update refresh token

Author: Andrea-Perelli

jjodel-persistence/jjodel-persistence/Controllers/API/AccountController.cs

@@ -276,30 +276,24 @@ public async Task<IActionResult> Login([FromBody] LoginRequest loginRequest) {
 
                     var roles = await this._signInManager.UserManager.GetRolesAsync(user);
 
-                    List<Claim> claims = new List<Claim>();
-                    claims.Add(new Claim(ClaimTypes.Name, user.UserName));
-                    claims.Add(new Claim(ClaimTypes.Email, user.Email));
-                    claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id));
-                    claims.Add(new Claim("_Id", user._Id != null ? user._Id : "-"));
-                    foreach(var role in roles) {
-                        claims.Add(new Claim(ClaimTypes.Role, role));
+                    JwtSecurityToken token = this._authService.CreateJwtToken(user, roles.ToList());
+
+                    if(token == null) {
+                        _logger.LogWarning("Token creation failed for user: " + loginRequest.Email);
+                        return BadRequest();
                     }
 
-                    var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this._jwtSettings.SecurityKey));
-                    var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
-                    var expiry = DateTime.Now.AddMinutes(System.Convert.ToInt32(this._jwtSettings.ExpiresInMinutes));
-
-                    var token = new JwtSecurityToken(
-                        _jwtSettings.Issuer,
-                        _jwtSettings.Audience,
-                        claims,
-                        expires: expiry,
-                        signingCredentials: creds
-                    );
-
-                    response.Token = new JwtSecurityTokenHandler().WriteToken(token);
-                    response.Expires = expiry;
-                    return Ok(response);
+                    user.RefreshToken = AuthService.GenerateRefreshToken();
+                    user.RefreshTokenExpiryTime = DateTime.UtcNow.AddDays(this._jwtSettings.RefreshTokenValidityInDays);
+                    await _userManager.UpdateAsync(user);
+
+                    return Ok(
+                        new TokenResponse() {
+                            Token = new JwtSecurityTokenHandler().WriteToken(token),
+                            Expires = token.ValidTo,
+                            RefreshToken = user.RefreshToken,
+                            RefreshTokenExpiryTime = user.RefreshTokenExpiryTime
+                        });
                 }
                 return BadRequest();
             }
@@ -310,6 +304,46 @@ public async Task<IActionResult> Login([FromBody] LoginRequest loginRequest) {
             }
         }
 
+        [HttpPost]
+        [Route("refresh-token")]
+        public async Task<IActionResult> RefreshToken(RefreshTokenRequest request) {
+            try {
+                var principal = this._authService.GetPrincipalFromExpiredToken(request.Token);
+                if(principal == null) {
+                    return BadRequest();
+                }
+                string username = principal.Identity.Name;
+                ApplicationUser user = await _userManager.FindByNameAsync(username);
+
+                if(user == null || user.RefreshToken != request.RefreshToken || user.RefreshTokenExpiryTime <= DateTime.Now) {
+                    return BadRequest();
+                }
+                IList<string> roles = await _signInManager.UserManager.GetRolesAsync(user);
+
+                JwtSecurityToken token = this._authService.CreateJwtToken(user, roles.ToList());
+
+                if(token == null) {
+                    _logger.LogWarning("Token creation failed for user: " + username);
+                    return BadRequest();
+                }
+
+                user.RefreshToken = AuthService.GenerateRefreshToken();
+
+                await _userManager.UpdateAsync(user);
+
+                return Ok(new TokenResponse() {
+                    Token = new JwtSecurityTokenHandler().WriteToken(token),
+                    Expires = token.ValidTo,
+                    RefreshToken = user.RefreshToken,
+                    RefreshTokenExpiryTime = user.RefreshTokenExpiryTime
+                });
+            }
+            catch(Exception ex) {
+                _logger.LogError("Refresh token error: " + ex.Message);
+                return BadRequest();
+            }
+        }
+
         [AllowAnonymous]
         [HttpPost("register")]
         public async Task<IActionResult> Register([FromBody] RegisterRequest request) {
@@ -459,6 +493,28 @@ public async Task<IActionResult> ResetPasswordWithEmail([FromBody] ResetPassword
             }
         }
 
+        [Authorize(Roles = "Admin, User")]
+        [HttpPost]
+        [Route("[action]")]
+        public async Task<IActionResult> Revoke([FromBody] RevokeTokenRequest request) {
+            try {
+                ApplicationUser user = await _userManager.FindByNameAsync(request.UserName);
+                if(user == null) {
+                    return BadRequest();
+                }
+
+                user.RefreshToken = null;
+                await this._userManager.UpdateAsync(user);
+
+                return Ok();
+            }
+            catch(Exception ex) {
+                _logger.LogError($"Revoke token error for user {request.UserName}: " + ex.Message);
+                return BadRequest();
+            }
+        }
+
+
         [Authorize(Roles = "Admin, User")]
         [HttpPut]
         public async Task<IActionResult> Update([FromBody] UpdateUserRequest updateUserRequest) {

jjodel-persistence/jjodel-persistence/Controllers/API/ClientLogController.cs

@@ -35,7 +35,6 @@ public async Task<IActionResult> SaveUserError([FromBody] CreateClientLog create
             try {
                 if(ModelState.IsValid) {
                     ClientLog clientLog = Convert(createClientLog, await this._userManager.FindByNameAsync(User.Identity.Name));
-
 
                     if(await this._clientLogService.Add(clientLog)) {
                         return Ok();
@@ -56,15 +55,24 @@ public static ClientLog Convert(CreateClientLog createClientLog, ApplicationUser
                 Id = new Guid(),
                 User = applicationUser,
                 Level = createClientLog.Level,
-                Title = createClientLog.Title,
+                Url = createClientLog.Url,
                 Version = createClientLog.Version,
+                State = createClientLog.State,
                 Creation = createClientLog.Creation,
-                Message = createClientLog.Message,
-                StackTrace = createClientLog.StackTrace,
-                CompoStack = createClientLog.CompoStack,
-                ContextJson = createClientLog.ContextJson,
-                DState = createClientLog.DState,
-                TransientJson = createClientLog.TransientJson
+                Message = createClientLog.Error.Message,
+                Error = createClientLog.Error.Error,
+                CompoStack = createClientLog.CompoStack,    
+                ReactMsg = createClientLog.ReactMsg,
+                Browser = createClientLog.Browser.Browser,
+                BrowserMajorVersion = createClientLog.Browser.BrowserMajorVersion,
+                BrowserVersion = createClientLog.Browser.BrowserVersion,
+                Cookies = createClientLog.Browser.Cookies,
+                Mobile = createClientLog.Browser.Mobile,
+                Os = createClientLog.Browser.Os,
+                OsVersion = createClientLog.Browser.OsVersion,
+                Screen = createClientLog.Browser.Screen,
+                UserAgent = createClientLog.Browser.UserAgent,
+                
             };
             return clientLog;
         }   

jjodel-persistence/jjodel-persistence/Controllers/API/ProjectController.cs

@@ -124,6 +124,11 @@ public async Task<IActionResult> GetByJJodelId(string Id) {
                 // todo check permission to open project (public/private)
                 Project result = await this._projectService.GetByJJodelId(Id);
 
+                //todo: remove
+                result.Collaborators.Add(await this._userManager.FindByNameAsync(this.User.Identity.Name));
+                await this._projectService.Save();
+
+
                 if(result == null) {
                     return BadRequest();
                 }

jjodel-persistence/jjodel-persistence/Controllers/Web/AccountController.cs

@@ -176,6 +176,9 @@ public async Task<IActionResult> Login(LoginRequest loginRequest) {
 
                 var result = await _signInManager.PasswordSignInAsync(user, loginRequest.Password, false, false);
 
+                if(result == null || !result.Succeeded) {
+                    return View(loginRequest);
+                }
 
                 var roles = await _signInManager.UserManager.GetRolesAsync(user);
 

jjodel-persistence/jjodel-persistence/Controllers/Web/ClientLogController.cs

@@ -35,19 +35,35 @@ public ActionResult Index() {
         public async Task<ActionResult> List(string? type = "Error") {
 
             try {
+                // "Log", "Information", "Warning", "Error", "Exception", "DevError", "DevException")]
 
                 List<ClientLog> logs = new List<ClientLog>();
                 if(type == "All") {
                     logs = await this._analyticsService.GetAllAsync();
                 }
+                else if(type == "Information") {
+                    logs = await this._analyticsService.GetAllInformationAsync();
+
+                }
                 else if(type == "Warning") {
                     logs = await this._analyticsService.GetAllWarningAsync();
                 }
-                else if(type == "Information") {
-                    logs = await this._analyticsService.GetAllInformationAsync();
+                else if(type == "Error") {
+                    logs = await this._analyticsService.GetAllErrorAsync();
+                }
+                else if(type == "Exception") {
+                    logs = await this._analyticsService.GetAllExceptionAsync();
+
+                }
+                else if(type == "DevError") {
+                    logs = await this._analyticsService.GetAllDevErrorAsync();
 
                 }
-                logs = await this._analyticsService.GetAllErrorAsync();
+                else {
+                    // DevException
+
+                }
+
                 return PartialView("~/Views/Shared/UC_AnalyticsDevList.cshtml", logs);
 
             }