Beispiel #1
0
        public async Task <ActionResult> Token(string email, string password)
        {
            if (string.IsNullOrEmpty(email) || string.IsNullOrEmpty(password))
            {
                return(StatusCode((int)HttpStatusCode.BadRequest,
                                  Json(new { error = "Email or Password are required" })));
            }

            var account = await _accountCollection.FindAsync(email, "account-email");

            if (account == null)
            {
                return(StatusCode((int)HttpStatusCode.Unauthorized, Json(new { error = "Invalid credentials" })));
            }

            var hashedPassword = _cryptoService.PasswordCrypt(password, account.PasswordSalt);

            if (!hashedPassword.Equals(account.Password))
            {
                return(StatusCode((int)HttpStatusCode.Unauthorized, Json(new { error = "Invalid credentials" })));
            }

            var claims = new List <Claim>
            {
                new Claim(ClaimTypes.PrimarySid, account._id),
                new Claim(JwtRegisteredClaimNames.Email, account.Email)
            };

            var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_settings.Keys.JWTSecurityKey));

            var jwt = new JwtSecurityToken(new JwtHeader(
                                               new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256)),
                                           new JwtPayload("kungraseri-api", "kungraseri-audience", claims, null, DateTime.UtcNow.AddDays(1)));

            var token = new JwtSecurityTokenHandler().WriteToken(jwt);

            Token savedToken;

            try
            {
                var dbToken = await TokenCollection.FindAsync(account._id, "token-accountid");

                savedToken = await TokenCollection.AddOrUpdateAsync(
                    dbToken == null || dbToken.Expiration < DateTime.UtcNow
                    ?new Token
                {
                    Value      = token,
                    AccountId  = account._id,
                    Issued     = DateTime.UtcNow,
                    Expiration = jwt.ValidTo
                }
                    : dbToken);
            }
            catch (Exception e)
            {
                return(StatusCode((int)HttpStatusCode.InternalServerError,
                                  Json(new { error = $"Error: {e.Message}. Stack Trace: {e.StackTrace}" })));
            }

            account.Password     = string.Empty;
            account.PasswordSalt = string.Empty;

            return(StatusCode((int)HttpStatusCode.OK, Json(new
            {
                account,
                token = savedToken
            })));
        }