Seperate Table created for RefreshToken and RefreshTokenCommandHandlerTest created for unit test and all appSettings updated

Author: TL\anwarahm

src/Core/Domain/Entities/Users/RefreshToken.cs

@@ -0,0 +1,22 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations.Schema;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace CleanTemplate.Domain.Entities.Users
+{
+    public class RefreshToken : IEntity<int>
+    {
+        public int Id { get; set; }
+
+        [ForeignKey(name: nameof(User))]
+        public int UserId { get; set; }
+        public User User { get; set; }
+        public string Token { get; set; }
+        public DateTime Created { get; set; }
+        public DateTime Updated { get; set; } = DateTime.Now;
+        public DateTime ExpiryTime { get; set; }
+    }
+}

src/Core/Domain/Entities/Users/User.cs

@@ -21,8 +21,6 @@ public User()
         public bool IsActive { get; set; }
 
         public DateTimeOffset? LastLoginDate { get; set; }
-        public string? RefreshToken { get; set; }
-        public DateTime? RefreshTokenExpiryTime { get; set; }
     }
 
     public enum GenderType

src/Core/Domain/IRepositories/IRefreshTokenRepository.cs

@@ -0,0 +1,16 @@
+using CleanTemplate.Domain.Entities.Users;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace CleanTemplate.Domain.IRepositories
+{
+    public interface IRefreshTokenRepository : IRepository<RefreshToken>
+    {
+        Task UpsertRefreshToken(RefreshToken refreshToken, CancellationToken cancellationToken);
+        Task<bool> ValidateRefreshToken(RefreshToken refreshToken, CancellationToken cancellationToken);
+    }
+}

src/Infrastructure/Persistance/CommandHandlers/Users/LoginCommandHandler.cs

@@ -2,6 +2,7 @@
 using CleanTemplate.Common;
 using CleanTemplate.Common.Exceptions;
 using CleanTemplate.Domain.Entities.Users;
+using CleanTemplate.Domain.IRepositories;
 using CleanTemplate.Persistance.Jwt;
 using MediatR;
 using Microsoft.AspNetCore.Identity;
@@ -15,12 +16,15 @@ public class LoginCommandHandler : IRequestHandler<LoginCommand, LoginResponse>
     {
         private readonly UserManager<User> _userManager;
         private readonly IJwtService _jwtService;
+        private readonly IRefreshTokenRepository _refreshTokenRepository;
 
         public LoginCommandHandler(UserManager<User> userManager,
-                                   IJwtService jwtService)
+                                   IJwtService jwtService,
+                                   IRefreshTokenRepository refreshTokenRepository)
         {
             _userManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
             _jwtService = jwtService ?? throw new ArgumentNullException(nameof(jwtService));
+            _refreshTokenRepository = refreshTokenRepository ?? throw new ArgumentNullException(nameof(refreshTokenRepository));
         }
 
         public async Task<LoginResponse> Handle(LoginCommand request, CancellationToken cancellationToken)
@@ -37,9 +41,13 @@ public async Task<LoginResponse> Handle(LoginCommand request, CancellationToken
                 throw new CleanArchAppException("username or password is incorrect");
 
             var jwt = await _jwtService.GenerateAsync(user);
-            user.RefreshToken = jwt.refresh_token;
-            user.RefreshTokenExpiryTime = DateTime.Now.AddDays(jwt.refreshToken_expiresIn);
-            await _userManager.UpdateAsync(user);
+            var refreshToken = new RefreshToken
+            {
+                UserId = user.Id,
+                ExpiryTime = DateTime.Now.AddDays(jwt.refreshToken_expiresIn),
+                Token = jwt.refresh_token
+            };
+            await _refreshTokenRepository.UpsertRefreshToken(refreshToken: refreshToken, cancellationToken);
             return new LoginResponse
             {
                 accessToken = jwt.access_token,

src/Infrastructure/Persistance/CommandHandlers/Users/RefreshTokenCommandHandler.cs

@@ -1,5 +1,6 @@
 using CleanTemplate.Application.Users.Command.RefreshToken;
 using CleanTemplate.Common;
+using CleanTemplate.Common.Exceptions;
 using CleanTemplate.Domain.Entities.Users;
 using CleanTemplate.Domain.IRepositories;
 using CleanTemplate.Persistance.Jwt;
@@ -18,29 +19,43 @@ namespace CleanTemplate.Persistance.CommandHandlers.Users
 {
     public class RefreshTokenCommandHandler : IRequestHandler<RefreshTokenCommand, RefreshTokenResponse>
     {
-        private readonly IUserRepository _userRepository;
+        private readonly UserManager<User> _userManager;
         private readonly IJwtService _jwtService;
+        private readonly IRefreshTokenRepository _refreshTokenRepository;
 
-        public RefreshTokenCommandHandler(IUserRepository userRepository,
-                                   IJwtService jwtService)
+        public RefreshTokenCommandHandler(UserManager<User> userManager,
+                                   IJwtService jwtService,
+                                   IRefreshTokenRepository refreshTokenRepository)
         {
-            _userRepository = userRepository ?? throw new ArgumentNullException(nameof(userRepository));
+            _userManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
             _jwtService = jwtService ?? throw new ArgumentNullException(nameof(jwtService));
+            _refreshTokenRepository = refreshTokenRepository ?? throw new ArgumentNullException(nameof(refreshTokenRepository));
         }
         public async Task<RefreshTokenResponse> Handle(RefreshTokenCommand request, CancellationToken cancellationToken)
         {
+            if (request is null)
+                throw new InvalidNullInputException(nameof(request));
+
             var userId = _jwtService.ValidateJwtAccessTokenAsync(request.AccessToken);
             if (userId == null)
                 throw new CleanArchAppException("AccessToken is not valid");
 
-            var user = await _userRepository.GetByIdAsync(cancellationToken, userId);
-            if (user.RefreshToken != request.RefreshToken)
-                throw new CleanArchAppException("RefreshToken is not valid");
+            var refreshToken = new RefreshToken
+            {
+                UserId = userId.Value,
+                Token = request.RefreshToken
+            };
+            await _refreshTokenRepository.ValidateRefreshToken(refreshToken, cancellationToken);
 
+            var user = await _userManager.FindByIdAsync(userId.ToString());
             var jwt = await _jwtService.GenerateAsync(user);
-            user.RefreshToken = jwt.refresh_token;
-            user.RefreshTokenExpiryTime = DateTime.Now.AddDays(jwt.refreshToken_expiresIn);
-            await _userRepository.UpdateAsync(user, cancellationToken);
+            var updateRefreshToken = new RefreshToken
+            {
+                UserId = user.Id,
+                ExpiryTime = DateTime.Now.AddDays(jwt.refreshToken_expiresIn),
+                Token = jwt.refresh_token
+            };
+            await _refreshTokenRepository.UpsertRefreshToken(refreshToken: updateRefreshToken, cancellationToken);
             return new RefreshTokenResponse
             {
                 AccessToken = jwt.access_token,