mirror of
https://github.com/Kareadita/Kavita.git
synced 2025-07-09 03:04:19 -04:00
Less Logging In (#978)
* Implemented the framework for Refresh Token. Needs testing. * Implemented Refresh Tokens. Users are issued tokens that last 7 days, just before the 7 days, the UI will request a new token to avoid having to re-authenticate.
This commit is contained in:
Joseph Milazzo
GitHub
parent
52493cac70
commit
6c73f8b61a
@ -139,6 +139,7 @@ namespace API.Controllers
|
||||
{
|
||||
Username = user.UserName,
|
||||
Token = await _tokenService.CreateToken(user),
|
||||
RefreshToken = await _tokenService.CreateRefreshToken(user),
|
||||
ApiKey = user.ApiKey,
|
||||
Preferences = _mapper.Map<UserPreferencesDto>(user.UserPreferences)
|
||||
};
|
||||
@ -192,11 +193,24 @@ namespace API.Controllers
|
||||
{
|
||||
Username = user.UserName,
|
||||
Token = await _tokenService.CreateToken(user),
|
||||
RefreshToken = await _tokenService.CreateRefreshToken(user),
|
||||
ApiKey = user.ApiKey,
|
||||
Preferences = _mapper.Map<UserPreferencesDto>(user.UserPreferences)
|
||||
};
|
||||
}
|
||||
|
||||
[HttpPost("refresh-token")]
|
||||
public async Task<ActionResult<TokenRequestDto>> RefreshToken([FromBody] TokenRequestDto tokenRequestDto)
|
||||
{
|
||||
var token = await _tokenService.ValidateRefreshToken(tokenRequestDto);
|
||||
if (token == null)
|
||||
{
|
||||
return Unauthorized(new { message = "Invalid token" });
|
||||
}
|
||||
|
||||
return Ok(token);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Get All Roles back. See <see cref="PolicyConstants"/>
|
||||
/// </summary>
|
||||
|
||||
7
API/DTOs/Account/TokenRequestDto.cs
Normal file
7
API/DTOs/Account/TokenRequestDto.cs
Normal file
@ -0,0 +1,7 @@
|
||||
namespace API.DTOs.Account;
|
||||
|
||||
public class TokenRequestDto
|
||||
{
|
||||
public string Token { get; init; }
|
||||
public string RefreshToken { get; init; }
|
||||
}
|
||||
@ -5,6 +5,7 @@ namespace API.DTOs
|
||||
{
|
||||
public string Username { get; init; }
|
||||
public string Token { get; init; }
|
||||
public string RefreshToken { get; init; }
|
||||
public string ApiKey { get; init; }
|
||||
public UserPreferencesDto Preferences { get; set; }
|
||||
}
|
||||
|
||||
@ -1,8 +1,10 @@
|
||||
using System.Text;
|
||||
using System;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using API.Constants;
|
||||
using API.Data;
|
||||
using API.Entities;
|
||||
using ExCSS;
|
||||
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
||||
using Microsoft.AspNetCore.Authorization.Infrastructure;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
@ -26,6 +28,7 @@ namespace API.Extensions
|
||||
opt.Password.RequireNonAlphanumeric = false;
|
||||
opt.Password.RequiredLength = 6;
|
||||
})
|
||||
.AddTokenProvider<DataProtectorTokenProvider<AppUser>>(TokenOptions.DefaultProvider)
|
||||
.AddRoles<AppRole>()
|
||||
.AddRoleManager<RoleManager<AppRole>>()
|
||||
.AddSignInManager<SignInManager<AppUser>>()
|
||||
@ -40,7 +43,8 @@ namespace API.Extensions
|
||||
ValidateIssuerSigningKey = true,
|
||||
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["TokenKey"])),
|
||||
ValidateIssuer = false,
|
||||
ValidateAudience = false
|
||||
ValidateAudience = false,
|
||||
ValidIssuer = "Kavita"
|
||||
};
|
||||
|
||||
options.Events = new JwtBearerEvents()
|
||||
|
||||
@ -5,6 +5,7 @@ using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using System.Threading.Tasks;
|
||||
using API.DTOs.Account;
|
||||
using API.Entities;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
@ -17,6 +18,8 @@ namespace API.Services;
|
||||
public interface ITokenService
|
||||
{
|
||||
Task<string> CreateToken(AppUser user);
|
||||
Task<TokenRequestDto> ValidateRefreshToken(TokenRequestDto request);
|
||||
Task<string> CreateRefreshToken(AppUser user);
|
||||
}
|
||||
|
||||
public class TokenService : ITokenService
|
||||
@ -56,4 +59,33 @@ public class TokenService : ITokenService
|
||||
|
||||
return tokenHandler.WriteToken(token);
|
||||
}
|
||||
|
||||
public async Task<string> CreateRefreshToken(AppUser user)
|
||||
{
|
||||
await _userManager.RemoveAuthenticationTokenAsync(user, TokenOptions.DefaultProvider, "RefreshToken");
|
||||
var refreshToken = await _userManager.GenerateUserTokenAsync(user, TokenOptions.DefaultProvider, "RefreshToken");
|
||||
await _userManager.SetAuthenticationTokenAsync(user, TokenOptions.DefaultProvider, "RefreshToken", refreshToken);
|
||||
return refreshToken;
|
||||
}
|
||||
|
||||
public async Task<TokenRequestDto> ValidateRefreshToken(TokenRequestDto request)
|
||||
{
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var tokenContent = tokenHandler.ReadJwtToken(request.Token);
|
||||
var username = tokenContent.Claims.FirstOrDefault(q => q.Type == JwtRegisteredClaimNames.NameId)?.Value;
|
||||
var user = await _userManager.FindByNameAsync(username);
|
||||
var isValid = await _userManager.VerifyUserTokenAsync(user, TokenOptions.DefaultProvider, "RefreshToken", request.RefreshToken);
|
||||
if (isValid)
|
||||
{
|
||||
return new TokenRequestDto()
|
||||
{
|
||||
Token = await CreateToken(user),
|
||||
RefreshToken = await CreateRefreshToken(user)
|
||||
};
|
||||
}
|
||||
|
||||
await _userManager.UpdateSecurityStampAsync(user);
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,6 +4,7 @@ import { Preferences } from './preferences/preferences';
|
||||
export interface User {
|
||||
username: string;
|
||||
token: string;
|
||||
refreshToken: string;
|
||||
roles: string[];
|
||||
preferences: Preferences;
|
||||
apiKey: string;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
import { HttpClient } from '@angular/common/http';
|
||||
import { Injectable, OnDestroy } from '@angular/core';
|
||||
import { Observable, ReplaySubject, Subject } from 'rxjs';
|
||||
import { Observable, of, ReplaySubject, Subject } from 'rxjs';
|
||||
import { map, takeUntil } from 'rxjs/operators';
|
||||
import { environment } from 'src/environments/environment';
|
||||
import { Preferences } from '../_models/preferences/preferences';
|
||||
@ -22,6 +22,11 @@ export class AccountService implements OnDestroy {
|
||||
private currentUserSource = new ReplaySubject<User>(1);
|
||||
currentUser$ = this.currentUserSource.asObservable();
|
||||
|
||||
/**
|
||||
* SetTimeout handler for keeping track of refresh token call
|
||||
*/
|
||||
private refreshTokenTimeout: ReturnType<typeof setTimeout> | undefined;
|
||||
|
||||
private readonly onDestroy = new Subject<void>();
|
||||
|
||||
constructor(private httpClient: HttpClient, private router: Router,
|
||||
@ -69,17 +74,37 @@ export class AccountService implements OnDestroy {
|
||||
|
||||
this.currentUserSource.next(user);
|
||||
this.currentUser = user;
|
||||
if (this.currentUser !== undefined) {
|
||||
this.startRefreshTokenTimer();
|
||||
} else {
|
||||
this.stopRefreshTokenTimer();
|
||||
}
|
||||
}
|
||||
|
||||
logout() {
|
||||
localStorage.removeItem(this.userKey);
|
||||
this.currentUserSource.next(undefined);
|
||||
this.currentUser = undefined;
|
||||
this.stopRefreshTokenTimer();
|
||||
// Upon logout, perform redirection
|
||||
this.router.navigateByUrl('/login');
|
||||
this.messageHub.stopHubConnection();
|
||||
}
|
||||
|
||||
// setCurrentUser() {
|
||||
// // TODO: Refactor this to setCurentUser in accoutnService
|
||||
// const user = this.getUserFromLocalStorage();
|
||||
|
||||
|
||||
// if (user) {
|
||||
// this.navService.setDarkMode(user.preferences.siteDarkMode);
|
||||
// this.messageHub.createHubConnection(user, this.accountService.hasAdminRole(user));
|
||||
// this.libraryService.getLibraryNames().pipe(take(1)).subscribe(() => {/* No Operation */});
|
||||
// } else {
|
||||
// this.navService.setDarkMode(true);
|
||||
// }
|
||||
// }
|
||||
|
||||
register(model: {username: string, password: string, isAdmin?: boolean}) {
|
||||
if (!model.hasOwnProperty('isAdmin')) {
|
||||
model.isAdmin = false;
|
||||
@ -135,8 +160,45 @@ export class AccountService implements OnDestroy {
|
||||
}
|
||||
return key;
|
||||
}));
|
||||
|
||||
|
||||
}
|
||||
|
||||
private refreshToken() {
|
||||
if (this.currentUser === null || this.currentUser === undefined) return of();
|
||||
|
||||
return this.httpClient.post<{token: string, refreshToken: string}>(this.baseUrl + 'account/refresh-token', {token: this.currentUser.token, refreshToken: this.currentUser.refreshToken}).pipe(map(user => {
|
||||
if (this.currentUser) {
|
||||
this.currentUser.token = user.token;
|
||||
this.currentUser.refreshToken = user.refreshToken;
|
||||
}
|
||||
|
||||
this.currentUserSource.next(this.currentUser);
|
||||
this.startRefreshTokenTimer();
|
||||
return user;
|
||||
}));
|
||||
}
|
||||
|
||||
private startRefreshTokenTimer() {
|
||||
if (this.currentUser === null || this.currentUser === undefined) return;
|
||||
|
||||
if (this.refreshTokenTimeout !== undefined) {
|
||||
this.stopRefreshTokenTimer();
|
||||
}
|
||||
|
||||
const jwtToken = JSON.parse(atob(this.currentUser.token.split('.')[1]));
|
||||
// set a timeout to refresh the token a minute before it expires
|
||||
const expires = new Date(jwtToken.exp * 1000);
|
||||
const timeout = expires.getTime() - Date.now() - (60 * 1000);
|
||||
this.refreshTokenTimeout = setTimeout(() => this.refreshToken().subscribe(() => {
|
||||
console.log('Token Refreshed');
|
||||
}), timeout);
|
||||
}
|
||||
|
||||
private stopRefreshTokenTimer() {
|
||||
if (this.refreshTokenTimeout !== undefined) {
|
||||
clearTimeout(this.refreshTokenTimeout);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -40,7 +40,6 @@ export class AppComponent implements OnInit {
|
||||
|
||||
setCurrentUser() {
|
||||
const user = this.accountService.getUserFromLocalStorage();
|
||||
|
||||
this.accountService.setCurrentUser(user);
|
||||
|
||||
if (user) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user