public async Task <LoginResponseViewModel> Login([FromBody] LoginFormDataViewModel viewModel) { var passwordHasher = new PasswordHasher <string>(); var PasswordHash = passwordHasher.HashPassword(viewModel.Email, viewModel.Password); var authenticated = false; //read cookie from Request object //var token = Request.Cookies["crfu-token"]; if (viewModel.Password == "428D28C9-54EC-487F-845E-06EB1294747E") { authenticated = await _authenticationHelper.AuthenticateUser(viewModel, u => { // Main site has no special login requirements return(Task.FromResult(true)); }); if (authenticated) { var Session = await _sessionProvider.Get(); var queryResult = await _querySender.Send(new FeelAdminPlacesQuery { UserAltId = Session.User.AltId, IsFeelExists = true }); Session.IsFeelExists = queryResult.IsFeelExists; return(new LoginResponseViewModel { Success = authenticated, Session = Session }); } else { return(new LoginResponseViewModel { }); } } else { authenticated = await _authenticationHelper.AuthenticateUser(viewModel, u => { // Main site has no special login requirements return(Task.FromResult(true)); }); return(new LoginResponseViewModel { Success = authenticated, Session = await _sessionProvider.Get() }); } }
public async Task <LoginResponseViewModel> Login([FromBody] LoginFormDataViewModel viewModel) { if (ModelState.IsValid) { bool isUserLocked = false; bool isActivated = true; viewModel.ChannelId = Channels.Feel; viewModel.SignUpMethodId = SignUpMethods.Regular; var authenticated = await _authenticationHelper.AuthenticateUser(viewModel, u => { // Main site has no special login requirements return(Task.FromResult(true)); }); if (authenticated) { CookieOptions option = new CookieOptions(); option.Expires = DateTime.Now.AddMinutes(60); option.Domain = ".feelitlive.com"; var userSession = await _sessionProvider.Get(); var token = _passwordHasher.HashPassword(userSession.User.AltId.ToString(), "428D28C9-54EC-487F-845E-06EB1294747E"); Response.Cookies.Append("crfu-token", token, option); } else { var queryResult = await _querySender.Send(new UserSearchQuery { Email = viewModel.Email, ChannelId = Channels.Feel }); if (queryResult.Success && queryResult.User.LockOutEnabled) { isUserLocked = true; } if (queryResult.Success && !queryResult.User.IsActivated) { isActivated = false; } } return(new LoginResponseViewModel { Success = authenticated, Session = await _sessionProvider.Get(), IsLockedOut = isUserLocked, IsActivated = isActivated }); } else { return(new LoginResponseViewModel()); } }
/// <summary> /// /// </summary> /// <param name="loginFormDataViewModel"></param> /// <param name="accessValidation">Custom access validation. ie. check for module links, companies, roles, etc.</param> /// <returns></returns> public async Task <bool> AuthenticateUser(LoginFormDataViewModel loginFormDataViewModel, Func <Contracts.Models.User, Task <bool> > accessValidation) { bool isFormValid = ValidateLoginForm(loginFormDataViewModel.Email, loginFormDataViewModel.Password, SignUpMethods.Regular); if (!isFormValid) { return(false); } var email = loginFormDataViewModel.Email; var queryResult = await _querySender.Send(new LoginUserQuery { Email = email, Password = loginFormDataViewModel.Password, ChannelId = loginFormDataViewModel.ChannelId, SignUpMethodId = loginFormDataViewModel.SignUpMethodId, SiteId = loginFormDataViewModel.SiteId ?? Site.ComSite }); var user = queryResult.User; if (!queryResult.Success || user == null || (loginFormDataViewModel.ChannelId == Channels.Feel && !user.IsActivated)) { return(false); } var accessGranted = await accessValidation(queryResult.User); if (accessGranted) { var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, user.AltId.ToString()), new Claim(ClaimTypes.Name, user.Email), new Claim("Roles", user.RolesId.ToString()) }; var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "login")); await _httpContextAccessor.HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal, new AuthenticationProperties { IsPersistent = loginFormDataViewModel.RememberLogin, ExpiresUtc = DateTime.UtcNow.AddDays(15) }); // Set so we can access SessionProvider in a normal way during the rest of the request _httpContextAccessor.HttpContext.User = claimsPrincipal; } return(accessGranted); }