public IActionResult Authenticate([FromBody] AuthenticateDTO model)
{
var user = _userService.Authenticate(model.Username, model.Password);
if (user == null)
{
return(BadRequest(new { message = "Username or password is incorrect" }));
}
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
// return basic user info and authentication token
return(Ok(new
{
Id = user.Id,
Username = user.Username,
FirstName = user.FirstName,
LastName = user.LastName,
Token = tokenString
}));
}
public IActionResult Authenticate([FromBody] AuthenticateDTO usuarioDTO)
{
var usuarioModel = _mapper.Map <AuthenticateModel>(usuarioDTO);
var usuario = _userService.Authenticate(usuarioModel.Username, usuarioModel.Password);
if (usuario == null)
{
return(BadRequest(new { message = "Usuario y/o contraseña incorectos" }));
}
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, usuario.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
// Se retorna la informacion del usuario y su token
return(Ok(new
{
Id = usuario.Id,
Username = usuario.Username,
Token = tokenString
}));
}
public AuthenticateTokenDTO AuthenticateUser(AuthenticateDTO authenticateDTO)
{
if (string.IsNullOrWhiteSpace(authenticateDTO.EmailId) || string.IsNullOrWhiteSpace(authenticateDTO.Password))
{
throw new Exception("Invalid user name or password.");
}
var result = UnitOfWork.UserRepository.AuthenticateUser(authenticateDTO.EmailId, authenticateDTO.Password);
if (result == null)
{
return(null);
}
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, result.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(1),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
AuthenticateTokenDTO authenticateTokenDTO = new AuthenticateTokenDTO
{
UserName = result.FirstName + " " + result.LastName,
Token = tokenHandler.WriteToken(token)
};
return(authenticateTokenDTO);
}
private async Task <TokenViewModel> GetToken(AuthenticateDTO authenticateDTO)
{
var token = new TokenViewModel();
using (var httpClient = new HttpClient())
{
var url = _authSettings.ClientsConnections.RunInDocker ? _authSettings.ClientsConnections.UrlApi1Docker : _authSettings.ClientsConnections.UrlApi1;
using (var request = new HttpRequestMessage(new HttpMethod("POST"), $"{url}/api/Authenticate"))
{
request.Headers.TryAddWithoutValidation("accept", "application/json");
request.Content = new StringContent(JsonConvert.SerializeObject(authenticateDTO));
request.Content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json");
var response = await httpClient.SendAsync(request);
if (response.IsSuccessStatusCode)
{
token = JsonConvert.DeserializeObject <TokenViewModel>(response.Content.ReadAsStringAsync().Result);
}
}
}
return(token);
}
public async Task <TokenViewModel> AuthenticateAsync(AuthenticateDTO authDTO)
{
var authValidator = new AuthenticateValidator(_authSettings);
await authValidator.ValidateAndThrowAsync(authDTO);
return(_tokenService.GenerateTokenAuthentication());
}
public async Task <IActionResult> Authenticate([FromBody] AuthenticateDTO model)
{
var user = await _userService.Authenticate(model.UserName, model.Password);
if (user == null)
{
return(BadRequest(new { message = "Username or password is incorrect" }));
}
return(Ok(true));
}
public IActionResult Authenticate([FromBody] AuthenticateDTO model)
{
var user = _userRepository.Authenticate(model.Email, model.Password);
if (user == null)
{
return(BadRequest(new { message = "Username or password is incorrect!" }));
}
return(Ok(user));
}
public async Task <IActionResult> Login([FromBody] AuthenticateDTO data)
{
return(await TryCatchLogAsync(async() =>
{
var modelErrors = GetModelErrorsOrNull();
if (modelErrors.IsNotNull())
{
Logger.WriteLog(LogLevel.Warning, GetUser().CreateContainer(data, GetRequestId()), null,
(o, e) => $"AuthenticateDTO не валидна.\n {o.Object.JsonSerialize()}",
"AuthenticationController.Login");
return GetBadResult(modelErrors);
}
var claims = new List <Claim>
{
new Claim(ClaimsIdentity.DefaultNameClaimType, data.Name),
new Claim(AuthenticationHelper.FingerPrintClaimType, data.FingerPrint)
};
ClaimsIdentity id = new ClaimsIdentity(claims, "ApplicationCookie", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(id));
var userContext = await Builder.GetUserStateActions.GetAsync(data.Name, data.FingerPrint);
if (userContext.IsNotNull())
{
userContext.LoginTime = DateTime.Now;
await DBContext.SaveChangesAsync();
}
else
{
await Builder.GetUserStateActions.AddAsync(new UserState()
{
Ip = GetUser().Ip,
FingerPrint = data.FingerPrint,
Name = data.Name,
LoginTime = DateTime.Now
});
}
Logger.WriteLog(LogLevel.Information, GetUser().CreateContainer(data, GetRequestId()), null,
(o, e) => $"Успешная аутентификация.\n {o.Object.JsonSerialize()}",
"AuthenticationController.Login");
return Ok();
}));
}
public async Task <ActionResult <TokenDTO> > Authenticate([FromBody] AuthenticateDTO userParam)
{
(DetailedUserDTO userDTO, string token) = await _userRepository.Authenticate(userParam.Email, userParam.Password);
if (token == null || userDTO == null)
{
return(BadRequest("Username or password is incorrect"));
}
return(new TokenDTO
{
Token = token,
UserDTO = userDTO
});
}
public IActionResult AuthenticateUser(AuthenticateDTO authenticateDTO)
{
try
{
var result = user.AuthenticateUser(authenticateDTO);
if (result == null)
{
return(BadRequest("User login or password is incorrect."));
}
return(Ok(result));
}
catch (Exception ex)
{
return(NotFound(ex.Message));
}
}
public async Task <IActionResult> Authenticate([FromBody] AuthenticateDTO authDTO)
{
try
{
var result = await _authenticationService.AuthenticateAsync(authDTO);
return(Ok(result));
}
catch (ValidationException ex)
{
_logger.LogError(ex, "ValidationException");
return(BadRequest(_validationErrorService.FormatError(ex)));
}
catch (Exception ex)
{
_logger.LogError(ex, "Exception");
return(Problem(ex.Message));
}
}
public async Task Authenticate_given_wrong_Password_match_Returns_BadRequest_and_error_message()
{
var token = "verysecrettoken";
var id = 1;
var user = new User
{
Email = "test@Test",
Password = "******",
};
var dto = new AuthenticateDTO
{
Email = user.Email,
Password = "******",
};
var userDTO = new DetailedUserDTO
{
UserId = id,
Email = dto.Email,
UserRole = UserRoleEnum.Receiver.ToString(),
FirstName = "test",
SurName = "test"
};
var responseText = "Username or password is incorrect";
var repository = new Mock <IUserRepository>();
repository.Setup(s => s.Authenticate(user.Email, user.Password)).ReturnsAsync((userDTO, token));
var logger = new Mock <ILogger <UsersController> >();
var controller = new UsersController(repository.Object, logger.Object);
var authenticate = await controller.Authenticate(dto);
var result = authenticate.Result as BadRequestObjectResult;
Assert.IsType <BadRequestObjectResult>(authenticate.Result);
Assert.Equal(responseText, result.Value);
}
public ObjectResult Login([FromBody] LoginDTO dto)
{
try
{
AuthenticateDTO authenticate = _service.Authenticate(dto);
return(Ok(authenticate));
}
catch (InvalidUserException ex)
{
return(BadRequest(ex.ValidationResult));
}
catch (UserNotFoundException ex)
{
return(NotFound(ex.Message));
}
catch (Exception ex)
{
return(StatusCode(500, $"Ocorreu um erro inesperado: {ex.Message}"));
}
}
public async void Authenticate_ShouldReturnAuthenticatedToken()
{
//Arrange
var auth = new AuthenticateDTO()
{
User = "******", Password = "******"
};
_tokenService.GenerateTokenAuthentication()
.Returns(new TokenViewModel
{
Token = "Valid.Bearer.Token",
Authenticated = true,
Expiration = DateTime.Now.AddHours(3)
});
// Act
var token = await _sut.AuthenticateAsync(auth);
//Assert
Assert.NotNull(token);
Assert.True(token.Authenticated);
}
public async void Authenticate_ShouldReturnAuthenticationException_WhenCredentialsAreInvalids()
{
//Arrange
var auth = new AuthenticateDTO()
{
User = "******",
Password = "******"
};
// Act and Assert
var result = await Assert.ThrowsAsync <ValidationException>(async() => await _sut.AuthenticateAsync(auth));
var details = result.Errors
.Select(s => new Detail()
{
Code = s.ErrorCode,
Message = $"{s.PropertyName} {s.ErrorMessage}",
});
var total = details.Count();
Assert.Equal(1, total);
Assert.Equal("INVALID_CREDENCIALS", details.First().Code);
}
public async void Authenticate_ShouldReturnValidationException_WhenPasswordIsEmpty()
{
// Arrange
var auth = new AuthenticateDTO()
{
User = "******",
Password = string.Empty
};
// Act and Assert
var result = await Assert.ThrowsAsync <ValidationException>(async() => await _sut.AuthenticateAsync(auth));
var details = result.Errors
.Select(s => new Detail()
{
Code = s.ErrorCode,
Message = $"{s.PropertyName} {s.ErrorMessage}",
});
var total = details.Count();
Assert.Equal(1, total);
Assert.Equal("EMPTY_PASSWORD", details.First().Code);
}
public AuthenticateDTO Authenticate(LoginDTO dto)
{
if (!_validator.IsValidLoginDTO(dto))
{
throw new InvalidUserException(_validator.ValidationResult);
}
User user = _repository.FindByEmailAndPassword(dto.email, MD5Cryptography.GetHash(dto.password));
if (user == null)
{
throw new UserNotFoundException("Email e/ou senha inválidos!");
}
AuthenticateDTO authenticate = _mapper.Map <AuthenticateDTO>(user);
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(Settings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Email, authenticate.email),
new Claim(ClaimTypes.Role, authenticate.role)
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
authenticate.token = tokenHandler.WriteToken(token);
authenticate.expiresAt = tokenDescriptor.Expires;
return(authenticate);
}
public async Task Authenticate_given_valid_Email_and_Password_match_returns_authenticated_tuple()
{
var token = "verysecrettoken";
var id = 1;
var dto = new AuthenticateDTO
{
Email = "test@Test",
Password = "******",
};
var userDTO = new DetailedUserDTO
{
UserId = id,
Email = dto.Email,
UserRole = UserRoleEnum.Receiver.ToString(),
FirstName = "test",
SurName = "test"
};
var repository = new Mock <IUserRepository>();
repository.Setup(s => s.Authenticate(dto.Email, dto.Password)).ReturnsAsync((userDTO, token));
var logger = new Mock <ILogger <UsersController> >();
var controller = new UsersController(repository.Object, logger.Object);
var result = await controller.Authenticate(dto);
Assert.Equal("verysecrettoken", result.Value.Token);
Assert.Equal(userDTO.UserId, result.Value.UserDTO.UserId);
Assert.Equal(userDTO.Email, result.Value.UserDTO.Email);
Assert.Equal(userDTO.UserRole, result.Value.UserDTO.UserRole);
Assert.Equal(userDTO.FirstName, result.Value.UserDTO.FirstName);
Assert.Equal(userDTO.SurName, result.Value.UserDTO.SurName);
}
public HttpResponseMessage Authenticate(AuthenticateDTO auth)
{
setContentType();
var loginStatus = UserLoginStatus.LOGIN_FAILURE;
objUser = UserController.ValidateUser(auth.portalId, auth.username, auth.password, "DNN", string.Empty, PortalSettings.PortalName, AuthenticationLoginBase.GetIPAddress(), ref loginStatus);
if(loginStatus == UserLoginStatus.LOGIN_SUCCESS)
{
UserController.UserLogin(auth.portalId, objUser, PortalSettings.PortalName, AuthenticationLoginBase.GetIPAddress(), true);
FormsAuthenticationTicket authenticationTicket = new FormsAuthenticationTicket(1, objUser.Username, DateTime.Now, DateTime.Now.AddMinutes(30), true, objUser.Username, FormsAuthentication.FormsCookiePath);
var encryptedAuthTicket = FormsAuthentication.Encrypt(authenticationTicket);
var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedAuthTicket)
{
Expires = authenticationTicket.Expiration,
Domain = PortalSecurity.GetCookieDomain(objUser.PortalID),
Path = FormsAuthentication.FormsCookiePath,
Secure = FormsAuthentication.RequireSSL
};
return Request.CreateResponse(HttpStatusCode.OK, authCookie.Value, new MediaTypeHeaderValue(outputType));
}
return Request.CreateResponse(HttpStatusCode.OK, "success", new MediaTypeHeaderValue(outputType));
}
public IActionResult Authenticate(AuthenticateDTO model)
{
var result = _authorizationService.Authenticate(model.CommonServerName, model.Username, model.Password);
return(new OkObjectResult(result));
}
