public async Task <ActionResult> ConfirmEmail([FromQuery] string Email, [FromQuery] string Token) { //1. Get User by email User user = GetUserByEmail(Email); if (user == null) { return(BadRequest("User is not register")); } //2. Decrypt the token and get expriry date var decryptedValue = CryptograpyHelper.Decrypt(Email, user.Salt, Token); var urlExpiryDateTime = DateTime.ParseExact(decryptedValue, "yyyyMMddHHmmss", CultureInfo.InvariantCulture); var isUrlValid = urlExpiryDateTime > DateTime.UtcNow ? true : false; if (!isUrlValid) { return(BadRequest("Email confirmation url is expired")); } var updatedFlagStatus = await UpdateEmailConfirmationFlag(user); return(Ok("Updated successfully")); }
public ActionResult Login([FromBody] LoginRequest request) { //2. Get user using email var user = GetUserByEmail(request.Email); if (user == null) { return(BadRequest("Email is not registered")); } if (!user.EmailConfirmed) { return(BadRequest("Email is not confirmed")); } //3. Encrypt password using salt s var encryptedPassword = HashPasswordWithSalt(Encoding.UTF8.GetBytes(request.Password), Convert.FromBase64String(user.Salt)); var base64Password = Convert.ToBase64String(encryptedPassword); //4. match with existing password; if matches then generate access token else bad request if (base64Password == user.Password) { //Serialize JSON object :ExpiryDateTime and UserId var LoginRes = new LoginResponse(); var stringObj = Newtonsoft.Json.JsonConvert.SerializeObject( new { ExpiryDate = DateTime.UtcNow.AddDays(1).ToString("yyyyMMddHHmmss"), UserId = user.UserId }); //Hard coded guid as MAchine key in app setting :To Do : replace it with server machine key; var machineKey = _configuration.GetValue <string>("MachineKey"); var bytesMachineKey = Encoding.UTF8.GetBytes(machineKey); var accessToken = CryptograpyHelper.Encrypt(user.Email, Convert.ToBase64String(bytesMachineKey), stringObj); // var decrypt = CryptograpyHelper.Decrypt(user.Email, Convert.ToBase64String(bytesMachineKey), accessToken); //return LoginResponse object :with Acess Token and expiry date var response = new LoginResponse { AccessToken = accessToken, ExpiryDateTime = DateTime.UtcNow.AddDays(1).ToString() }; return(Ok(response)); } return(Unauthorized("Not Authorized to login")); }
private string GenerateEmailConfirmationURl(int userId) { User user = GetUser(userId); var encryptToken = ""; if (user != null) { encryptToken = CryptograpyHelper.Encrypt(user.Email, user.Salt, DateTime.UtcNow.AddDays(1).ToString("yyyyMMddHHmmss")); } var baseUrl = _configuration.GetValue <string>("AppBaseUrl"); var EmailConfirmUrl = baseUrl + "/api/Users/ConfirmEmail?Email=" + user.Email + "&Token=" + encryptToken; return(EmailConfirmUrl); }