Merge pull request #20 from barzin144/bugfix/handel-invalid-refresh-token

handled invalid refresh token

Author: barzin144

DataAccess/UserRepository.cs

@@ -113,11 +113,7 @@ public async Task<bool> DeleteTokensWithSameRefreshTokenSourceAsync(string refre
 				string refreshTokenHash = _securityService.GetSha256Hash(refreshToken);
 				FilterDefinition<User> filter = new FilterDefinitionBuilder<User>().Eq($"{nameof(User.Tokens)}.{nameof(Token.RefreshTokenIdHash)}", refreshTokenHash);
 
-				User user = await collection.Find(filter).FirstOrDefaultAsync();
-				if (user == null)
-				{
-					throw new Exception("Invalid refresh token");
-				}
+				User user = await collection.Find(filter).FirstOrDefaultAsync() ?? throw new Exception("Invalid refresh token");
 				return (user.Tokens.Where(x => x.RefreshTokenIdHash == refreshTokenHash).FirstOrDefault(), user);
 			}
 			catch

Service/JwtTokenService.cs

@@ -205,12 +205,15 @@ public async Task RevokeUserBearerTokensAsync(string userId, string refreshToken
 			{
 				throw new Exception("Invalid refresh token");
 			}
-			string refreshTokenSerial = GetRefreshTokenSerial(refreshToken);
-			if (string.IsNullOrWhiteSpace(refreshTokenSerial))
+			try
+			{
+				string refreshTokenSerial = GetRefreshTokenSerial(refreshToken);
+				return await _userService.FindUserAndTokenByRefreshTokenAsync(refreshTokenSerial);
+			}
+			catch
 			{
 				throw new Exception("Invalid refresh token");
 			}
-			return await _userService.FindUserAndTokenByRefreshTokenAsync(refreshTokenSerial);
 		}
 	}
 }

WebApi/Controllers/AuthController.cs

@@ -224,23 +224,30 @@ public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenViewModel m
 				return BadRequest("refreshToken is not set.");
 			}
 
-			(Token token, User user) = await _jwtTokenService.FindUserAndTokenByRefreshTokenAsync(refreshToken);
-			if (token == null)
+			try
 			{
-				return Unauthorized();
-			}
+				(Token token, User user) = await _jwtTokenService.FindUserAndTokenByRefreshTokenAsync(refreshToken);
+				if (token == null)
+				{
+					return Unauthorized();
+				}
 
-			var result = _jwtTokenService.CreateJwtTokens(user);
-			await _jwtTokenService.AddUserTokenAsync(user, result.RefreshTokenSerial, result.AccessToken, _jwtTokenService.GetRefreshTokenSerial(refreshToken));
+				var result = _jwtTokenService.CreateJwtTokens(user);
+				await _jwtTokenService.AddUserTokenAsync(user, result.RefreshTokenSerial, result.AccessToken, _jwtTokenService.GetRefreshTokenSerial(refreshToken));
 
-			return Ok(new AuthResponseViewModel
+				return Ok(new AuthResponseViewModel
+				{
+					AccessToken = result.AccessToken,
+					RefreshToken = result.RefreshToken,
+					Email = user.Email,
+					Name = user.Name,
+					Provider = user.Provider.ToString()
+				});
+			}
+			catch
 			{
-				AccessToken = result.AccessToken,
-				RefreshToken = result.RefreshToken,
-				Email = user.Email,
-				Name = user.Name,
-				Provider = user.Provider.ToString()
-			});
+				return BadRequest("Invalid refresh token.");
+			}
 		}
 
 		[HttpPost("logout")]