public async Task <AuthenticationResult> Handle(AuthenticateCommand request, CancellationToken cancellationToken)
        {
            UserDto user = await _authenticateQueries.GetUserByLoginAsync(request.Login);

            if (user == null)
            {
                return(new AuthenticationResult("Incorrect login or password"));
            }

            if (!user.IsActive)
            {
                return(new AuthenticationResult("User is not active"));
            }

            if (!_passwordManager.VerifyPassword(user.Password, request.Password))
            {
                return(new AuthenticationResult("Incorrect login or password"));
            }

            user.Claims ??= new List <Claim>();
            // TODO: Understand why do we need to add the following in the claims
            //user.Claims.Add(new Claim(CustomClaimTypes.Name, user.Name));
            //user.Claims.Add(new Claim(CustomClaimTypes.Email, user.Email));

            return(new AuthenticationResult(user));
        }
Ejemplo n.º 2
0
        public User ValidateLogin(LoginCredentialsForm credentials)
        {
            var storedUser = _userRepository.GetFromUsername(credentials.Username);

            if (storedUser != null && _passwordManager.VerifyPassword(storedUser, credentials))
            {
                return(storedUser);
            }

            return(null);
        }
Ejemplo n.º 3
0
        private ServiceResult AuthUser(AppUser user, string password)
        {
            if (user == null)
            {
                return(ServiceResultFactory.BadRequestResult(nameof(AuthenticateAsync), "Username was not found."));
            }

            var success = _passwordManager.VerifyPassword(password, user.PasswordHash, user.PasswordSalt);

            if (success == false)
            {
                return(ServiceResultFactory.BadRequestResult(nameof(AuthenticateAsync), "Password is wrong."));
            }

            return(ServiceResultFactory.SuccessResult(user));
        }
Ejemplo n.º 4
0
        public async Task <TokenDTO> Handle(LoginUserQuery query, CancellationToken cancellationToken)
        {
            User user = await userRepository.GetByEmail(query.Email);

            if (user == null)
            {
                throw new AppException(ErrorCode.NotFound);
            }

            if (!passwordManager.VerifyPassword(query.Password, user.PasswordHash, user.Salt))
            {
                throw new AppException(ErrorCode.InvalidPassword);
            }

            var token = tokenManager.GenerateToken(user.Id, user.Email);

            return(new TokenDTO(token, user.FirstName, user.LastName, user.Image));
        }
        public async Task <IActionResult> CreateToken([FromBody] CredentialModel model)
        {
            try
            {
                var user = await _userRepository.Get(model.Username);

                if (user == null)
                {
                    return(Unauthorized());
                }
                if (!await _passwordManager.VerifyPassword(user.Id, model.Password))
                {
                    return(Unauthorized());
                }

                var claims = await _authManager.GetAllClaims(user);

                var signingCredentials = _authManager.GetSigningCredentials();

                int validForDurationMinutes = 15;
                int.TryParse(_configuration[Constants.TokenDurationMinutes], out validForDurationMinutes);

                var token = _authManager.CreateToken(claims, validForDurationMinutes, signingCredentials);

                // Update User Last login time for audit
                await _userRepository.UpdateLastLogin(user.Id);

                return(Ok(new
                {
                    token = new JwtSecurityTokenHandler().WriteToken(token),
                    expiration = token.ValidTo
                }));
            }
            catch (Exception ex)
            {
                _logger.Error(ex, $"Exception thrown while creating JWT: {ex}");
            }
            return(BadRequest("Failed to create token"));
        }