AZEN-SGG/Kavita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Last Release before Release Testing (#2017)

Browse source 
* Attempting to invalidate JWT on login (when locked out), but can't figure a way to get a JWT, since we don't store them.

Just committing as I'm going to remove the middleware, this is not worth the performance and complexity.

* Removed some security stuff that didn't line up.

* Dropping Token Expiration down to 2 days to test during release testing.
This commit is contained in:
Joe Milazzo 2023-05-28 09:07:05 -05:00 committed by GitHub
parent 3eeb131985
commit 5a95911483
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 88 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
API/Services/TokenService.cs
View file

@ -23,6 +23,7 @@ public interface ITokenService
Task<string> CreateToken(AppUser user);
Task<TokenRequestDto?> ValidateRefreshToken(TokenRequestDto request);
Task<string> CreateRefreshToken(AppUser user);
Task<string> GetJwtFromUser(AppUser user);
}
@ -59,7 +60,7 @@ public class TokenService : ITokenService
var tokenDescriptor = new SecurityTokenDescriptor()
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.UtcNow.AddDays(14),
Expires = DateTime.UtcNow.AddDays(2),
SigningCredentials = credentials
};
@ -124,4 +125,11 @@ public class TokenService : ITokenService
return null;
}
}
public async Task<string> GetJwtFromUser(AppUser user)
{
var userClaims = await _userManager.GetClaimsAsync(user);
var jwtClaim = userClaims.FirstOrDefault(claim => claim.Type == "jwt");
return jwtClaim?.Value;
}
}