public async Task <IActionResult> Post( [FromBody] AuthenticateUser command, [FromServices] IJwtService tokenService) { if (command == null) { return(UnprocessableEntity()); } //TODO implementar busca de usuário por email User user = await _userRepository.FindAsNoTrackingAsync(x => x.Email == command.Email); //User user = await _userRepository.FindFromLoginAsync(command.Email, command.Password); var result = new AuthenticatedUserResult(); result.SessionUser = new SessionUser( id: user.Id, email: user.Email, name: user.Name, profile: user.UserProfile ); tokenService.Generate(result.SessionUser.Identity, ref result); return(Ok(result)); }
public async Task <ActionResult> RequestToken([FromBody] TokenRequest request) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var authenticateResult = await authService.IsAuthenticated(request); if (authenticateResult.Success) { var result = new AuthenticatedUserResult() { Success = true, Message = ControllerMessages.StatusCode200(authenticateResult.Message), User = authenticateResult.User, Token = authenticateResult.Token }; return(Ok(result)); } else if (authenticateResult.Message.Equals(AppsMessages.AppDeactivatedMessage)) { return(NotFound(ControllerMessages.StatusCode404(authenticateResult.Message))); } else if (authenticateResult.Message.Equals(AppsMessages.UserIsNotARegisteredUserOfThisAppMessage)) { return(NotFound(ControllerMessages.StatusCode404(authenticateResult.Message))); } else { var result = await userManagementService .ConfirmAuthenticationIssue(request.UserName, request.Password); if (result == UserAuthenticationErrorType.USERNAMEINVALID) { return(BadRequest(ControllerMessages.StatusCode400("No User Has This User Name"))); } else if (result == UserAuthenticationErrorType.PASSWORDINVALID) { return(BadRequest(ControllerMessages.StatusCode400("Password Invalid"))); } else { return(BadRequest(ControllerMessages.StatusCode400("Bad Request"))); } } }
public async Task <IAuthenticatedUserResult> IsAuthenticated(ITokenRequest request) { if (request == null) { throw new ArgumentNullException(nameof(request)); } var result = new AuthenticatedUserResult(); var validateUserTask = userManagementService.IsValidUser(request.UserName, request.Password); validateUserTask.Wait(); if (!validateUserTask.Result) { result.Success = false; result.Message = UsersMessages.UserNotFoundMessage; return(result); } var user = (User)(await usersRepository.GetByUserName(request.UserName, true)).Object; var app = (App)(await appsRepository.GetByLicense(request.License)).Object; if (!app.IsActive) { result.Success = false; result.Message = AppsMessages.AppDeactivatedMessage; return(result); } if (!app.PermitCollectiveLogins && !app.Users.Any(ua => ua.UserId == user.Id)) { result.Success = false; result.Message = AppsMessages.UserIsNotARegisteredUserOfThisAppMessage; return(result); } var appAdmins = (await appAdminsRepository.GetAll()).Objects.ConvertAll(aa => (AppAdmin)aa); if (!user.IsSuperUser) { if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.ADMIN)) { if (!appAdmins.Any(aa => aa.AppId == app.Id && aa.UserId == user.Id && aa.IsActive)) { var adminRole = user .Roles .FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.ADMIN); user.Roles.Remove(adminRole); } } } else { if (!app.PermitSuperUserAccess) { if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.SUPERUSER)) { var superUserRole = user .Roles .FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.SUPERUSER); user.Roles.Remove(superUserRole); } if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.ADMIN)) { var adminRole = user .Roles .FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.ADMIN); user.Roles.Remove(adminRole); } } } result.User.UpdateWithUserInfo(user); var claim = new List <Claim> { new Claim(ClaimTypes.Name, request.UserName) }; foreach (var role in user.Roles) { var r = (Role)(await rolesRepository.GetById(role.Role.Id)).Object; claim.Add(new Claim(ClaimTypes.Role, r.RoleLevel.ToString())); } var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenManagement.Secret)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); DateTime expirationLimit; if (app.TimeFrame == TimeFrame.SECONDS) { expirationLimit = DateTime.UtcNow.AddSeconds(app.AccessDuration); } else if (app.TimeFrame == TimeFrame.MINUTES) { expirationLimit = DateTime.UtcNow.AddMinutes(app.AccessDuration); } else if (app.TimeFrame == TimeFrame.HOURS) { expirationLimit = DateTime.UtcNow.AddHours(app.AccessDuration); } else if (app.TimeFrame == TimeFrame.DAYS) { expirationLimit = DateTime.UtcNow.AddDays(app.AccessDuration); } else { expirationLimit = DateTime.UtcNow.AddMonths(app.AccessDuration); } var jwtToken = new JwtSecurityToken( tokenManagement.Issuer, tokenManagement.Audience, claim.ToArray(), notBefore: DateTime.UtcNow, expires: expirationLimit, signingCredentials: credentials ); result.Token = new JwtSecurityTokenHandler().WriteToken(jwtToken); result.Success = true; result.Message = UsersMessages.UserFoundMessage; return(result); }