public static void SeedAdminAccount(this UserManager <AppUser> value, IJwtTokenGenerator tokenGenerator) { var admin = new AppUser() { IsAdmin = true, UserName = "******" }; admin.RefreshToken = tokenGenerator.GenerateRefreshToken(admin); //if account is created, usermanager won't do anything. value.CreateAsync(admin).GetAwaiter().GetResult(); }
public async Task <AuthUserDto> Handle( Command request, CancellationToken cancellationToken) { var user = await _context.Users .Include(x => x.Roles) .ThenInclude(x => x.Role) .SingleOrDefaultAsync( x => x.UserName == request.UserName && !x.Archived, cancellationToken); if (user == null) { throw new HttpException( HttpStatusCode.Unauthorized, new { Error = "Invalid credentials." }); } if (!user.Hash.SequenceEqual( _passwordHasher.Hash( request.Password, user.Salt))) { throw new HttpException( HttpStatusCode.Unauthorized, new { Error = "Invalid credentials." }); } // generate refresh token var refreshToken = _jwtTokenGenerator.GenerateRefreshToken(); user.AddRefreshToken( refreshToken, user.Id); var token = await _jwtTokenGenerator.CreateToken( user.Id.ToString(), user.FullName, user.Email, user.Roles.SelectMany(x => x.Role.PermissionsInRole)); await _context.SaveChangesAsync(cancellationToken); return(new AuthUserDto( user.Id, user.FullName, user.Email, token, refreshToken)); }
public async Task <AuthUserDto> Handle( Command request, CancellationToken cancellationToken) { var userId = GetIdentifierFromExpiredToken(request.Token).Value; var user = await _context.Users .Include(u => u.RefreshTokens) .Include(u => u.Roles) .ThenInclude(x => x.Role) .SingleAsync( x => x.Id.ToString() == userId && !x.Archived, cancellationToken); if (user == null) { throw new HttpException( HttpStatusCode.Unauthorized, new { Error = "Invalid credentials." }); } if (!user.IsValidRefreshToken(request.RefreshToken)) { throw new HttpException( HttpStatusCode.Unauthorized, new { Error = "Invalid credentials." }); } var refreshToken = _jwtTokenGenerator.GenerateRefreshToken(); user.RemoveRefreshToken(request.RefreshToken); user.AddRefreshToken( refreshToken, user.Id); var token = await _jwtTokenGenerator.CreateToken( user.Id.ToString(), user.UserName, user.Email, user.Roles.SelectMany(x => x.Role.PermissionsInRole)); await _context.SaveChangesAsync(cancellationToken); return(new AuthUserDto( user.Id, user.FullName, user.Email, token, refreshToken)); }
public async Task <UserDto> Handle( Command request, CancellationToken cancellationToken) { var email = GetIdentifierFromExpiredToken(request.Token).Value; var user = await _context.Users.Include(u => u.RefreshTokens) .SingleAsync( x => x.Email == email && !x.Archived, cancellationToken); if (user == null) { throw new HttpException( HttpStatusCode.Unauthorized, new { Error = "Invalid credentials." }); } if (!user.IsValidRefreshToken(request.RefreshToken)) { throw new HttpException( HttpStatusCode.Unauthorized, new { Error = "Invalid credentials." }); } var refreshToken = _jwtTokenGenerator.GenerateRefreshToken(); user.RemoveRefreshToken(request.RefreshToken); user.AddRefreshToken( refreshToken, user.Id); var token = await _jwtTokenGenerator.CreateToken(user.Email); await _context.SaveChangesAsync(cancellationToken); return(new UserDto( user.FirstName, user.LastName, user.FullName, user.SystemName, user.Email, token, refreshToken, user.CurrencyRegionName, user.UseDarkMode)); }
public async Task <UserDto> Handle( Command request, CancellationToken cancellationToken) { var user = await _context.Users.SingleOrDefaultAsync( x => x.Email == request.Email && !x.Archived, cancellationToken); if (user == null) { throw new HttpException( HttpStatusCode.Unauthorized, new { Error = "Invalid credentials." }); } if (!user.Hash.SequenceEqual( _passwordHasher.Hash( request.Password, user.Salt))) { throw new HttpException( HttpStatusCode.Unauthorized, new { Error = "Invalid credentials." }); } // generate refresh token var refreshToken = _jwtTokenGenerator.GenerateRefreshToken(); user.AddRefreshToken(refreshToken, user.Id); var token = await _jwtTokenGenerator.CreateToken(request.Email); await _context.SaveChangesAsync(cancellationToken); return(new UserDto( user.FirstName, user.LastName, user.FullName, user.SystemName, user.Email, token, refreshToken, user.CurrencyRegionName, user.UseDarkMode)); }