More Fixes from Recent PRs (#1995)

* Added extra debugging for logout issue * Fixed the null issue with ISBN * Allow web links to be cleared out * More logging on refresh token * More key fallback when building Table of Contents * Added better fallback implementation for building table of contents based on the many different ways epubs are packed and referenced. * Updated dependencies * Fixed up refresh token refresh which was invalidating sessions for no reason. Added it to update last active time as well.
2023-05-15 12:53:43 -05:00 · 2023-05-15 12:53:43 -05:00 · 2ce4ddcaa4
commit 2ce4ddcaa4
parent 95df0a0825
9 changed files with 104 additions and 31 deletions
--- a/API/Services/TokenService.cs
+++ b/API/Services/TokenService.cs
@ -5,10 +5,12 @@ using System.Linq;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
+using API.Data;
 using API.DTOs.Account;
 using API.Entities;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Tokens;
 using static System.Security.Claims.ClaimTypes;
 using JwtRegisteredClaimNames = Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames;
@ -27,13 +29,17 @@ public interface ITokenService
 public class TokenService : ITokenService
 {
    private readonly UserManager<AppUser> _userManager;
+    private readonly ILogger<TokenService> _logger;
+    private readonly IUnitOfWork _unitOfWork;
    private readonly SymmetricSecurityKey _key;
    private const string RefreshTokenName = "RefreshToken";

-    public TokenService(IConfiguration config, UserManager<AppUser> userManager)
+    public TokenService(IConfiguration config, UserManager<AppUser> userManager, ILogger<TokenService> logger, IUnitOfWork unitOfWork)
    {

        _userManager = userManager;
+        _logger = logger;
+        _unitOfWork = unitOfWork;
        _key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["TokenKey"] ?? string.Empty));
    }

@ -78,12 +84,28 @@ public class TokenService : ITokenService
            var tokenHandler = new JwtSecurityTokenHandler();
            var tokenContent = tokenHandler.ReadJwtToken(request.Token);
            var username = tokenContent.Claims.FirstOrDefault(q => q.Type == JwtRegisteredClaimNames.Name)?.Value;
-            if (string.IsNullOrEmpty(username)) return null;
+            if (string.IsNullOrEmpty(username))
+            {
+                _logger.LogDebug("[RefreshToken] failed to validate due to not finding user in RefreshToken");
+                return null;
+            }
            var user = await _userManager.FindByNameAsync(username);
-            if (user == null) return null; // This forces a logout
+            if (user == null)
+            {
+                _logger.LogDebug("[RefreshToken] failed to validate due to not finding user in DB");
+                return null;
+            }
+
            var validated = await _userManager.VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, RefreshTokenName, request.RefreshToken);
-            if (!validated) return null;
-            await _userManager.UpdateSecurityStampAsync(user);
+            if (!validated)
+            {
+
+                _logger.LogDebug("[RefreshToken] failed to validate due to invalid refresh token");
+                return null;
+            }
+
+            user.UpdateLastActive();
+            await _unitOfWork.CommitAsync();

            return new TokenRequestDto()
            {
@ -93,11 +115,13 @@ public class TokenService : ITokenService
        } catch (SecurityTokenExpiredException ex)
        {
            // Handle expired token
+            _logger.LogError(ex, "Failed to validate refresh token");
            return null;
        }
        catch (Exception ex)
        {
            // Handle other exceptions
+            _logger.LogError(ex, "Failed to validate refresh token");
            return null;
        }
    }