public async Task <IActionResult> Login([FromBody] EmailPasswordModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest("Invalid user name or password"));
}
var user = await _userManager.FindByEmailAsync(model.Email);
if (user == null)
{
return(Conflict("Bad user name password combination"));
}
if (!await _userManager.CheckPasswordAsync(user, model.Password))
{
return(Conflict("Bad user name password combination"));
}
//TODO: implement user account lockout to avoid guess password with brute force
var refreshToken = AesCryptor.EncryptStringAes(user.Id, RefreshtokenKey.Value, RefreshtokenKey.IV);
var jwtToken = JwtTokenizer.GenerateJwtToken(user.Id, user.Email);
//CreateAuthenticatedCookie(jwtToken);
return(Ok(new { userId = user.Id, Token = jwtToken, refreshtoken = refreshToken }));
}
public async Task <IActionResult> Register([FromBody] EmailPasswordModel model)
{
if (!model.Email.IsValidEmail())
{
return(BadRequest());
}
var user = new ApplicationUser {
UserName = model.Email, Email = model.Email
};
var result = await _userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
{
var errorMessages = result.Errors.Select(e => e.Description).Aggregate((en, enn) => en + ", " + enn);
return(Conflict(new { Status = "Error", Message = errorMessages }));
}
//await SendEmailConfirmationAsync(model, user); TODO send email confirmation
var refreshToken = AesCryptor.EncryptStringAes(user.Id, RefreshtokenKey.Value, RefreshtokenKey.IV);
var jwtToken = JwtTokenizer.GenerateJwtToken(user.Id, user.Email);
//CreateAuthenticatedCookie(jwtToken);
return(Ok(new { userId = user.Id, Token = jwtToken, refreshtoken = refreshToken }));
}
public async Task <ActionResult> ResetPassword(EmailPasswordModel model)
{
if (ModelState.IsValid)
{
model.UserContext = WeedHackersContext.Users.Single(u => u.Email == model.Email);
string base64GuidPassword = Convert.ToBase64String(Guid.NewGuid().ToByteArray());//New Password assigned, User can later go and change it
model.UserContext.Password = base64GuidPassword;
WeedHackersContext.Users.AddOrUpdate(model.UserContext);
await WeedHackersContext.SaveChangesAsync();
var SendNewPassword = new EmailHelper();
await SendNewPassword.SendEmail(new EmailFormModel
{
Message =
"Your New Default password is " + model.UserContext.Password +
" please use this to login and then update your password to your prefered new password",
Recipient = model.UserContext.Email
});
FlashMessage.Confirmation("Forgot Password", "Your password has been reset. An email was sent to you containing your new password.");
return(RedirectToAction("Index", "Security"));
}
return(RedirectToAction("Index", "ForgotPassword"));
}
public async Task <IActionResult> Register(EmailPasswordModel model)
{
var user = await this.userManager.FindByEmailAsync(model.Email);
if (user == null)
{
user = new KmUser()
{
Email = model.Email,
UserName = model.Email
};
user.Email = model.Email;
var result = await this.userManager.CreateAsync(user, model.Password);
if (!result.Succeeded)
{
return(BadRequest(result.Errors.First().Code));
}
await this.accountConfirmationService.SendAccountConfirmationEmail(user);
return(Ok());
}
else
{
return(BadRequest("The email has been registered."));
}
}
public async Task <ActionResult <string> > Login(EmailPasswordModel model)
{
var user = await this.userManager.FindByEmailAsync(model.Email);
if (user == null)
{
return(BadRequest("There is no account for the email you entered."));
}
var result = await this.signinManager.PasswordSignInAsync(user, model.Password, false, false);
if (result == SignInResult.Failed)
{
return(BadRequest("Incorrect password."));
}
else if (result == SignInResult.NotAllowed)
{
return(BadRequest("You can not log in until email is confirmed."));
}
var token = await this.tokenService.GenerateAccessToken(user);
return(Ok(token));
}
// GET: ForgotPassword
public ActionResult Index(EmailPasswordModel model)
{
model = new EmailPasswordModel();
return(View(model));
}
