Neca
/
HRCenter
Прати 1
Волим 0
Креирај огранак 0
Код Дискусије 0 Захтеви за спајање 1 Издања 0 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Комити
45 Гране
Дрво: 0932d566e2
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from '0932d566e2'
${ noResults }
HRCenter/Diligent.WebAPI.Business/Services/UserService.cs

UserService.cs 10KB
Датотека Blame Историја

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283 
  1. 

  2. namespace Diligent.WebAPI.Business.Services

  3. {

  4. 

  5.     public class UserService : IUserService

  6.     {

  7.         private readonly AuthorizationSettings _authSettings;

  8.         private readonly UserManager<User> _userManager;

  9.         private readonly IMapper _mapper;

  10.         private readonly DatabaseContext _databaseContext;

  11. 

  12.         public UserService(IOptions<AuthorizationSettings> authSettings, UserManager<User> userManager, IMapper mapper, DatabaseContext databaseContext)

  13.         {

  14.             _authSettings = authSettings.Value;

  15.             _userManager = userManager;

  16.             _mapper = mapper;

  17.             _databaseContext = databaseContext;

  18.         }

  19. 

  20.         public async Task<IEnumerable<User?>> GetAll() =>

  21.             await _userManager.Users.ToListAsync();

  22. 

  23.         public async Task<User?> GetById(int id) =>

  24.             await _userManager.FindByIdAsync(id.ToString());

  25. 

  26.         public async Task CreateUser(CreateUserRequestDto model)

  27.         {

  28.             var user = _mapper.Map<User>(model);

  29. 

  30.             await _userManager.CreateAsync(user, model.Password);

  31.         }

  32. 

  33.         public async Task<ServiceResponseDTO<AuthenticateResponseDto>> Authenticate(AuthenticateRequestDto model)

  34.         {

  35.             var user = await _userManager.FindByNameAsync(model.Username);

  36. 

  37.             // return null if user not found

  38.             if (user == null)

  39.             {

  40.                 return new ServiceResponseDTO<AuthenticateResponseDto>

  41.                 {

  42.                     IsError = true,

  43.                     ErrorMessage = "Username is not valid"

  44.                 };

  45.             }

  46. 

  47.             var result = await _userManager.CheckPasswordAsync(user, model.Password);

  48. 

  49.             // password is not correct

  50.             if (!result)

  51.             {

  52.                 await _userManager.AccessFailedAsync(user);

  53. 

  54.                 return new ServiceResponseDTO<AuthenticateResponseDto>

  55.                 {

  56.                     IsError = true,

  57.                     ErrorMessage = "Password is not correct"

  58.                 };

  59.             }

  60. 

  61.             return await GenerateToken(user);

  62.         }

  63.         

  64.         public async Task<ServiceResponseDTO<AuthenticateResponseDto>> Authenticate(string email)

  65.         {

  66.             var user = await _userManager.FindByEmailAsync(email);

  67. 

  68.             // return null if user not found

  69.             if (user == null)

  70.             {

  71.                 return new ServiceResponseDTO<AuthenticateResponseDto>

  72.                 {

  73.                     IsError = true,

  74.                     ErrorMessage = $"User with email {email} does not exist in database"

  75.                 };

  76.             }

  77. 

  78.             return await GenerateToken(user);

  79.         }

  80. 

  81.         private async Task<ServiceResponseDTO<AuthenticateResponseDto>> GenerateToken(User user)

  82.         {

  83.             var isLocked = await _userManager.IsLockedOutAsync(user);

  84. 

  85.             if (isLocked)

  86.                 return new ServiceResponseDTO<AuthenticateResponseDto>

  87.                 {

  88.                     IsError = true,

  89.                     ErrorMessage = "The account is locked out"

  90.                 };

  91. 

  92. 

  93. 

  94.             // authentication successful so generate jwt token

  95.             var token = await GenerateJwtToken(user, true);

  96. 

  97.             var data = new AuthenticateResponseDto

  98.             {

  99.                 Id = user.Id,

  100.                 Username = user.UserName,

  101.                 FirstName = user.FirstName,

  102.                 LastName = user.LastName,

  103.                 Token = token,

  104.                 RefreshToken = token

  105.             };

  106. 

  107.             return new ServiceResponseDTO<AuthenticateResponseDto>

  108.             {

  109.                 Data = data

  110.             };

  111.         }

  112. 

  113.         private async Task<string> GenerateJwtToken(User user, bool authenticate = false)

  114.         {

  115.             // generate token that is valid for 7 days

  116.             var tokenHandler = new JwtSecurityTokenHandler();

  117.             var key = Encoding.ASCII.GetBytes(_authSettings.Secret);

  118.             var tokenDescriptor = new SecurityTokenDescriptor

  119.             {

  120.                 Subject = new ClaimsIdentity(new[] {

  121.                     new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),

  122.                     new Claim("id", user.Id.ToString())

  123.                 }),

  124.                 Expires = DateTime.UtcNow.AddMinutes(_authSettings.JwtExpiredTime),

  125.                 SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)

  126.             };

  127.             var token = tokenHandler.CreateToken(tokenDescriptor);

  128. 

  129.             var writedToken = tokenHandler.WriteToken(token);

  130. 

  131.             var refreshToken = new RefreshToken

  132.             {

  133.                 Token = writedToken,

  134.                 JwtId = token.Id,

  135.                 UserId = user.Id,

  136.                 User = user,

  137.                 CreationDate = DateTime.UtcNow,

  138.                 ExpiryDate = DateTime.UtcNow.AddMinutes(_authSettings.JwtRefreshExpiredTime)

  139.             };

  140. 

  141.             var existRefreshToken = await _databaseContext.RefreshTokens.Where(x => x.Id == user.Id).FirstOrDefaultAsync();

  142. 

  143.             if(existRefreshToken != null)

  144.             {

  145.                 existRefreshToken.Token = writedToken;

  146.                 existRefreshToken.JwtId = token.Id;

  147.                 existRefreshToken.CreationDate = DateTime.UtcNow;

  148.                 existRefreshToken.ExpiryDate = DateTime.UtcNow.AddMinutes(_authSettings.JwtRefreshExpiredTime);

  149. 

  150.                 if (authenticate)

  151.                 {

  152.                     existRefreshToken.Used = false;

  153.                     existRefreshToken.Invalidated = false;

  154.                 }

  155. 

  156.                 //_databaseContext.RefreshTokens.Update(existRefreshToken);

  157.                 await UpdateRefreshToken(existRefreshToken);

  158.             }

  159.             else

  160.             {

  161.                 await _databaseContext.RefreshTokens.AddAsync(refreshToken);

  162.             }

  163. 

  164.             await _databaseContext.SaveChangesAsync();

  165. 

  166.             return writedToken;

  167.         }

  168. 

  169.         public async Task<RefreshTokenResultDto> RefreshTokenAsync(RefreshTokenRequestDto model)

  170.         {

  171.             var validatedToken = GetPrincipalFromToken(model.Token);

  172. 

  173.             if (validatedToken == null)

  174.             {

  175.                 return new RefreshTokenResultDto { Error = "Invalid token" };

  176.             }

  177. 

  178.             var expiryDateUnix = long.Parse(validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Exp).Value);

  179. 

  180.             var expiryDateTimeUtc = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)

  181.                 .AddSeconds(expiryDateUnix);

  182. 

  183.             if (expiryDateTimeUtc > DateTime.UtcNow)

  184.             {

  185.                 return new RefreshTokenResultDto { Error = "This token hasn't expired yet" };

  186.             }

  187. 

  188.             var jti = validatedToken.Claims.Single(x => x.Type == JwtRegisteredClaimNames.Jti).Value;

  189. 

  190.             var storedRefreshToken = await _databaseContext.RefreshTokens.SingleOrDefaultAsync(x => x.Token == model.RefreshToken);

  191. 

  192.             if (storedRefreshToken == null)

  193.             {

  194.                 return new RefreshTokenResultDto { Error = "This refresh token does not exist" };

  195.             }

  196. 

  197.             if (DateTime.UtcNow > storedRefreshToken.ExpiryDate)

  198.             {

  199.                 return new RefreshTokenResultDto { Error = "This refresh token has expired" };

  200.             }

  201. 

  202.             if (storedRefreshToken.Invalidated)

  203.             {

  204.                 return new RefreshTokenResultDto { Error = "This refresh token has been invalidated" };

  205.             }

  206. 

  207.             if (storedRefreshToken.Used)

  208.             {

  209.                 return new RefreshTokenResultDto { Error = "This refresh token has been used" };

  210.             }

  211. 

  212.             if (storedRefreshToken.JwtId != jti)

  213.             {

  214.                 return new RefreshTokenResultDto { Error = "This refresh token does not match this JWT" };

  215.             }

  216. 

  217.             storedRefreshToken.Used = true;

  218.             _databaseContext.RefreshTokens.Update(storedRefreshToken);

  219.             await _databaseContext.SaveChangesAsync();

  220. 

  221.             var user = await _userManager.FindByIdAsync(validatedToken.Claims.Single(x => x.Type == "id").Value);

  222. 

  223.             var token =  await GenerateJwtToken(user);

  224. 

  225.             return new RefreshTokenResultDto

  226.             {

  227.                 Token = token

  228.             };

  229.         }

  230. 

  231.         private ClaimsPrincipal GetPrincipalFromToken(string token)

  232.         {

  233.             var tokenHandler = new JwtSecurityTokenHandler();

  234. 

  235.             var key = Encoding.ASCII.GetBytes(_authSettings.Secret);

  236.             var tokenValidationParameters = new TokenValidationParameters

  237.             {

  238.                 ValidateIssuerSigningKey = true,

  239.                 IssuerSigningKey = new SymmetricSecurityKey(key),

  240.                 ValidateIssuer = false,

  241.                 ValidateAudience = false,

  242.                 RequireExpirationTime = false,

  243.                 ValidateLifetime = true,

  244.                 // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)

  245.                 //ClockSkew = TimeSpan.Zero

  246.             };

  247. 

  248.             try

  249.             {

  250.                 var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out var validatedToken);

  251.                 if (!IsJwtWithValidSecurityAlgorithm(validatedToken))

  252.                 {

  253.                     return null;

  254.                 }

  255. 

  256.                 return principal;

  257.             }

  258.             catch (Exception ex)

  259.             {

  260.                 return null;

  261.             }

  262.         }

  263. 

  264.         private bool IsJwtWithValidSecurityAlgorithm(SecurityToken validatedToken)

  265.         {

  266.             return (validatedToken is JwtSecurityToken jwtSecurityToken) &&

  267.                 jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256,

  268.                     StringComparison.InvariantCultureIgnoreCase);

  269.         }

  270. 

  271.         public async Task<RefreshToken?> GetRefreshTokenByUserId(int userId)

  272.         {

  273.             return await _databaseContext.RefreshTokens.Where(x => x.UserId == userId).FirstOrDefaultAsync();

  274.         }

  275. 

  276.         public async Task UpdateRefreshToken(RefreshToken refreshToken)

  277.         {

  278.             _databaseContext.RefreshTokens.Update(refreshToken);

  279. 

  280.             await _databaseContext.SaveChangesAsync();

  281.         }

  282.     }

  283. }