Ejemplo n.º 1
0
        private async Task <IActionResult> AuthoriseEmployee(string username, string password)
        {
            var employeeResult = await employees.FetchEmployeeByUsername(username).ConfigureAwait(false);

            if (employeeResult.IsFailure)
            {
                return(StatusCode(500));
            }

            var employee = employeeResult.Value;

            if (employee.HasNoValue)
            {
                return(Unauthorized());
            }

            if (!crypto.IsValid(password, employee.Value.PasswordHash))
            {
                return(Unauthorized());
            }

            var sessionToken = tokenUtil.GenerateToken();
            var refreshToken = tokenUtil.GenerateToken();

            var session = new EmployeeSession
            {
                AuthToken     = sessionToken,
                RefreshToken  = refreshToken,
                Expiry        = DateTime.UtcNow.AddMinutes(settings.Auth.AuthTokenValidityMinutes),
                RefreshExpiry = DateTime.UtcNow.AddMinutes(settings.Auth.RefreshTokenValidityMinutes),
                EmployeeId    = employee.Value.EmployeeId
            };

            var sessionId = await employeeSessions.CreateEmployeeSession(session).ConfigureAwait(false);

            if (sessionId.IsFailure)
            {
                return(StatusCode(500));
            }

            return(Ok(new DtoAuthoriseEmployeeResponse
            {
                AuthToken = session.AuthToken,
                RefreshToken = session.RefreshToken,
                Expiry = session.Expiry,
                RefreshExpiry = session.RefreshExpiry
            }));
        }
Ejemplo n.º 2
0
 public PasswordVerificationResult VerifyHashedPassword(Employee user, string hashedPassword, string providedPassword)
 {
     return(_cryptoHelper.IsValid(providedPassword, hashedPassword)
         ? PasswordVerificationResult.Success
         : PasswordVerificationResult.Failed);
 }