public async Task <IActionResult> Silence()
{
try
{
User user = new User();
bool isAuthenticated = false;
if (_SignInManager.IsSignedIn(User))
{
foreach (string policy in AppFunc.GetCurrentRequestPolicies(Request))
{
AuthorizationResult authResult = await _AuthService.AuthorizeAsync(User, policy).ConfigureAwait(false);
if (authResult.Succeeded)
{
user = await _DbContext.Users
.Include(u => u.Role)
.Include(u => u.RegistrationMethod)
.FirstOrDefaultAsync(u => u.Id == AppFunc.GetUserId(User))
.ConfigureAwait(false);
isAuthenticated = true;
break;
}
}
}
SetAntiforgeryCookie();
bool isUserAllowedInMaintenance = false;
Request.Headers.TryGetValue("Origin", out StringValues OriginValue);
if ((user.Role != null && (user.Role.AccessClaim == AppConst.AccessClaims.Admin ||
user.Role.AccessClaim == AppConst.AccessClaims.Manager)) ||
AppConst.Settings.AppDomains.AdminApp.EqualCurrentCultureIgnoreCase(OriginValue))
{
isUserAllowedInMaintenance = true;
}
return(Ok(new MultiResult <User, bool, bool, bool>
(user, isAuthenticated, AppConst.Settings.MaintenanceModeStatus, isUserAllowedInMaintenance
, CoreFunc.GetCustomAttributeTypedArgument(ControllerContext))));
}
catch (Exception ex)
{
CoreFunc.Error(ref ErrorsList, _LoggingService.LogException(Request.Path, ex, User));
return(StatusCode(417, ErrorsList));
}
}
public async Task <IActionResult> ExternalLogin(ExternalLoginDetails externalLoginInfo)
{
try
{
IEnumerable <string> policies = AppFunc.GetCurrentRequestPolicies(Request, out AppTypes apptype);
if (apptype == AppTypes.Invalid)
{
CoreFunc.Error(ref ErrorsList, "Unauthorised Application Access. 🤔");
return(Unauthorized(ErrorsList));
}
if (!TryValidateModel(externalLoginInfo))
{
CoreFunc.ExtractErrors(ModelState, ref ErrorsList);
return(UnprocessableEntity(ErrorsList));
}
User externalLoginUser = new User();
switch (externalLoginInfo.Type)
{
case RegistrationTypes.Google:
externalLoginUser = await GetGoogleUserInfo(externalLoginInfo).ConfigureAwait(false);
break;
case RegistrationTypes.Facebook:
externalLoginUser = await GetFacebookUserInfo(externalLoginInfo).ConfigureAwait(false);
break;
}
// Check if the user is already registered
User registeredUser = await _DbContext.Users
.Include(u => u.Role)
.Include(u => u.RegistrationMethod)
.SingleOrDefaultAsync(u => u.RegistrationMethod.Type == externalLoginInfo.Type &&
u.RegistrationMethod.ExternalLinkedId == externalLoginUser.RegistrationMethod.ExternalLinkedId)
.ConfigureAwait(false);
// if the user is already registered
if (registeredUser != null)
{
if (!await IsUserPolicyAccepted(registeredUser, policies).ConfigureAwait(false))
{
CoreFunc.Error(ref ErrorsList, "You do not have permission to login here.");
return(Unauthorized(ErrorsList));
}
// sign the user in without any password
await _SignInManager.SignInAsync(registeredUser, externalLoginInfo.RememberMe).ConfigureAwait(false);
return(Ok(registeredUser));
}
if (apptype == AppTypes.Admin)
{
CoreFunc.Error(ref ErrorsList, "You do not have permission to login here. Please contact administrator.");
return(Unauthorized(ErrorsList));
}
/// check if the user is registered using other methods
User user = await _UserManager
.FindByEmailAsync(externalLoginUser?.Email).ConfigureAwait(false);
if (user != null)
{
RegistrationMethod registrationMethod = await _DbContext.RegistrationMethods
.FirstOrDefaultAsync(r => r.User.Id == user.Id).ConfigureAwait(false);
if (registrationMethod.Type != RegistrationTypes.Application)
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, $"Please use {registrationMethod.Type} account to login.");
}
else
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, $"Please use Email and Password to login");
}
return(StatusCode(403, ErrorsList));
}
externalLoginUser.Role = await _DbContext.Roles.FirstOrDefaultAsync(r => r.Name == "Customer").ConfigureAwait(false);
// else if the user is not registered but information is received from external login
externalLoginUser.Id = -1;
return(StatusCode(206, externalLoginUser));
}
catch (Exception ex)
{
CoreFunc.Error(ref ErrorsList, _LoggingService.LogException(Request.Path, ex, User));
return(StatusCode(417, ErrorsList));
}
}
public async Task <IActionResult> Login(LoginInfo loginInfo)
{
try
{
IEnumerable <string> policies = AppFunc.GetCurrentRequestPolicies(Request, out AppTypes apptype);
if (apptype == AppTypes.Invalid)
{
CoreFunc.Error(ref ErrorsList, "Unauthorised Application Access. 🤔");
return(Unauthorized(ErrorsList));
}
/// If email parameter is empty
/// return "unauthorized" response (stop code execution)
if (string.IsNullOrWhiteSpace(loginInfo.Email))
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, "Email is required!");
return(Unauthorized(ErrorsList));
}
/// Find the user with the provided email address
User user = await _DbContext.Users
.Include(u => u.Role)
.Include(u => u.RegistrationMethod)
.FirstOrDefaultAsync(r => r.Email.Equals(loginInfo.Email))
.ConfigureAwait(false);
/// if no user is found on the database
if (user == null)
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, "Email not registered");
return(Unauthorized(ErrorsList));
}
if (!await IsUserPolicyAccepted(user, policies).ConfigureAwait(false))
{
CoreFunc.Error(ref ErrorsList, "You do not have permission to login here.");
return(Unauthorized(ErrorsList));
}
if (user.RegistrationMethod.Type != RegistrationTypes.Application)
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, $"Please use {user.RegistrationMethod.Type} to login.");
return(StatusCode(403, ErrorsList));
}
if (string.IsNullOrWhiteSpace(loginInfo.Password))
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, "Password is required!");
return(Unauthorized(ErrorsList));
}
/// Check if user's account is locked
if (user.LockoutEnabled)
{
/// get the current lockout end dateTime
var currentLockoutDate =
await _UserManager.GetLockoutEndDateAsync(user).ConfigureAwait(false);
/// if the user's lockout is not expired (stop code execution)
if (user.LockoutEnd > DateTimeOffset.UtcNow)
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}"
, CoreFunc.CompareWithCurrentTime(user.LockoutEnd)));
return(Unauthorized(ErrorsList));
}
/// else lockout time has expired
// disable user lockout
await _UserManager.SetLockoutEnabledAsync(user, false).ConfigureAwait(false);
await _UserManager.ResetAccessFailedCountAsync(user).ConfigureAwait(false);
}
/// else user account is not locked
// Attempt to sign in the user
var SignInResult = await _SignInManager
.PasswordSignInAsync(user, loginInfo.Password, loginInfo.RememberMe, false).ConfigureAwait(false);
/// If password sign-in succeeds
// responded ok 200 status code with
//the user's role attached (stop code execution)
if (!SignInResult.Succeeded)
{
/// else login attempt failed
/// increase and update the user's failed login attempt by 1
await _UserManager.AccessFailedAsync(user).ConfigureAwait(false);
/// if failed login attempt is less than/ equal to 5 (stop code execution)
if (user.AccessFailedCount <= 5)
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, "Incorrect Password!");
return(Unauthorized(ErrorsList));
}
/// else user has tried their password more than 15 times
// lock the user and ask them to reset their password
user.LockoutEnabled = true;
user.LockoutEnd = DateTimeOffset.UtcNow.AddMinutes(user.AccessFailedCount);
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}"
, CoreFunc.CompareWithCurrentTime(user.LockoutEnd)));
return(Unauthorized(ErrorsList));
}
user.Role = (await _DbContext.Users.AsNoTracking()
.Include(u => u.Role)
.FirstOrDefaultAsync(u => u.Id == user.Id)
.ConfigureAwait(false))
?.Role;
return(Ok(user));
}
catch (Exception ex)
{
CoreFunc.Error(ref ErrorsList, _LoggingService.LogException(Request.Path, ex, User));
return(StatusCode(417, ErrorsList));
}
}
