public async Task <IActionResult> Post(
[FromBody] AuthenticateUser command,
[FromServices] IJwtService tokenService)
{
if (command == null)
{
return(UnprocessableEntity());
}
//TODO implementar busca de usuário por email
User user = await _userRepository.FindAsNoTrackingAsync(x => x.Email == command.Email);
//User user = await _userRepository.FindFromLoginAsync(command.Email, command.Password);
var result = new AuthenticatedUserResult();
result.SessionUser = new SessionUser(
id: user.Id,
email: user.Email,
name: user.Name,
profile: user.UserProfile
);
tokenService.Generate(result.SessionUser.Identity, ref result);
return(Ok(result));
}
public async Task <ActionResult> RequestToken([FromBody] TokenRequest request)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var authenticateResult = await authService.IsAuthenticated(request);
if (authenticateResult.Success)
{
var result = new AuthenticatedUserResult()
{
Success = true,
Message = ControllerMessages.StatusCode200(authenticateResult.Message),
User = authenticateResult.User,
Token = authenticateResult.Token
};
return(Ok(result));
}
else if (authenticateResult.Message.Equals(AppsMessages.AppDeactivatedMessage))
{
return(NotFound(ControllerMessages.StatusCode404(authenticateResult.Message)));
}
else if (authenticateResult.Message.Equals(AppsMessages.UserIsNotARegisteredUserOfThisAppMessage))
{
return(NotFound(ControllerMessages.StatusCode404(authenticateResult.Message)));
}
else
{
var result = await userManagementService
.ConfirmAuthenticationIssue(request.UserName, request.Password);
if (result == UserAuthenticationErrorType.USERNAMEINVALID)
{
return(BadRequest(ControllerMessages.StatusCode400("No User Has This User Name")));
}
else if (result == UserAuthenticationErrorType.PASSWORDINVALID)
{
return(BadRequest(ControllerMessages.StatusCode400("Password Invalid")));
}
else
{
return(BadRequest(ControllerMessages.StatusCode400("Bad Request")));
}
}
}
public async Task <IAuthenticatedUserResult> IsAuthenticated(ITokenRequest request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
var result = new AuthenticatedUserResult();
var validateUserTask = userManagementService.IsValidUser(request.UserName, request.Password);
validateUserTask.Wait();
if (!validateUserTask.Result)
{
result.Success = false;
result.Message = UsersMessages.UserNotFoundMessage;
return(result);
}
var user = (User)(await usersRepository.GetByUserName(request.UserName, true)).Object;
var app = (App)(await appsRepository.GetByLicense(request.License)).Object;
if (!app.IsActive)
{
result.Success = false;
result.Message = AppsMessages.AppDeactivatedMessage;
return(result);
}
if (!app.PermitCollectiveLogins && !app.Users.Any(ua => ua.UserId == user.Id))
{
result.Success = false;
result.Message = AppsMessages.UserIsNotARegisteredUserOfThisAppMessage;
return(result);
}
var appAdmins = (await appAdminsRepository.GetAll()).Objects.ConvertAll(aa => (AppAdmin)aa);
if (!user.IsSuperUser)
{
if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.ADMIN))
{
if (!appAdmins.Any(aa => aa.AppId == app.Id && aa.UserId == user.Id && aa.IsActive))
{
var adminRole = user
.Roles
.FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.ADMIN);
user.Roles.Remove(adminRole);
}
}
}
else
{
if (!app.PermitSuperUserAccess)
{
if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.SUPERUSER))
{
var superUserRole = user
.Roles
.FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.SUPERUSER);
user.Roles.Remove(superUserRole);
}
if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.ADMIN))
{
var adminRole = user
.Roles
.FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.ADMIN);
user.Roles.Remove(adminRole);
}
}
}
result.User.UpdateWithUserInfo(user);
var claim = new List <Claim> {
new Claim(ClaimTypes.Name, request.UserName)
};
foreach (var role in user.Roles)
{
var r = (Role)(await rolesRepository.GetById(role.Role.Id)).Object;
claim.Add(new Claim(ClaimTypes.Role, r.RoleLevel.ToString()));
}
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenManagement.Secret));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
DateTime expirationLimit;
if (app.TimeFrame == TimeFrame.SECONDS)
{
expirationLimit = DateTime.UtcNow.AddSeconds(app.AccessDuration);
}
else if (app.TimeFrame == TimeFrame.MINUTES)
{
expirationLimit = DateTime.UtcNow.AddMinutes(app.AccessDuration);
}
else if (app.TimeFrame == TimeFrame.HOURS)
{
expirationLimit = DateTime.UtcNow.AddHours(app.AccessDuration);
}
else if (app.TimeFrame == TimeFrame.DAYS)
{
expirationLimit = DateTime.UtcNow.AddDays(app.AccessDuration);
}
else
{
expirationLimit = DateTime.UtcNow.AddMonths(app.AccessDuration);
}
var jwtToken = new JwtSecurityToken(
tokenManagement.Issuer,
tokenManagement.Audience,
claim.ToArray(),
notBefore: DateTime.UtcNow,
expires: expirationLimit,
signingCredentials: credentials
);
result.Token = new JwtSecurityTokenHandler().WriteToken(jwtToken);
result.Success = true;
result.Message = UsersMessages.UserFoundMessage;
return(result);
}
