From 94df917149e7541330e9478b564439c3128b8c9e Mon Sep 17 00:00:00 2001 From: colesm Date: Thu, 11 Dec 2025 14:54:37 +0100 Subject: [PATCH] =?UTF-8?q?MAJ=20ajout=20de=20la=20m=C3=A9thode=20refresh?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../DTO/Refrresh/Request/RefreshTokenDto.cs | 6 ++ .../DTO/Refrresh/Response/GetRefreshDto.cs | 6 ++ .../Endpoints/Refresh/RefreshTokenEndpoint.cs | 74 +++++++++++++++++++ 3 files changed, 86 insertions(+) create mode 100644 PyroFetes/DTO/Refrresh/Request/RefreshTokenDto.cs create mode 100644 PyroFetes/DTO/Refrresh/Response/GetRefreshDto.cs create mode 100644 PyroFetes/Endpoints/Refresh/RefreshTokenEndpoint.cs diff --git a/PyroFetes/DTO/Refrresh/Request/RefreshTokenDto.cs b/PyroFetes/DTO/Refrresh/Request/RefreshTokenDto.cs new file mode 100644 index 0000000..25a8adb --- /dev/null +++ b/PyroFetes/DTO/Refrresh/Request/RefreshTokenDto.cs @@ -0,0 +1,6 @@ +namespace PyroFetes.DTO.Refrresh.Request; + +public class RefreshTokenDto +{ + public string? Token { get; set; } +} \ No newline at end of file diff --git a/PyroFetes/DTO/Refrresh/Response/GetRefreshDto.cs b/PyroFetes/DTO/Refrresh/Response/GetRefreshDto.cs new file mode 100644 index 0000000..1628980 --- /dev/null +++ b/PyroFetes/DTO/Refrresh/Response/GetRefreshDto.cs @@ -0,0 +1,6 @@ +namespace PyroFetes.DTO.Refrresh.Response; + +public class GetRefreshDto +{ + public string? Token { get; set; } +} \ No newline at end of file diff --git a/PyroFetes/Endpoints/Refresh/RefreshTokenEndpoint.cs b/PyroFetes/Endpoints/Refresh/RefreshTokenEndpoint.cs new file mode 100644 index 0000000..c022df0 --- /dev/null +++ b/PyroFetes/Endpoints/Refresh/RefreshTokenEndpoint.cs @@ -0,0 +1,74 @@ +using System.IdentityModel.Tokens.Jwt; +using System.Security.Claims; +using FastEndpoints; +using FastEndpoints.Security; +using Microsoft.AspNetCore.Authorization; +using Microsoft.EntityFrameworkCore; +using PyroFetes.DTO.Refrresh.Response; + +namespace PyroFetes.Endpoints.Refresh; + +public class RefreshTokenEndpoint(PyroFetesDbContext database) : EndpointWithoutRequest +{ + public override void Configure() + { + Post("/refresh"); + // [Authorize] est géré ici avec les rôles + Roles("Admin", "User"); + } + + public override async Task HandleAsync(CancellationToken ct) + { + try + { + // 1. 🚨 CORRECTION : Lire le claim 'Name' du jeton validé par le middleware + // Le claim 'Name' contient le nom d'utilisateur + string? userName = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name)?.Value; + + if (string.IsNullOrWhiteSpace(userName)) + { + // Si le claim Name est manquant (ce qui ne devrait pas arriver) + await Send.UnauthorizedAsync(ct); + return; + } + + // 2. 🚨 CORRECTION : Utiliser le Nom (Name) pour la recherche BDD + // Assurez-vous que la propriété de l'entité est 'Name' et qu'elle est unique + var login = await database.Users.FirstOrDefaultAsync(x => x.Name == userName, ct); + if (login == null) + { + await Send.UnauthorizedAsync(ct); + return; + } + + // 3. Création du NOUVEAU jeton + string jwtToken = JwtBearer.CreateToken( + o => + { + o.SigningKey = "ThisIsASuperSecretJwtKeyThatIsAtLeast32CharsLong"; + o.ExpireAt = DateTime.UtcNow.AddMinutes(15); + + // Assurez-vous que les claims sont corrects pour Angular + if (login.Fonction != null) o.User.Roles.Add(login.Fonction); + + // Ajouter le claim Name (Nom d'utilisateur) + o.User.Claims.Add((ClaimTypes.Name, login.Name)!); + + // Si votre API mettait d'autres claims, ajoutez-les ici (ex: "Username") + // o.User.Claims.Add(("Username", login.Name)!); + }); + + // 4. Envoi de la réponse + GetRefreshDto responseDto = new() + { + Token = jwtToken + }; + + await Send.OkAsync(responseDto, ct); + } + catch (Exception) + { + await Send.UnauthorizedAsync(ct); + } + } +} \ No newline at end of file