ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac84097254041fe16d40f10898f9fa5feaf4ad94
ROLAC/API/ROLAC.API/Services/IAuthService.cs
T
Chris Chen e53cea7a82 Add init link.
2026-06-24 10:53:13 -07:00

65 lines
2.7 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Identity;
using ROLAC.API.DTOs.Auth;
using ROLAC.API.Entities;
namespace ROLAC.API.Services;
public interface IAuthService
{
/// <summary>
/// Validates credentials and returns a new access token plus the raw refresh token
/// that must be stored in an HttpOnly cookie by the caller.
/// Throws <see cref="UnauthorizedAccessException"/> on any auth failure.
/// </summary>
Task<(LoginResponse Response, string RawRefreshToken)> LoginAsync(
LoginRequest request,
string? ipAddress = null,
string? deviceInfo = null);
/// <summary>
/// Validates a raw refresh token, revokes it, and issues a new token pair (rotation).
/// Throws <see cref="UnauthorizedAccessException"/> if the token is not found,
/// expired, or already revoked.
/// </summary>
Task<(LoginResponse Response, string RawRefreshToken)> RefreshAsync(
string rawRefreshToken,
string? ipAddress = null);
/// <summary>
/// Issues a fresh access token + refresh token for an already-verified user (no password
/// check). Stores the refresh token and returns the raw value for the caller to put in the
/// HttpOnly cookie. Used by passwordless flows such as accepting an invitation link.
/// </summary>
Task<(LoginResponse Response, string RawRefreshToken)> IssueSessionAsync(
AppUser user,
string? ipAddress = null,
string? deviceInfo = null);
/// <summary>
/// Revokes the refresh token identified by its raw value.
/// Silently succeeds if the token is not found.
/// </summary>
Task LogoutAsync(string rawRefreshToken);
/// <summary>
/// Changes the password for an already-authenticated user. Verifies the current
/// password and enforces the configured Identity password policy via
/// <c>UserManager.ChangePasswordAsync</c>. On success, revokes the user's other
/// active refresh tokens (keeping the one matching <paramref name="currentRawRefreshToken"/>)
/// and writes a security audit entry. Returns the <see cref="IdentityResult"/> so the
/// caller can surface failures; never throws on a bad password.
/// </summary>
Task<IdentityResult> ChangePasswordAsync(
string userId,
string currentPassword,
string newPassword,
string? currentRawRefreshToken);
/// <summary>
/// Builds the UserInfo payload (identity, roles, and effective permissions) for an
/// already-authenticated user. Used by GET /api/auth/me to refresh permissions
/// after an admin edits the matrix, without forcing a re-login.
/// </summary>
Task<UserInfo> BuildUserInfoAsync(AppUser user, IList<string> roles);
}
Reference in New Issue View Git Blame Copy Permalink