Beispiel #1
0
        public async Task <AuthenticatedUserDto> AuthenticateUserAsync(LoginUserDto loginUserDto,
                                                                       string secretKey, double expiryInMilliseconds, string issuer, string audience,
                                                                       CancellationToken cancellationToken = default)
        {
            var user = await _repositoryContainer.UserRepository.GetUserByUserNameWithDetailsAsync(loginUserDto.UserName, cancellationToken);

            if (user is null)
            {
                throw new NotFoundException($"User with UserName: [{loginUserDto.UserName}] is not found.");
            }

            var isPasswordCorrect = _passwordService.VerifyPassword(loginUserDto.Password, user.PasswordSalt, user.PasswordHash);

            if (!isPasswordCorrect)
            {
                throw new IncorrectPasswordException($"User with UserName: [{loginUserDto.UserName}] does not have Password: [{loginUserDto.Password}]");
            }

            var expirationDate = _systemClock.UtcNow.AddMilliseconds(expiryInMilliseconds).LocalDateTime;

            var accessToken = _jwtTokenService.GetAccessToken(user.ID.Value, user.UserName,
                                                              user.UserRoles.Select(ur => ur.Role.Name), issuer, audience, secretKey, expirationDate);

            return(new AuthenticatedUserDto
            {
                TokenExpiration = expirationDate,
                AccessToken = accessToken
            });
        }