Neca
/
HRCenter
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 プルリクエスト 1 リリース 0 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
13 コミット
45 ブランチ
ツリー: 077a2b7318
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'077a2b7318' から
${ noResults }
HRCenter/Diligent.WebAPI.Business/Services/UserService.cs

UserService.cs 11KB
Raw Blame 履歴

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291 
  1. 

  2. namespace Diligent.WebAPI.Business.Services

  3. {

  4. 

  5.     public class UserService : IUserService

  6.     {

  7.         private readonly AuthorizationSettings _authSettings;

  8.         private readonly UserManager<User> _userManager;

  9.         private readonly IMapper _mapper;

  10.         private readonly DatabaseContext _databaseContext;

  11. 

  12.         public UserService(IOptions<AuthorizationSettings> authSettings, UserManager<User> userManager, IMapper mapper, DatabaseContext databaseContext)

  13.         {

  14.             _authSettings = authSettings.Value;

  15.             _userManager = userManager;

  16.             _mapper = mapper;

  17.             _databaseContext = databaseContext;

  18.         }

  19. 

  20.         public async Task<IEnumerable<User?>> GetAll() =>

  21.             await _userManager.Users.ToListAsync();

  22. 

  23.         public async Task<User?> GetById(int id) =>

  24.             await _userManager.FindByIdAsync(id.ToString());

  25. 

  26.         public async Task CreateUser(CreateUserRequestDto model)

  27.         {

  28.             var user = _mapper.Map<User>(model);

  29. 

  30.             await _userManager.CreateAsync(user, model.Password);

  31.         }

  32. 

  33.         public async Task<ServiceResponseDTO<AuthenticateResponseDto>> Authenticate(AuthenticateRequestDto model)

  34.         {

  35.             var user = await _userManager.FindByNameAsync(model.Username);

  36. 

  37.             // return null if user not found

  38.             if (user == null)

  39.             {

  40.                 return new ServiceResponseDTO<AuthenticateResponseDto>

  41.                 {

  42.                     IsError = true,

  43.                     ErrorMessage = "Username is not valid"

  44.                 };

  45.             }

  46. 

  47.             var isLocked = await _userManager.IsLockedOutAsync(user);

  48. 

  49.             if (isLocked)

  50.                 return new ServiceResponseDTO<AuthenticateResponseDto>

  51.                 {

  52.                     IsError = true,

  53.                     ErrorMessage = "The account is locked out"

  54.                 };

  55.                

  56. 

  57.             var result = await _userManager.CheckPasswordAsync(user, model.Password);

  58. 

  59.             // password is not correct

  60.             if (!result)

  61.             {

  62.                 await _userManager.AccessFailedAsync(user);

  63.                 isLocked = await _userManager.IsLockedOutAsync(user);

  64.                 

  65.                 if(isLocked)

  66.                     return new ServiceResponseDTO<AuthenticateResponseDto>

  67.                     {

  68.                         IsError = true,

  69.                         ErrorMessage = "The account is locked out"

  70.                     };

  71. 

  72.                 return new ServiceResponseDTO<AuthenticateResponseDto>

  73.                 {

  74.                     IsError = true,

  75.                     ErrorMessage = "Password is not correct"

  76.                 };

  77.             }

  78. 

  79.             // authentication successful so generate jwt token

  80.             var token = await GenerateJwtToken(user, true);

  81. 

  82.             var data = new AuthenticateResponseDto

  83.             {

  84.                 Id = user.Id,

  85.                 Username = user.UserName,

  86.                 FirstName = user.FirstName,

  87.                 LastName = user.LastName,

  88.                 Token = token,

  89.                 RefreshToken = token

  90.             };

  91. 

  92.             return new ServiceResponseDTO<AuthenticateResponseDto>

  93.             {

  94.                 Data = data

  95.             };

  96.         }

  97. 

  98.         private async Task<string> GenerateJwtToken(User user, bool authenticate = false)

  99.         {

  100.             // generate token that is valid for 7 days

  101.             var tokenHandler = new JwtSecurityTokenHandler();

  102.             var key = Encoding.ASCII.GetBytes(_authSettings.Secret);

  103.             var tokenDescriptor = new SecurityTokenDescriptor

  104.             {

  105.                 Subject = new ClaimsIdentity(new[] {

  106.                     new Claim(JwtRegisteredClaimNames.Jti, user.Id.ToString()),

  107.                     new Claim("id", user.Id.ToString())

  108.                 }),

  109.                 Expires = DateTime.UtcNow.AddSeconds(_authSettings.JwtExpiredTime),

  110.                 SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)

  111.             };

  112.             var token = tokenHandler.CreateToken(tokenDescriptor);

  113. 

  114.             var writedToken = tokenHandler.WriteToken(token);

  115. 

  116.             var refreshToken = new RefreshToken

  117.             {

  118.                 Token = writedToken,

  119.                 JwtId = user.Id.ToString(),

  120.                 UserId = user.Id,

  121.                 User = user,

  122.                 CreationDate = DateTime.UtcNow,

  123.                 ExpiryDate = DateTime.UtcNow.AddMinutes(_authSettings.JwtRefreshExpiredTime)

  124.             };

  125. 

  126.             var existRefreshToken = await _databaseContext.RefreshTokens.Where(x => x.Id == user.Id).FirstOrDefaultAsync();

  127. 

  128.             if(existRefreshToken != null)

  129.             {

  130.                 existRefreshToken.Token = writedToken;

  131.                 existRefreshToken.JwtId = token.Id;

  132.                 existRefreshToken.CreationDate = DateTime.UtcNow;

  133.                 existRefreshToken.ExpiryDate = DateTime.UtcNow.AddMinutes(_authSettings.JwtRefreshExpiredTime);

  134. 

  135.                 if (authenticate)

  136.                 {

  137.                     existRefreshToken.Used = false;

  138.                     existRefreshToken.Invalidated = false;

  139.                 }

  140. 

  141.                 //_databaseContext.RefreshTokens.Update(existRefreshToken);

  142.                 await UpdateRefreshToken(existRefreshToken);

  143.             }

  144.             else

  145.             {

  146.                 await _databaseContext.RefreshTokens.AddAsync(refreshToken);

  147.             }

  148. 

  149.             await _databaseContext.SaveChangesAsync();

  150. 

  151.             return writedToken;

  152.         }

  153. 

  154.         public async Task<RefreshTokenResultDto> RefreshTokenAsync(RefreshTokenRequestDto model)

  155.         {

  156.             var validatedToken = GetPrincipalFromToken(model.Token);

  157. 

  158.             if (validatedToken == null)

  159.             {

  160.                 return new RefreshTokenResultDto { Error = "Invalid token" };

  161.             }

  162. 

  163.             var jti = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value;

  164. 

  165.             var storedRefreshToken = await _databaseContext.RefreshTokens.SingleOrDefaultAsync(x => x.JwtId == jti);

  166. 

  167.             if (storedRefreshToken == null)

  168.             {

  169.                 return new RefreshTokenResultDto { Error = "This refresh token does not exist" };

  170.             }

  171. 

  172.             var userk = await _databaseContext.Users.Where(u => u.Id == storedRefreshToken.UserId).FirstOrDefaultAsync();

  173. 

  174.             if(userk == null)

  175.             {

  176.                 return new RefreshTokenResultDto { Error = "There is no user which is associated with refresh token" };

  177.             }

  178. 

  179.             var expiryDateUnix = long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value);

  180. 

  181.             var expiryDateTimeUtc = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)

  182.                 .AddMinutes(expiryDateUnix);

  183. 

  184.             if (expiryDateTimeUtc < DateTime.UtcNow)

  185.             {

  186.                 storedRefreshToken.ExpiryDate = DateTime.UtcNow.AddMinutes(_authSettings.JwtRefreshExpiredTime);

  187.                 await _databaseContext.SaveChangesAsync();

  188.                 return new RefreshTokenResultDto

  189.                 {

  190.                     Data = new AuthenticateResponseDto

  191.                     {

  192.                         Id = userk.Id,

  193.                         FirstName = userk.FirstName,

  194.                         LastName = userk.LastName,

  195.                         Username = userk.UserName,

  196.                         Token = model.Token,

  197.                         RefreshToken = model.RefreshToken

  198.                     }

  199.                 };

  200.             }

  201. 

  202.             if (DateTime.UtcNow > storedRefreshToken.ExpiryDate)

  203.             {

  204.                 return new RefreshTokenResultDto { Error = "This refresh token has expired" };

  205.             }

  206. 

  207.             if (storedRefreshToken.Invalidated)

  208.             {

  209.                 return new RefreshTokenResultDto { Error = "This refresh token has been invalidated" };

  210.             }

  211. 

  212.             if (storedRefreshToken.JwtId != jti)

  213.             {

  214.                 return new RefreshTokenResultDto { Error = "This refresh token does not match this JWT" };

  215.             }

  216. 

  217.             storedRefreshToken.ExpiryDate = DateTime.UtcNow.AddMinutes(_authSettings.JwtRefreshExpiredTime);

  218. 

  219.             await _databaseContext.SaveChangesAsync();

  220. 

  221.             var user = await _userManager.FindByIdAsync(validatedToken.Claims.Single(x => x.Type == "id").Value);

  222. 

  223.             var token =  await GenerateJwtToken(user);

  224. 

  225.             return new RefreshTokenResultDto

  226.             {

  227.                 Data = new AuthenticateResponseDto

  228.                 {

  229.                     Id = userk.Id,

  230.                     FirstName = userk.FirstName,

  231.                     LastName = userk.LastName,

  232.                     Username = userk.UserName,

  233.                     Token = model.Token,

  234.                     RefreshToken = model.RefreshToken

  235.                 }

  236.             };

  237.         }

  238. 

  239.         private ClaimsPrincipal? GetPrincipalFromToken(string token)

  240.         {

  241.             var tokenHandler = new JwtSecurityTokenHandler();

  242. 

  243.             var key = Encoding.ASCII.GetBytes(_authSettings.Secret);

  244.             var tokenValidationParameters = new TokenValidationParameters

  245.             {

  246.                 ValidateIssuerSigningKey = true,

  247.                 IssuerSigningKey = new SymmetricSecurityKey(key),

  248.                 ValidateIssuer = false,

  249.                 ValidateAudience = false,

  250.                 RequireExpirationTime = false,

  251.                 ValidateLifetime = true,

  252.                 // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)

  253.                 //ClockSkew = TimeSpan.Zero

  254.             };

  255. 

  256.             try

  257.             {

  258.                 var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out var validatedToken);

  259.                 if (!IsJwtWithValidSecurityAlgorithm(validatedToken))

  260.                 {

  261.                     return null;

  262.                 }

  263. 

  264.                 return principal;

  265.             }

  266.             catch (Exception)

  267.             {

  268.                 return null;

  269.             }

  270.         }

  271. 

  272.         private static bool IsJwtWithValidSecurityAlgorithm(SecurityToken validatedToken)

  273.         {

  274.             return (validatedToken is JwtSecurityToken jwtSecurityToken) &&

  275.                 jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256,

  276.                     StringComparison.InvariantCultureIgnoreCase);

  277.         }

  278. 

  279.         public async Task<RefreshToken?> GetRefreshTokenByUserId(int userId)

  280.         {

  281.             return await _databaseContext.RefreshTokens.Where(x => x.UserId == userId).FirstOrDefaultAsync();

  282.         }

  283. 

  284.         public async Task UpdateRefreshToken(RefreshToken refreshToken)

  285.         {

  286.             _databaseContext.RefreshTokens.Update(refreshToken);

  287. 

  288.             await _databaseContext.SaveChangesAsync();

  289.         }

  290.     }

  291. }