diff --git a/coffeecard/CoffeeCard.Library/Migrations/20241001160733_AddTokenProperties.Designer.cs b/coffeecard/CoffeeCard.Library/Migrations/20241022153731_AddTokenProperties.Designer.cs
similarity index 99%
rename from coffeecard/CoffeeCard.Library/Migrations/20241001160733_AddTokenProperties.Designer.cs
rename to coffeecard/CoffeeCard.Library/Migrations/20241022153731_AddTokenProperties.Designer.cs
index 749c3140..e6e5f7e1 100644
--- a/coffeecard/CoffeeCard.Library/Migrations/20241001160733_AddTokenProperties.Designer.cs
+++ b/coffeecard/CoffeeCard.Library/Migrations/20241022153731_AddTokenProperties.Designer.cs
@@ -12,7 +12,7 @@
namespace CoffeeCard.Library.Migrations
{
[DbContext(typeof(CoffeeCardContext))]
- [Migration("20241001160733_AddTokenProperties")]
+ [Migration("20241022153731_AddTokenProperties")]
partial class AddTokenProperties
{
///
@@ -312,9 +312,6 @@ protected override void BuildTargetModel(ModelBuilder modelBuilder)
b.Property("Expires")
.HasColumnType("datetime2");
- b.Property("PreviousTokenId")
- .HasColumnType("int");
-
b.Property("Revoked")
.HasColumnType("bit");
diff --git a/coffeecard/CoffeeCard.Library/Migrations/20241001160733_AddTokenProperties.cs b/coffeecard/CoffeeCard.Library/Migrations/20241022153731_AddTokenProperties.cs
similarity index 82%
rename from coffeecard/CoffeeCard.Library/Migrations/20241001160733_AddTokenProperties.cs
rename to coffeecard/CoffeeCard.Library/Migrations/20241022153731_AddTokenProperties.cs
index 4003e7b0..86117337 100644
--- a/coffeecard/CoffeeCard.Library/Migrations/20241001160733_AddTokenProperties.cs
+++ b/coffeecard/CoffeeCard.Library/Migrations/20241022153731_AddTokenProperties.cs
@@ -19,13 +19,6 @@ protected override void Up(MigrationBuilder migrationBuilder)
nullable: false,
defaultValue: new DateTime(1, 1, 1, 0, 0, 0, 0, DateTimeKind.Unspecified));
- migrationBuilder.AddColumn(
- name: "PreviousTokenId",
- schema: "dbo",
- table: "Tokens",
- type: "int",
- nullable: true);
-
migrationBuilder.AddColumn(
name: "Revoked",
schema: "dbo",
@@ -51,11 +44,6 @@ protected override void Down(MigrationBuilder migrationBuilder)
schema: "dbo",
table: "Tokens");
- migrationBuilder.DropColumn(
- name: "PreviousTokenId",
- schema: "dbo",
- table: "Tokens");
-
migrationBuilder.DropColumn(
name: "Revoked",
schema: "dbo",
diff --git a/coffeecard/CoffeeCard.Library/Migrations/CoffeeCardContextModelSnapshot.cs b/coffeecard/CoffeeCard.Library/Migrations/CoffeeCardContextModelSnapshot.cs
index 0e0765ca..eb9d19d7 100644
--- a/coffeecard/CoffeeCard.Library/Migrations/CoffeeCardContextModelSnapshot.cs
+++ b/coffeecard/CoffeeCard.Library/Migrations/CoffeeCardContextModelSnapshot.cs
@@ -312,9 +312,6 @@ protected override void BuildModel(ModelBuilder modelBuilder)
b.Property("Expires")
.HasColumnType("datetime2");
- b.Property("PreviousTokenId")
- .HasColumnType("int");
-
b.Property("Revoked")
.HasColumnType("bit");
diff --git a/coffeecard/CoffeeCard.Library/Services/v2/AccountService.cs b/coffeecard/CoffeeCard.Library/Services/v2/AccountService.cs
index 31015704..7b0b7e5c 100644
--- a/coffeecard/CoffeeCard.Library/Services/v2/AccountService.cs
+++ b/coffeecard/CoffeeCard.Library/Services/v2/AccountService.cs
@@ -320,11 +320,8 @@ public async Task SendMagicLinkEmail(string email, LoginType loginType)
public async Task LoginByMagicLink(string token)
{
// Validate token in DB
- var foundToken = await GetTokenByMagicLink(token);
- if (foundToken.Revoked)
- {
- throw new ApiException("Token already used", 401);
- }
+ var foundToken = await _tokenServiceV2.GetValidTokenByHashAsync(token);
+
// Invalidate token in DB
foundToken.Revoked = true;
await _context.SaveChangesAsync();
@@ -347,12 +344,8 @@ public async Task LoginByMagicLink(string token)
public async Task RefreshToken(string token)
{
- var foundToken = await GetRefreshToken(token);
- if (foundToken.Revoked)
- {
- await InvalidateTokenChain(foundToken.Id);
- throw new ApiException("Token already used", 401);
- }
+ var foundToken = await _tokenServiceV2.GetValidTokenByHashAsync(token);
+
// Invalidate token in DB
foundToken.Revoked = true;
await _context.SaveChangesAsync();
@@ -372,42 +365,5 @@ public async Task RefreshToken(string token)
return new UserLoginResponse() { Jwt = jwt, RefreshToken = refreshToken };
}
-
- private async Task GetRefreshToken(string token)
- {
- var foundToken = await _context.Tokens
- .Include(t => t.User)
- .FirstOrDefaultAsync(t => t.TokenHash == token);
- if (foundToken?.User == null)
- {
- throw new ApiException("Invalid token", 401);
- }
-
- return foundToken;
- }
-
- private async Task GetTokenByMagicLink(string token)
- {
- var foundToken = await _context.Tokens
- .Include(t => t.User)
- .FirstOrDefaultAsync(t => t.TokenHash == token);
- if (foundToken?.User == null)
- {
- throw new ApiException("Invalid token", 401);
- }
-
- return foundToken;
- }
-
- private async Task InvalidateTokenChain(int tokenId)
- {
- // todo: invalidate all from user instead of recursion
- var newerToken = _context.Tokens.FirstOrDefault(t => t.PreviousTokenId == tokenId);
- if (newerToken != null)
- {
- newerToken.Revoked = true;
- await InvalidateTokenChain(newerToken.Id);
- }
- }
}
}
diff --git a/coffeecard/CoffeeCard.Library/Services/v2/ITokenService.cs b/coffeecard/CoffeeCard.Library/Services/v2/ITokenService.cs
index be91cb0a..dec5f858 100644
--- a/coffeecard/CoffeeCard.Library/Services/v2/ITokenService.cs
+++ b/coffeecard/CoffeeCard.Library/Services/v2/ITokenService.cs
@@ -8,5 +8,6 @@ public interface ITokenService
string GenerateMagicLink(User user);
Task GenerateRefreshTokenAsync(User user);
Task ValidateTokenAsync(string token);
+ Task GetValidTokenByHashAsync(string tokenHash);
}
}
\ No newline at end of file
diff --git a/coffeecard/CoffeeCard.Library/Services/v2/TokenService.cs b/coffeecard/CoffeeCard.Library/Services/v2/TokenService.cs
index b9e674d1..23ff00a7 100644
--- a/coffeecard/CoffeeCard.Library/Services/v2/TokenService.cs
+++ b/coffeecard/CoffeeCard.Library/Services/v2/TokenService.cs
@@ -32,7 +32,7 @@ public string GenerateMagicLink(User user)
public async Task GenerateRefreshTokenAsync(User user)
{
var refreshToken = Guid.NewGuid().ToString();
- _context.Tokens.Add(new Token(refreshToken, TokenType.Refresh));
+ _context.Tokens.Add(new Token(refreshToken, TokenType.Refresh) { User = user });
await _context.SaveChangesAsync();
return refreshToken;
}
@@ -42,9 +42,34 @@ public async Task ValidateTokenAsync(string refreshToken)
var token = await _context.Tokens.FirstOrDefaultAsync(t => t.TokenHash == refreshToken);
if (token.Revoked)
{
- // TODO: Invalidate chain of tokens
+ await InvalidateRefreshTokensForUser(token.User);
throw new ApiException("Refresh token is already used", 401);
}
throw new NotImplementedException();
}
+
+ public async Task GetValidTokenByHashAsync(string tokenHash)
+ {
+ var foundToken = await _context.Tokens.Include(t => t.User).FirstOrDefaultAsync(t => t.TokenHash == tokenHash);
+ if (foundToken == null || foundToken.Revoked || foundToken.Expired())
+ {
+ await InvalidateRefreshTokensForUser(foundToken?.User);
+ throw new ApiException("Invalid token", 401);
+ }
+ return foundToken;
+ }
+
+ private async Task InvalidateRefreshTokensForUser(User user)
+ {
+ if (user is null) return;
+
+ var tokens = _context.Tokens.Where(t => t.UserId == user.Id && t.Type == TokenType.Refresh);
+
+ _context.Tokens.UpdateRange(tokens);
+ foreach (var token in tokens)
+ {
+ token.Revoked = true;
+ }
+ await _context.SaveChangesAsync();
+ }
}
\ No newline at end of file
diff --git a/coffeecard/CoffeeCard.Models/Entities/Token.cs b/coffeecard/CoffeeCard.Models/Entities/Token.cs
index 08f627ed..15878c44 100644
--- a/coffeecard/CoffeeCard.Models/Entities/Token.cs
+++ b/coffeecard/CoffeeCard.Models/Entities/Token.cs
@@ -20,8 +20,6 @@ public class Token(string tokenHash, TokenType type)
public bool Revoked { get; set; } = false;
- public int? PreviousTokenId { get; set; }
-
public override bool Equals(object? obj)
{
if (obj is Token newToken) return TokenHash.Equals(newToken.TokenHash);
@@ -32,5 +30,10 @@ public override int GetHashCode()
{
return HashCode.Combine(Id, TokenHash, User);
}
+
+ public bool Expired()
+ {
+ return DateTime.UtcNow > Expires;
+ }
}
}
\ No newline at end of file
diff --git a/coffeecard/CoffeeCard.WebApi/Controllers/v2/AccountController.cs b/coffeecard/CoffeeCard.WebApi/Controllers/v2/AccountController.cs
index 768ffad4..ba5b6fdc 100644
--- a/coffeecard/CoffeeCard.WebApi/Controllers/v2/AccountController.cs
+++ b/coffeecard/CoffeeCard.WebApi/Controllers/v2/AccountController.cs
@@ -258,12 +258,23 @@ public async Task> AuthToken([FromRoute] string
[HttpPost]
[AuthorizeRoles(UserGroup.Customer, UserGroup.Barista, UserGroup.Manager, UserGroup.Board)]
- [Route("auth/refresh")]
- public async Task> Refresh()
+ [Route("auth/refresh/loginType={loginType}")]
+ public async Task> Refresh([FromRoute] LoginType loginType, string refreshToken = null)
{
- var refreshToken = HttpContext.Request.Cookies.FirstOrDefault(c => c.Key == "refreshToken").Value;
+ switch (loginType)
+ {
+ case LoginType.App:
+ if (refreshToken is null) return NotFound(new MessageResponseDto { Message = "Refresh token required for app refresh." });
+ break;
+ case LoginType.Shifty:
+ refreshToken = HttpContext.Request.Cookies.FirstOrDefault(c => c.Key == "refreshToken").Value;
+ break;
+ default:
+ return NotFound(new MessageResponseDto { Message = "Cannot determine application to login." });
+ }
+
var token = await _accountService.RefreshToken(refreshToken);
- return Ok(token);
+ return Tokenize(loginType, token);
}
private ActionResult Tokenize(LoginType loginType, UserLoginResponse token)