public async Task <ActionResult> ConfirmEmail([FromQuery] string Email, [FromQuery] string Token)
{
//1. Get User by email
User user = GetUserByEmail(Email);
if (user == null)
{
return(BadRequest("User is not register"));
}
//2. Decrypt the token and get expriry date
var decryptedValue = CryptograpyHelper.Decrypt(Email, user.Salt, Token);
var urlExpiryDateTime = DateTime.ParseExact(decryptedValue, "yyyyMMddHHmmss", CultureInfo.InvariantCulture);
var isUrlValid = urlExpiryDateTime > DateTime.UtcNow ? true : false;
if (!isUrlValid)
{
return(BadRequest("Email confirmation url is expired"));
}
var updatedFlagStatus = await UpdateEmailConfirmationFlag(user);
return(Ok("Updated successfully"));
}
public ActionResult Login([FromBody] LoginRequest request)
{
//2. Get user using email
var user = GetUserByEmail(request.Email);
if (user == null)
{
return(BadRequest("Email is not registered"));
}
if (!user.EmailConfirmed)
{
return(BadRequest("Email is not confirmed"));
}
//3. Encrypt password using salt s
var encryptedPassword = HashPasswordWithSalt(Encoding.UTF8.GetBytes(request.Password),
Convert.FromBase64String(user.Salt));
var base64Password = Convert.ToBase64String(encryptedPassword);
//4. match with existing password; if matches then generate access token else bad request
if (base64Password == user.Password)
{
//Serialize JSON object :ExpiryDateTime and UserId
var LoginRes = new LoginResponse();
var stringObj = Newtonsoft.Json.JsonConvert.SerializeObject(
new
{
ExpiryDate = DateTime.UtcNow.AddDays(1).ToString("yyyyMMddHHmmss"),
UserId = user.UserId
});
//Hard coded guid as MAchine key in app setting :To Do : replace it with server machine key;
var machineKey = _configuration.GetValue <string>("MachineKey");
var bytesMachineKey = Encoding.UTF8.GetBytes(machineKey);
var accessToken = CryptograpyHelper.Encrypt(user.Email, Convert.ToBase64String(bytesMachineKey), stringObj);
// var decrypt = CryptograpyHelper.Decrypt(user.Email, Convert.ToBase64String(bytesMachineKey), accessToken);
//return LoginResponse object :with Acess Token and expiry date
var response = new LoginResponse
{
AccessToken = accessToken,
ExpiryDateTime = DateTime.UtcNow.AddDays(1).ToString()
};
return(Ok(response));
}
return(Unauthorized("Not Authorized to login"));
}
private string GenerateEmailConfirmationURl(int userId)
{
User user = GetUser(userId);
var encryptToken = "";
if (user != null)
{
encryptToken = CryptograpyHelper.Encrypt(user.Email, user.Salt,
DateTime.UtcNow.AddDays(1).ToString("yyyyMMddHHmmss"));
}
var baseUrl = _configuration.GetValue <string>("AppBaseUrl");
var EmailConfirmUrl = baseUrl + "/api/Users/ConfirmEmail?Email=" + user.Email + "&Token=" + encryptToken;
return(EmailConfirmUrl);
}
