Minor fixes

Author: robisim74

EXPLANATION.md

@@ -9,7 +9,7 @@ public static IEnumerable<Client> GetClients()
     // Clients credentials.
     return new List<Client>
     {
-        // http://docs.identityserver.io/en/dev/reference/client.html.
+        // http://docs.identityserver.io/en/release/reference/client.html.
         new Client
         {
             ClientId = "AngularSPA",
@@ -105,6 +105,21 @@ services.AddDbContext<ApplicationDbContext>(options =>
 services.AddIdentity<ApplicationUser, IdentityRole>()
     .AddEntityFrameworkStores<ApplicationDbContext>()
     .AddDefaultTokenProviders();
+
+// Identity options.
+services.Configure<IdentityOptions>(options =>
+{
+    // Password settings.
+    options.Password.RequireDigit = true;
+    options.Password.RequiredLength = 8;
+    options.Password.RequireNonAlphanumeric = false;
+    options.Password.RequireUppercase = true;
+    options.Password.RequireLowercase = false;
+    // Lockout settings.
+    options.Lockout.AllowedForNewUsers = true;
+    options.Lockout.MaxFailedAccessAttempts = 3;
+    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(1);
+});
 ```
 and add Identity to the pipeline:
 ```C#
@@ -333,6 +348,10 @@ public startupTokenRefresh(): void {
                 }
             );
         });
+    } else {
+        // Revokes tokens.
+        this.revokeToken();
+        this.revokeRefreshToken();
     }
 }
 

README.md

@@ -9,12 +9,13 @@ Get the [Changelog](https://github.com/robisim74/AngularSPAWebAPI/blob/master/CH
 [Live example](http://angularspawebapi.azurewebsites.net) and its [explanation](https://github.com/robisim74/AngularSPAWebAPI/blob/master/EXPLANATION.md).
 
 **Links**
-- [Talk to a remote server with an HTTP Client](https://angular.io/docs/ts/latest/guide/server-communication.html)
-- [IdentityServer4](https://identityserver4.readthedocs.io) | [Protecting an API using Passwords](http://docs.identityserver.io/en/dev/quickstarts/2_resource_owner_passwords.html)
-- [ASP.NET Core - Security](https://docs.asp.net/en/latest/security/index.html) | [Role based Authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles)
+- [IdentityServer4](https://identityserver4.readthedocs.io/en/release/) | [Protecting an API using Passwords](https://identityserver4.readthedocs.io/en/release/quickstarts/2_resource_owner_passwords.html)
+- [ASP.NET Core - Security](https://docs.microsoft.com/en-us/aspnet/core/security/) | [Role based Authorization](https://docs.microsoft.com/en-us/aspnet/core/security/authorization/roles)
 
-For more complex scenarios, where web services are required by more than one application or third-party applications, 
-you should consider to use an OpenID Connect flow.
+> ROPC grant requires the use of SSL.
+
+> For more complex scenarios, where web services are required by more than one application or third-party applications, 
+you should use an OpenID Connect flow.
 
 **Links**
 - [IDENTITYSERVER4, WEB API AND ANGULAR IN A SINGLE ASP.NET CORE PROJECT](https://damienbod.com/2016/10/01/identityserver4-webapi-and-angular2-in-a-single-asp-net-core-project/)

src/AngularSPAWebAPI/Config.cs

@@ -34,7 +34,7 @@ public static IEnumerable<Client> GetClients()
             // Clients credentials.
             return new List<Client>
             {
-                // http://docs.identityserver.io/en/dev/reference/client.html.
+                // http://docs.identityserver.io/en/release/reference/client.html.
                 new Client
                 {
                     ClientId = "AngularSPA",

src/AngularSPAWebAPI/Startup.cs

@@ -11,6 +11,7 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Swashbuckle.AspNetCore.Swagger;
+using System;
 using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 
@@ -51,6 +52,10 @@ public void ConfigureServices(IServiceCollection services)
                 options.Password.RequireNonAlphanumeric = false;
                 options.Password.RequireUppercase = true;
                 options.Password.RequireLowercase = false;
+                // Lockout settings.
+                options.Lockout.AllowedForNewUsers = true;
+                options.Lockout.MaxFailedAccessAttempts = 3;
+                options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(1);
             });
 
             services.AddMvc();

src/AngularSPAWebAPI/app/services/authentication.service.ts

@@ -138,6 +138,10 @@ import { BrowserStorage } from './browser-storage.service';
                     }
                 );
             });
+        } else {
+            // Revokes tokens.
+            this.revokeToken();
+            this.revokeRefreshToken();
         }
     }
 
@@ -317,7 +321,12 @@ import { BrowserStorage } from './browser-storage.service';
     }
 
     private getUser(): User {
-        return this.browserStorage.get("user_info") ? JSON.parse(this.browserStorage.get("user_info")) : new User();
+        if (this.tokenNotExpired() && this.browserStorage.get("user_info")) {
+            return JSON.parse(this.browserStorage.get("user_info"));;
+        }
+        // Removes user's info if the token is expired.
+        this.browserStorage.remove("user_info");
+        return new User();
     }
 
     private storeUser(user: User): void {

src/AngularSPAWebAPI/wwwroot/dist/0.b4b7df437ce2d95edb48.chunk.js renamed to src/AngularSPAWebAPI/wwwroot/dist/0.d98b3366a9f569342f20.chunk.js

@@ -14,5 +14,5 @@
 </head>
 <body>
     <app-component>Loading...</app-component>
-<script type="text/javascript" src="dist/app-aot.b4b7df437ce2d95edb48.bundle.js"></script></body>
+<script type="text/javascript" src="dist/app-aot.d98b3366a9f569342f20.bundle.js"></script></body>
 </html>