insert token ID into JWTs

Journaly-io · Oct 28, 2023 · 9d1915f · 9d1915f
1 parent 2a707d3
commit 9d1915f
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 17 deletions.
diff --git a/JournalyApiV2/Data/JournalyDbContext.cs b/JournalyApiV2/Data/JournalyDbContext.cs
@@ -34,7 +34,7 @@ public class JournalyDbContext : IdentityDbContext<JournalyUser>
     public DbSet<Data.Models.RecordType> RecordTypes { get; set; }
     public DbSet<MedicationInstance> MedicationInstances { get; set; }
     public DbSet<Data.Models.MedStatus> MedStatuses { get; set; }
-    public DbSet<RefreshToken> RefreshTokens { get; set; }
+    public DbSet<Data.Models.RefreshToken> RefreshTokens { get; set; }
 
     public JournalyDbContext(IConfiguration config)
     {

diff --git a/JournalyApiV2/Models/RefreshToken.cs b/JournalyApiV2/Models/RefreshToken.cs
@@ -0,0 +1,7 @@
+namespace JournalyApiV2.Models;
+
+public class RefreshToken
+{
+    public int TokenId { get; set; }
+    public string Token { get; set; }
+}
diff --git a/JournalyApiV2/Services/BLL/AuthService.cs b/JournalyApiV2/Services/BLL/AuthService.cs
@@ -30,15 +30,16 @@ public AuthService(UserManager<JournalyUser> userManager, IConfiguration config,
         _authDbService = authDbService;
     }
 
-    private string GenerateJwtToken(string userId, string email, string givenName, string familyName)
+    private string GenerateJwtToken(string userId, string email, string givenName, string familyName, int tokenId)
     {
         var claims = new List<Claim>
         {
             new Claim(JwtRegisteredClaimNames.Sub, userId),
             new Claim(JwtRegisteredClaimNames.Email, email),
             new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
             new Claim(JwtRegisteredClaimNames.GivenName, givenName),
-            new Claim(JwtRegisteredClaimNames.FamilyName, familyName)
+            new Claim(JwtRegisteredClaimNames.FamilyName, familyName),
+            new Claim("TokenId", tokenId.ToString())
         };
 
         var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Identity:Key"]));
@@ -66,11 +67,13 @@ public async Task<SignInResponse> SignIn(string email, string password)
             {
                 throw new Exception("Email and password is valid, but no user found");
             }
+
+            var refreshToken = await _authDbService.NewRefreshTokenAsync(Guid.Parse(user.Id));
             return new SignInResponse
             {
-                Token = GenerateJwtToken(user.Id, email, user.FirstName, user.LastName),
+                Token = GenerateJwtToken(user.Id, email, user.FirstName, user.LastName, refreshToken.TokenId),
                 ExpiresIn = _config.GetValue<int>("Identity:ExpireSeconds"),
-                RefreshToken = await _authDbService.NewRefreshTokenAsync(Guid.Parse(user.Id))
+                RefreshToken = refreshToken.Token
             };
         }
         else
@@ -109,9 +112,9 @@ public async Task<SignInResponse> RefreshToken(string refreshToken)
         if (newToken == null) throw new Exception("Failed to refresh token");
         return new SignInResponse
         {
-            RefreshToken = newToken,
+            RefreshToken = newToken.Token,
             ExpiresIn = _config.GetValue<int>("Identity:ExpireSeconds"),
-            Token = GenerateJwtToken(user.Id, user.Email, user.FirstName, user.LastName)
+            Token = GenerateJwtToken(user.Id, user.Email, user.FirstName, user.LastName, newToken.TokenId)
         };
     }
 }
diff --git a/JournalyApiV2/Services/DAL/AuthDbService.cs b/JournalyApiV2/Services/DAL/AuthDbService.cs
@@ -22,34 +22,41 @@ private static string GenerateSecureOpaqueToken()
         return Convert.ToBase64String(byteArr);
     }
 
-    public async Task<string?> ExchangeRefreshTokenAsync(string token)
+    public async Task<Models.RefreshToken?> ExchangeRefreshTokenAsync(string token)
     {
         await using var db = _db.Journaly();
         var oldToken = await db.RefreshTokens.SingleOrDefaultAsync(x => x.Token == token);
         if (oldToken == null) return null;
         db.Remove(oldToken);
         var newToken = GenerateSecureOpaqueToken();
-        db.RefreshTokens.Add(new RefreshToken
+        var result = db.RefreshTokens.Add(new RefreshToken
         {
             Token = newToken,
             UserId = oldToken.UserId
         });
         await db.SaveChangesAsync();
-        return newToken;
+        return new Models.RefreshToken
+        {
+            Token = newToken,
+            TokenId = result.Entity.Id
+        };
     }
 
-    public async Task<string?> NewRefreshTokenAsync(Guid user)
+    public async Task<Models.RefreshToken> NewRefreshTokenAsync(Guid user)
     {
         await using var db = _db.Journaly();
         var newToken = GenerateSecureOpaqueToken();
-        db.RefreshTokens.Add(new RefreshToken
+        var result = db.RefreshTokens.Add(new RefreshToken
         {
             Token = newToken,
             UserId = user
         });
         await db.SaveChangesAsync();
-        return newToken;
-    }
+        return new Models.RefreshToken
+        {
+            Token = newToken,
+            TokenId = result.Entity.Id
+        };    }
 
     public async Task<Guid?> LookupRefreshTokenAsync(string token)
     {

diff --git a/JournalyApiV2/Services/DAL/IAuthDbService.cs b/JournalyApiV2/Services/DAL/IAuthDbService.cs
@@ -1,8 +1,10 @@
-namespace JournalyApiV2.Services.DAL;
+using JournalyApiV2.Models;
+
+namespace JournalyApiV2.Services.DAL;
 
 public interface IAuthDbService
 {
-    Task<string?> ExchangeRefreshTokenAsync(string token);
+    Task<RefreshToken?> ExchangeRefreshTokenAsync(string token);
     Task<Guid?> LookupRefreshTokenAsync(string token);
-    Task<string?> NewRefreshTokenAsync(Guid user);
+    Task<RefreshToken> NewRefreshTokenAsync(Guid user);
 }