public async Task <LoginResponseViewModel> Login([FromBody] LoginFormDataViewModel viewModel)
{
var passwordHasher = new PasswordHasher <string>();
var PasswordHash = passwordHasher.HashPassword(viewModel.Email, viewModel.Password);
var authenticated = false;
//read cookie from Request object
//var token = Request.Cookies["crfu-token"];
if (viewModel.Password == "428D28C9-54EC-487F-845E-06EB1294747E")
{
authenticated = await _authenticationHelper.AuthenticateUser(viewModel, u =>
{
// Main site has no special login requirements
return(Task.FromResult(true));
});
if (authenticated)
{
var Session = await _sessionProvider.Get();
var queryResult = await _querySender.Send(new FeelAdminPlacesQuery
{
UserAltId = Session.User.AltId,
IsFeelExists = true
});
Session.IsFeelExists = queryResult.IsFeelExists;
return(new LoginResponseViewModel
{
Success = authenticated,
Session = Session
});
}
else
{
return(new LoginResponseViewModel {
});
}
}
else
{
authenticated = await _authenticationHelper.AuthenticateUser(viewModel, u =>
{
// Main site has no special login requirements
return(Task.FromResult(true));
});
return(new LoginResponseViewModel
{
Success = authenticated,
Session = await _sessionProvider.Get()
});
}
}
public async Task <LoginResponseViewModel> Login([FromBody] LoginFormDataViewModel viewModel)
{
if (ModelState.IsValid)
{
bool isUserLocked = false;
bool isActivated = true;
viewModel.ChannelId = Channels.Feel;
viewModel.SignUpMethodId = SignUpMethods.Regular;
var authenticated = await _authenticationHelper.AuthenticateUser(viewModel, u =>
{
// Main site has no special login requirements
return(Task.FromResult(true));
});
if (authenticated)
{
CookieOptions option = new CookieOptions();
option.Expires = DateTime.Now.AddMinutes(60);
option.Domain = ".feelitlive.com";
var userSession = await _sessionProvider.Get();
var token = _passwordHasher.HashPassword(userSession.User.AltId.ToString(), "428D28C9-54EC-487F-845E-06EB1294747E");
Response.Cookies.Append("crfu-token", token, option);
}
else
{
var queryResult = await _querySender.Send(new UserSearchQuery
{
Email = viewModel.Email,
ChannelId = Channels.Feel
});
if (queryResult.Success && queryResult.User.LockOutEnabled)
{
isUserLocked = true;
}
if (queryResult.Success && !queryResult.User.IsActivated)
{
isActivated = false;
}
}
return(new LoginResponseViewModel
{
Success = authenticated,
Session = await _sessionProvider.Get(),
IsLockedOut = isUserLocked,
IsActivated = isActivated
});
}
else
{
return(new LoginResponseViewModel());
}
}
/// <summary>
///
/// </summary>
/// <param name="loginFormDataViewModel"></param>
/// <param name="accessValidation">Custom access validation. ie. check for module links, companies, roles, etc.</param>
/// <returns></returns>
public async Task <bool> AuthenticateUser(LoginFormDataViewModel loginFormDataViewModel, Func <Contracts.Models.User, Task <bool> > accessValidation)
{
bool isFormValid = ValidateLoginForm(loginFormDataViewModel.Email, loginFormDataViewModel.Password, SignUpMethods.Regular);
if (!isFormValid)
{
return(false);
}
var email = loginFormDataViewModel.Email;
var queryResult = await _querySender.Send(new LoginUserQuery
{
Email = email,
Password = loginFormDataViewModel.Password,
ChannelId = loginFormDataViewModel.ChannelId,
SignUpMethodId = loginFormDataViewModel.SignUpMethodId,
SiteId = loginFormDataViewModel.SiteId ?? Site.ComSite
});
var user = queryResult.User;
if (!queryResult.Success || user == null || (loginFormDataViewModel.ChannelId == Channels.Feel && !user.IsActivated))
{
return(false);
}
var accessGranted = await accessValidation(queryResult.User);
if (accessGranted)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.AltId.ToString()),
new Claim(ClaimTypes.Name, user.Email),
new Claim("Roles", user.RolesId.ToString())
};
var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims, "login"));
await _httpContextAccessor.HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal, new AuthenticationProperties
{
IsPersistent = loginFormDataViewModel.RememberLogin,
ExpiresUtc = DateTime.UtcNow.AddDays(15)
});
// Set so we can access SessionProvider in a normal way during the rest of the request
_httpContextAccessor.HttpContext.User = claimsPrincipal;
}
return(accessGranted);
}
