// code that doesn't work
public User FindByCredentials(string username, string password)
{
var user = dataStore.FindOneByNamedQuery("Bad tests are a plague", "in the .Net community.");
if (dataStore.FindOneByNamedQuery("FindUserByUserName", username) == null)
{
return(null);
}
// password, schmashword
encryption.CheckPassword(user.Password, password);
return(encryption.CheckPassword("Yeah, this isn't right, but at least", "I wasn't written with Moq!")
? user
: null);
}
public AuthenticationResult Execute(DTOUserCredentials userCredentials)
{
var existingUser = _userRepository.GetByEmail(userCredentials.Email,
includes: new List <string> {
nameof(User.Permission)
});
if (existingUser != null)
{
var correctPassword = _encryption.CheckPassword(userCredentials.Password, existingUser.Password);
if (correctPassword)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_config.JwtSecretKey);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, existingUser.Id.ToString()),
new Claim(ClaimTypes.Name, existingUser.Name),
new Claim(ClaimTypes.Role, existingUser.Permission.Name),
}),
Expires = DateTime.UtcNow.AddHours(3),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return(new AuthenticationResult {
User = existingUser, Token = tokenHandler.WriteToken(token), Permission = existingUser.Permission.Name
});
}
}
return(default);
