b.Property<string>("SecurityStamp")
.HasColumnType("text");
b.Property<bool>("TwoFactorEnabled")
.HasColumnType("boolean");
b.Property<string>("UserName")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.HasKey("Id");
b.HasIndex("NormalizedEmail")
.HasDatabaseName("EmailIndex");
b.HasIndex("NormalizedUserName")
.IsUnique()
.HasDatabaseName("UserNameIndex");
b.ToTable("AspNetUsers", (string)null);
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
{
b.HasOne("Server.Models.ApplicationUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
{
b.HasOne("Server.Models.ApplicationUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
{
b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
.WithMany()
.HasForeignKey("RoleId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
b.HasOne("Server.Models.ApplicationUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
{
b.HasOne("Server.Models.ApplicationUser", null)
.WithMany()
.HasForeignKey("UserId")
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Server.Models.ApplicationUser", b =>
{
b.OwnsMany("Server.Entities.RefreshToken", "RefreshTokens", b1 =>
{
b1.Property<string>("ApplicationUserId")
.HasColumnType("text");
b1.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b1.Property<int>("Id"));
b1.Property<DateTime>("Created")
.HasColumnType("timestamp with time zone");
b1.Property<DateTime>("Expires")
.HasColumnType("timestamp with time zone");
b1.Property<DateTime?>("Revoked")
.HasColumnType("timestamp with time zone");
b1.Property<string>("Token")
.IsRequired()
.HasColumnType("text");
b1.HasKey("ApplicationUserId", "Id");
b1.ToTable("RefreshToken");
b1.WithOwner()
.HasForeignKey("ApplicationUserId");
});
b.Navigation("RefreshTokens");
});
#pragma warning restore 612, 618
}
}
}

43
Server/Migrations/20220902061345_Add refresh tokens.cs Normal file
View File

@ -0,0 +1,43 @@
using System;
using Microsoft.EntityFrameworkCore.Migrations;
using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
#nullable disable
namespace Server.Migrations
{
public partial class Addrefreshtokens : Migration
{
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "RefreshToken",
columns: table => new
{
ApplicationUserId = table.Column<string>(type: "text", nullable: false),
Id = table.Column<int>(type: "integer", nullable: false)
.Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
Token = table.Column<string>(type: "text", nullable: false),
Expires = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
Created = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
Revoked = table.Column<DateTime>(type: "timestamp with time zone", nullable: true)
},
constraints: table =>
{
table.PrimaryKey("PK_RefreshToken", x => new { x.ApplicationUserId, x.Id });
table.ForeignKey(
name: "FK_RefreshToken_AspNetUsers_ApplicationUserId",
column: x => x.ApplicationUserId,
principalTable: "AspNetUsers",
principalColumn: "Id",
onDelete: ReferentialAction.Cascade);
});
}
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropTable(
name: "RefreshToken");
}
}
}

37
Server/Migrations/ApplicationDbContextModelSnapshot.cs
View File

@ -274,6 +274,43 @@ namespace Server.Migrations
.OnDelete(DeleteBehavior.Cascade)
.IsRequired();
});
modelBuilder.Entity("Server.Models.ApplicationUser", b =>
{
b.OwnsMany("Server.Entities.RefreshToken", "RefreshTokens", b1 =>
{
b1.Property<string>("ApplicationUserId")
.HasColumnType("text");
b1.Property<int>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("integer");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b1.Property<int>("Id"));
b1.Property<DateTime>("Created")
.HasColumnType("timestamp with time zone");
b1.Property<DateTime>("Expires")
.HasColumnType("timestamp with time zone");
b1.Property<DateTime?>("Revoked")
.HasColumnType("timestamp with time zone");
b1.Property<string>("Token")
.IsRequired()
.HasColumnType("text");
b1.HasKey("ApplicationUserId", "Id");
b1.ToTable("RefreshToken");
b1.WithOwner()
.HasForeignKey("ApplicationUserId");
});
b.Navigation("RefreshTokens");
});
#pragma warning restore 612, 618
}
}

2
Server/Models/ApplicationUser.cs
View File

@ -1,4 +1,5 @@
using Microsoft.AspNetCore.Identity;
using Server.Entities;
namespace Server.Models;
@ -6,4 +7,5 @@ public class ApplicationUser : IdentityUser
{
public string? FirstName { get; set; }
public string? LastName { get; set; }
public List<RefreshToken> RefreshTokens { get; set; } = null!;
}

8
Server/Program.cs
View File

@ -87,10 +87,10 @@ if (app.Environment.IsDevelopment())
app.UseHttpsRedirection();
// Data seeding
using var scope = app.Services.CreateScope();
var userManager = (UserManager<ApplicationUser>)scope.ServiceProvider.GetService(typeof(UserManager<ApplicationUser>))!;
var roleManager = (RoleManager<IdentityRole>)scope.ServiceProvider.GetService(typeof(RoleManager<IdentityRole>))!;
await ApplicationDbContextSeed.SeedEssentialsAsync(userManager, roleManager);
// using var scope = app.Services.CreateScope();
// var userManager = (UserManager<ApplicationUser>)scope.ServiceProvider.GetService(typeof(UserManager<ApplicationUser>))!;
// var roleManager = (RoleManager<IdentityRole>)scope.ServiceProvider.GetService(typeof(RoleManager<IdentityRole>))!;
// await ApplicationDbContextSeed.SeedEssentialsAsync(userManager, roleManager);
app.MapControllers();

110
Server/Services/AuthenticationService.cs
View File

@ -1,10 +1,13 @@
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using Server.Constants;
using Server.Entities;
using Server.Models;
using Server.Settings;
using SharedModels.Requests;
@ -18,7 +21,8 @@ public class AuthenticationService : IAuthenticationService
private readonly RoleManager<IdentityRole> _roleManager;
private readonly Jwt _jwt;
public AuthenticationService(UserManager<ApplicationUser> userManager, RoleManager<IdentityRole> roleManager, IOptions<Jwt> jwt)
public AuthenticationService(UserManager<ApplicationUser> userManager,
RoleManager<IdentityRole> roleManager, IOptions<Jwt> jwt)
{
_userManager = userManager;
_roleManager = roleManager;
@ -47,7 +51,7 @@ public class AuthenticationService : IAuthenticationService
}
}
public async Task<AuthenticationResponse> GetTokenAsync(AuthenticationRequest authRequest)
public async Task<AuthenticationResponse> AuthenticateAsync(AuthenticationRequest authRequest)
{
var authResponse = new AuthenticationResponse();
@ -75,8 +79,95 @@ public class AuthenticationService : IAuthenticationService
var jwtSecurityToken = await CreateJwtToken(user);
authResponse.Token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
if (user.RefreshTokens.Any(t => t.IsActive))
{
var activeRefreshToken =
user.RefreshTokens.First(t => t.IsActive);
authResponse.RefreshToken = activeRefreshToken.Token;
authResponse.RefreshTokenExpiration = activeRefreshToken.Expires;
}
else
{
var refreshToken = CreateRefreshToken();
authResponse.RefreshToken = refreshToken.Token;
authResponse.RefreshTokenExpiration = refreshToken.Expires;
user.RefreshTokens.Add(refreshToken);
await _userManager.UpdateAsync(user);
}
return authResponse;
}
public async Task<AuthenticationResponse> RenewRefreshTokenAsync(string? token)
{
var authResponse = new AuthenticationResponse();
var user = await _userManager.Users.SingleOrDefaultAsync(u =>
u.RefreshTokens.Any(t => t.Token == token));
if (user == null)
{
authResponse.IsAuthenticated = false;
authResponse.Message = "Refresh token did not mach any user.";
return authResponse;
}
var refreshToken = user.RefreshTokens.Single(t => t.Token == token);
if (!refreshToken.IsActive)
{
authResponse.IsAuthenticated = false;
authResponse.Message = "Refresh token expired.";
return authResponse;
}
//Revoke Current Refresh Token
refreshToken.Revoked = DateTime.UtcNow;
//Generate new Refresh Token and save to Database
var newRefreshToken = CreateRefreshToken();
user.RefreshTokens.Add(newRefreshToken);
await _userManager.UpdateAsync(user);
//Generates new jwt
authResponse.IsAuthenticated = true;
authResponse.Email = user.Email;
authResponse.UserName = user.UserName;
var roles = await _userManager.GetRolesAsync(user);
authResponse.Roles = roles.ToList();
var jwtSecurityToken = await CreateJwtToken(user);
authResponse.Token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
authResponse.RefreshToken = newRefreshToken.Token;
authResponse.RefreshTokenExpiration = newRefreshToken.Expires;
return authResponse;
}
public async Task<bool> RevokeRefreshToken(string? token)
{
var user = await _userManager.Users.SingleOrDefaultAsync(u =>
u.RefreshTokens.Any(t => t.Token == token));
if (user == null)
{
return false;
}
var refreshToken = user.RefreshTokens.Single(x => x.Token == token);
if (!refreshToken.IsActive)
{
return false;
}
refreshToken.Revoked = DateTime.UtcNow;
await _userManager.UpdateAsync(user);
return true;
}
private async Task<JwtSecurityToken> CreateJwtToken(ApplicationUser user)
{
@ -112,4 +203,19 @@ public class AuthenticationService : IAuthenticationService
return jwtSecurityToken;
}
private RefreshToken CreateRefreshToken()
{
var randomNumber = new byte[32];
using var rng = RandomNumberGenerator.Create();
rng.GetNonZeroBytes(randomNumber);
return new RefreshToken
{
Token = Convert.ToBase64String(randomNumber),
Created = DateTime.UtcNow,
Expires = DateTime.UtcNow.AddDays(_jwt.RefreshTokenValidityInDays)
};
}
}

6
Server/Services/IAuthenticationService.cs
View File

@ -8,5 +8,9 @@ public interface IAuthenticationService
{
Task<(bool succeeded, string message)> RegisterAsync(RegistrationRequest regRequest);
Task<AuthenticationResponse> GetTokenAsync(AuthenticationRequest authRequest);
Task<AuthenticationResponse> AuthenticateAsync(AuthenticationRequest authRequest);
Task<AuthenticationResponse> RenewRefreshTokenAsync(string? token);
Task<bool> RevokeRefreshToken(string? token);
}

1
Server/Settings/Jwt.cs
View File

@ -6,4 +6,5 @@ public class Jwt
public string Audience { get; set; } = null!;
public string Issuer { get; set; } = null!;
public double ValidityInMinutes { get; set; }
public double RefreshTokenValidityInDays { get; set; }
}

3
Server/appsettings.Development.json
View File

@ -12,6 +12,7 @@
"Key": "Secret which will never be exposed",
"Audience": "Application URL",
"Issuer": "Application URL",
"ValidityInMinutes": 1
"ValidityInMinutes": 1,
"RefreshTokenValidityInDays": 10
}
}

3
Server/appsettings.json
View File

@ -13,6 +13,7 @@
"Key": "Secret which will never be exposed",
"Audience": "Application URL",
"Issuer": "Application URL",
"ValidityInMinutes": 1
"ValidityInMinutes": 1,
"RefreshTokenValidityInDays": 10
}
}

6
SharedModels/Requests/RevokeRefreshTokenRequest.cs Normal file
View File

@ -0,0 +1,6 @@
namespace SharedModels.Requests;
public class RevokeRefreshTokenRequest
{
public string? Token { get; set; }
}

3
SharedModels/Responses/AuthenticationResponse.cs
View File

@ -10,4 +10,7 @@ public class AuthenticationResponse
public string Email { get; set; } = null!;
public List<string> Roles { get; set; } = null!;
public string Token { get; set; } = null!;
[JsonIgnore]
public string RefreshToken { get; set; } = null!;
public DateTime RefreshTokenExpiration { get; set; }
}