public async Task<IActionResult> IssueToken([FromBody] BearerTokenRequest model)
{
if (!ValidModelState(out var error))
return error;
TUser user;
switch (model.IdentityType)
{
case IdentityType.Username:
user = await _userManager.FindByNameAsync(model.Identity);
break;
case IdentityType.Email:
user = await _userManager.FindByEmailAsync(model.Identity);
if (!user.EmailConfirmed)
return NotFound();
break;
case IdentityType.PhoneNumber:
user = await _userManager.FindByPhoneNumberAsync(model.Identity);
if (!user.PhoneNumberConfirmed)
return NotFound();
break;
default:
throw new ArgumentOutOfRangeException();
}
if (user == null)
return NotFound();
if (user.LockoutEnd.HasValue && user.LockoutEnd > _timestamps.GetCurrentTime())
return Forbid();
if (await _userManager.CheckPasswordAsync(user, model.Password))
{
Debug.Assert(nameof(IUserIdProvider.Id) == nameof(IdentityUser.Id));
var claims = await _userManager.GetClaimsAsync(user);
if (HttpContext.GetTenantContext<TTenant>() is TenantContext<TTenant> tenantContext)
{
if (tenantContext.Tenant != null)
{
claims.Add(new Claim(_securityOptions.Value.Claims.TenantIdClaim, tenantContext.Tenant.Id));
claims.Add(new Claim(_securityOptions.Value.Claims.TenantNameClaim, tenantContext.Tenant.Name));
}
}
var provider = user.ActLike<IUserIdProvider>();
var token = JwtSecurity.CreateToken(provider, claims, _securityOptions.Value, _apiOptions.Value);
return Ok(new
{
AccessToken = token
});
}
return Unauthorized();
}
public async Task <IActionResult> Token(string username, string password)
{
if (string.IsNullOrWhiteSpace(username) || string.IsNullOrEmpty(password))
{
return(Fail("Недопустимый логин или пароль."));
}
var identity = await _accountService.GetIdentityAsync(username, password);
if (identity == null)
{
return(Fail("Неверный логин или пароль."));
}
var jwt = JwtSecurity.CreateToken(identity.Claims);
var accessToken = new JwtSecurityTokenHandler().WriteToken(jwt);
return(Success(new { accessToken, username }));
}
public async Task <IActionResult> IssueToken([FromBody] BearerTokenRequest model)
{
if (!Debugger.IsAttached)
{
return(NotImplemented());
}
#if DEBUG
var superUser = _securityOptions.Value.SuperUser;
if (!superUser.Enabled)
{
return(NotFound());
}
if (!ValidModelState(out var error))
{
return(error);
}
bool isSuperUser;
switch (model.IdentityType)
{
case IdentityType.Username:
isSuperUser = superUser.Username == model.Identity;
if (!isSuperUser)
{
return(NotFound());
}
break;
case IdentityType.Email:
isSuperUser = superUser.Email == model.Identity;
if (!isSuperUser)
{
return(NotFound());
}
break;
case IdentityType.PhoneNumber:
isSuperUser = superUser.PhoneNumber == model.Identity;
if (!isSuperUser)
{
return(NotFound());
}
break;
default:
throw new ArgumentOutOfRangeException();
}
var encoding = Encoding.UTF8;
if (Crypto.ConstantTimeEquals(encoding.GetBytes(model.Password), encoding.GetBytes(_securityOptions.Value.SuperUser.Password)))
{
Debug.Assert(nameof(IUserIdProvider.Id) == nameof(IObject.Id));
var claims = new List <Claim>
{
new Claim(ClaimTypes.Role, nameof(SecurityOptions.SuperUser))
};
var provider = new { Id = "87BA0A16-7253-4A6F-A8D4-82DFA1F723C1" }.ActLike <IUserIdProvider>();
var token = JwtSecurity.CreateToken(provider, claims, _securityOptions.Value, _apiOptions.Value);
return(Ok(new { AccessToken = token }));
}
return(Unauthorized());
#endif
return(NotImplemented());
}