v0.7.3 - The Quality of Life Update (#2036)

* Version bump * Okay this should be the last (#2037) * Fixed improper date visualization for reading list detail page. * Correct not-read badge position (#2034) --------- Co-authored-by: Andre Smith <Hobogrammer@users.noreply.github.com> * Bump versions by dotnet-bump-version. * Merged develop in --------- Co-authored-by: Andre Smith <Hobogrammer@users.noreply.github.com>
2023-06-07 07:55:53 -05:00 · 2023-06-07 07:55:53 -05:00 · 1b3866568f
commit 1b3866568f
parent 51e23b7eca
235 changed files with 14827 additions and 21948 deletions
--- a/API/Services/TokenService.cs
+++ b/API/Services/TokenService.cs
@ -5,10 +5,12 @@ using System.Linq;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
+using API.Data;
 using API.DTOs.Account;
 using API.Entities;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Tokens;
 using static System.Security.Claims.ClaimTypes;
 using JwtRegisteredClaimNames = Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames;
@ -21,19 +23,24 @@ public interface ITokenService
    Task<string> CreateToken(AppUser user);
    Task<TokenRequestDto?> ValidateRefreshToken(TokenRequestDto request);
    Task<string> CreateRefreshToken(AppUser user);
+    Task<string> GetJwtFromUser(AppUser user);
 }


 public class TokenService : ITokenService
 {
    private readonly UserManager<AppUser> _userManager;
+    private readonly ILogger<TokenService> _logger;
+    private readonly IUnitOfWork _unitOfWork;
    private readonly SymmetricSecurityKey _key;
    private const string RefreshTokenName = "RefreshToken";

-    public TokenService(IConfiguration config, UserManager<AppUser> userManager)
+    public TokenService(IConfiguration config, UserManager<AppUser> userManager, ILogger<TokenService> logger, IUnitOfWork unitOfWork)
    {

        _userManager = userManager;
+        _logger = logger;
+        _unitOfWork = unitOfWork;
        _key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["TokenKey"] ?? string.Empty));
    }

@ -49,13 +56,12 @@ public class TokenService : ITokenService

        claims.AddRange(roles.Select(role => new Claim(Role, role)));

-        var creds = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature);
-
+        var credentials = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature);
        var tokenDescriptor = new SecurityTokenDescriptor()
        {
            Subject = new ClaimsIdentity(claims),
-            Expires = DateTime.UtcNow.AddDays(14),
-            SigningCredentials = creds
+            Expires = DateTime.UtcNow.AddDays(2),
+            SigningCredentials = credentials
        };

        var tokenHandler = new JwtSecurityTokenHandler();
@ -78,28 +84,52 @@ public class TokenService : ITokenService
        {
            var tokenHandler = new JwtSecurityTokenHandler();
            var tokenContent = tokenHandler.ReadJwtToken(request.Token);
-            var username = tokenContent.Claims.FirstOrDefault(q => q.Type == JwtRegisteredClaimNames.NameId)?.Value;
-            if (string.IsNullOrEmpty(username)) return null;
-            var user = await _userManager.FindByIdAsync(username);
-            if (user == null) return null; // This forces a logout
+            var username = tokenContent.Claims.FirstOrDefault(q => q.Type == JwtRegisteredClaimNames.Name)?.Value;
+            if (string.IsNullOrEmpty(username))
+            {
+                _logger.LogDebug("[RefreshToken] failed to validate due to not finding user in RefreshToken");
+                return null;
+            }
+            var user = await _userManager.FindByNameAsync(username);
+            if (user == null)
+            {
+                _logger.LogDebug("[RefreshToken] failed to validate due to not finding user in DB");
+                return null;
+            }
+
            var validated = await _userManager.VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, RefreshTokenName, request.RefreshToken);
-            if (!validated) return null;
-            await _userManager.UpdateSecurityStampAsync(user);
+            if (!validated && tokenContent.ValidTo <= DateTime.UtcNow.Add(TimeSpan.FromHours(1)))
+            {
+                _logger.LogDebug("[RefreshToken] failed to validate due to invalid refresh token");
+                return null;
+            }
+
+            user.UpdateLastActive();
+            await _unitOfWork.CommitAsync();

            return new TokenRequestDto()
            {
                Token = await CreateToken(user),
                RefreshToken = await CreateRefreshToken(user)
            };
-        } catch (SecurityTokenExpiredException)
+        } catch (SecurityTokenExpiredException ex)
        {
            // Handle expired token
+            _logger.LogError(ex, "Failed to validate refresh token");
            return null;
        }
-        catch (Exception)
+        catch (Exception ex)
        {
            // Handle other exceptions
+            _logger.LogError(ex, "Failed to validate refresh token");
            return null;
        }
    }
+
+    public async Task<string> GetJwtFromUser(AppUser user)
+    {
+        var userClaims = await _userManager.GetClaimsAsync(user);
+        var jwtClaim = userClaims.FirstOrDefault(claim => claim.Type == "jwt");
+        return jwtClaim?.Value;
+    }
 }