public ActionResult <AuthResultModel> Post([FromBody] AuthRequestModel model)
{
User user = _userRepository.GetUserByLogin(model.Login);
if (user == null)
{
return(Unauthorized("User does not exist"));
}
if (_userRepository.Login(model.Login, model.Password))
{
var result = new AuthResultModel()
{
Success = true
};
var token = TokenSecurity.GenerateJwt(model.Login);
result.Token = new JwtSecurityTokenHandler().WriteToken(token);
result.Expiration = token.ValidTo;
result.Name = $"{user.Firstname} {user.Lastname}";
result.Roles = user.Roles.Select(o => o.RoleId.ToString()).ToArray();
result.UserId = user.Id;
return(Created("", result));
}
return(Unauthorized("Wrong login or password"));
}
public void ApplyingSecurity_SetsAuthorizationHeader_ToTokenSecurity()
{
// Arrange
const string Token = "Test1234";
var tokenSec = new TokenSecurity(Token);
var request = new HttpRequestMessage();
// Act
tokenSec.ApplySecurity(request);
var actualAuthorizationHeader = request.Headers.Authorization;
// Assert
Assert.IsNotNull(actualAuthorizationHeader);
Assert.IsNull(actualAuthorizationHeader.Parameter);
Assert.AreEqual(Token, actualAuthorizationHeader.Scheme);
}
public ActionResult <AuthResultModel> Post([FromBody] AuthRequestModel model)
{
// NEVER DO THIS, JUST SHOWING THE EXAMPLE
if (model.Username == "*****@*****.**" &&
model.Password == "P@ssw0rd!")
{
var result = new AuthResultModel()
{
Success = true
};
// Never do this either, hardcoded strings
var token = TokenSecurity.GenerateJwt(model.Username);
result.Token = new JwtSecurityTokenHandler().WriteToken(token);
result.Expiration = token.ValidTo;
return(Created("", result));
}
return(BadRequest("Unknown failure"));
}
