Chris Chen
9db8b34181
- IAuthService: LoginAsync / RefreshAsync / LogoutAsync - AuthService: refresh-token rotation, hashed storage, LastLoginAt update - AuthServiceTests: 5 login + 3 refresh + 1 logout tests via Moq + EF InMemory Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
32 lines
1.1 KiB
C#
32 lines
1.1 KiB
C#
using ROLAC.API.DTOs.Auth;
|
|
|
|
namespace ROLAC.API.Services;
|
|
|
|
public interface IAuthService
|
|
{
|
|
/// <summary>
|
|
/// Validates credentials and returns a new access token plus the raw refresh token
|
|
/// that must be stored in an HttpOnly cookie by the caller.
|
|
/// Throws <see cref="UnauthorizedAccessException"/> on any auth failure.
|
|
/// </summary>
|
|
Task<(LoginResponse Response, string RawRefreshToken)> LoginAsync(
|
|
LoginRequest request,
|
|
string? ipAddress = null,
|
|
string? deviceInfo = null);
|
|
|
|
/// <summary>
|
|
/// Validates a raw refresh token, revokes it, and issues a new token pair (rotation).
|
|
/// Throws <see cref="UnauthorizedAccessException"/> if the token is not found,
|
|
/// expired, or already revoked.
|
|
/// </summary>
|
|
Task<(LoginResponse Response, string RawRefreshToken)> RefreshAsync(
|
|
string rawRefreshToken,
|
|
string? ipAddress = null);
|
|
|
|
/// <summary>
|
|
/// Revokes the refresh token identified by its raw value.
|
|
/// Silently succeeds if the token is not found.
|
|
/// </summary>
|
|
Task LogoutAsync(string rawRefreshToken);
|
|
}
|