public async Task <bool> CheckPasswordAsync(ProfileModel model, string password)
{
try
{
var loggedUserId = GetLoggedInUserId();
var user = await _userManager.FindByIdAsync(loggedUserId);
if (user.UserName != _cookieSvc.Get("username") ||
user.UserName != model.Username)
{
return(false);
}
if (!await _userManager.CheckPasswordAsync(user, password))
{
return(false);
}
}
catch (Exception ex)
{
Log.Error("An error occurred in CheckPasswordAsync {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
return(true);
}
public async Task <IActionResult> Logout()
{
try
{
var userId = _cookieSvc.Get("user_id");
if (userId != null)
{
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
var protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var unprotectedToken = protector.Unprotect(userId);
var rt = _db.Tokens.FirstOrDefault(t => t.UserId == unprotectedToken);
// First remove the Token
if (rt != null)
{
_db.Tokens.Remove(rt);
}
await _db.SaveChangesAsync();
// Second remove all Cookies
_cookieSvc.DeleteAllCookies(cookiesToDelete);
}
}
catch (Exception ex)
{
_cookieSvc.DeleteAllCookies(cookiesToDelete);
Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
Log.Information("User logged out.");
return(RedirectToLocal(null));
}
public async Task <IActionResult> Logout()
{
try
{
var user_id = _cookieSvc.Get(User_Id);
if (user_id != null)
{
var protectProvider = _provider.GetService <IDataProtectionProvider>();
var protector = protectProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var unprotectedUserId = protector.Unprotect(user_id);
var refreshToken = _db.tokens.FirstOrDefault(t => t.UserId == unprotectedUserId);
if (refreshToken != null)
{
_db.tokens.Remove(refreshToken);
}
await _db.SaveChangesAsync();
_cookieSvc.DeleteAllCookies(cookiesToDelete);
}
}
catch (Exception ex)
{
_cookieSvc.DeleteAllCookies(cookiesToDelete);
Log.Error("Error while store the database logout {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
Log.Information("Log out successfully");
return(RedirectToLocal(null));
}
private string GetLoggedInUserId()
{
try
{
var protectedUid = _cookieSvc.Get("user_id");
//If here is some problems , we should using denpendency injection
var protectProvider = _provider.GetService <IDataProtectionProvider>();
var protector = protectProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var unprotectedUID = protector.Unprotect(protectedUid);
return(unprotectedUID);
}
catch (Exception ex)
{
Log.Error("Error while Get Loggin User Id {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
return(null);
}
public async Task <bool> LogoutUserAsync()
{
var cookiesToDelete = new[]
{
"twoFactorToken",
"memberId",
"rememberDevice",
"access_token",
"loginStatus",
"refreshToken",
"userRole",
"username",
"user_id"
};
try
{
var username = _cookieSvc.Get("username");
if (username != null)
{
var user = await _userManager.FindByNameAsync(username);
var memberToken = await _db.Tokens.Where(x => x.UserId == user.Id).ToListAsync();
if (memberToken.Count > 0)
{
_db.Tokens.RemoveRange(memberToken);
await _db.SaveChangesAsync();
}
_cookieSvc.DeleteAllCookies(cookiesToDelete);
return(true);
}
}
catch (Exception ex)
{
Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
_cookieSvc.DeleteAllCookies(cookiesToDelete);
return(false);
}
private async Task <string> GetLoggedInUserId()
{
try
{
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
var protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var unprotectUserId = protector.Unprotect(_cookieSvc.Get("user_id"));
var user = await _userManager.FindByIdAsync(unprotectUserId);
if (user != null && user.UserRole == "Administrator")
{
return(unprotectUserId);
}
}
catch (Exception ex)
{
Log.Error("An error occurred while decrypting user Id {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
return(null);
}
private async Task SetBaseViewModel()
{
var protectedUid = _cookieSvc.Get("user_id");
//If here is some problems , we should using denpendency injection
var protectProvider = _provider.GetService <IDataProtectionProvider>();
var protector = protectProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var unprotectedUID = protector.Unprotect(protectedUid);
var userProfile = await _userSvc.GetUserProfileByIdAsync(unprotectedUID);
var resetPassword = new ResetPasswordViewModel();
_adminBaseViewModel = new AdminBaseViewModel()
{
Profile = userProfile,
AddUser = null,
Dashboard = null,
AppSetting = null,
SendGridOption = null,
SmtpOption = null,
ResetPassword = null,
SiteWideSetting = null
};
}
public async Task <IActionResult> Index()
{
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
var protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var userProfile = await _userSvc.GetUserProfileByIdAsync(protector.Unprotect(_cookieSvc.Get("user_id")));
var addUserModel = new AddUserModel();
var protectorSendGrid = protectorProvider.CreateProtector(_dataProtectionKeys.SendGridProtectionKey);
var dashboard = new DashBoardModel();
_adminBaseViewModel = new AdminBaseViewModel
{
Profile = userProfile,
AddUser = addUserModel,
AppSetting = _appSettings,
SmtpOption = _writableSvcSmtpOptions.Value,
SendGridOption = _writableSvcSendGridOptions.Value,
SiteWideSetting = _writableSiteWideSettings.Value,
Dashboard = dashboard
};
_adminBaseViewModel.SendGridOption.SendGridKey =
protectorSendGrid.Protect(_adminBaseViewModel.SendGridOption.SendGridKey);
_adminBaseViewModel.SmtpOption.SmtpPassword =
protectorSendGrid.Protect(_adminBaseViewModel.SmtpOption.SmtpPassword);
return(View("Index", _adminBaseViewModel));
}
public async Task <IActionResult> Index()
{
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
var protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var userProfile = await _userSvc.GetUserProfileByIdAsync(protector.Unprotect(_cookieSvc.Get("user_id")));
var addUserModel = new AddUserModel();
_adminBaseViewModel = new AdminBaseViewModel
{
Profile = userProfile,
AddUser = addUserModel,
AppSetting = _appSettings,
SiteWideSetting = _writableSiteWideSettings.Value,
PermissionTypes = (List <PermissionType>) await _roleSvc.GetAllRolePermissionsTypesAsync()
};
return(View("Index", _adminBaseViewModel));
}
public async Task <IActionResult> Index()
{
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
var protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var userProfile = await _userSvc.GetUserProfileByIdAsync(protector.Unprotect(_cookieSvc.Get("user_id")));
var addUserModel = new AddUserModel();
var dashboard = await _dashboardSvc.GetDashboard();
_adminBaseViewModel = new AdminBaseViewModel
{
Profile = userProfile,
AddUser = addUserModel,
AppSetting = _appSettings,
Dashboard = dashboard,
SiteWideSetting = _writableSiteWideSettings.Value
};
return(View("Index", _adminBaseViewModel));
}
private async Task <TokenResponseModel> RefreshToken(TokenRequestModel model)
{
try
{
if (_appSettings.AllowSiteWideTokenRefresh)
{
// STEP 1: Validate JWT Token
var jwtValidationResult = await ValidateAuthTokenAsync();
if (jwtValidationResult.IsValid && jwtValidationResult.Message == "Token Expired")
{
// check if there's an user with the refresh token's userId
var user = await _userManager.FindByEmailAsync(model.Email);
// also check if user is not admin / using admin cookie
if (user == null || user.UserRole == "Administrator")
{
// UserId not found or invalid
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
// check if the received refreshToken exists for the given clientId
var rt = _db.Tokens.FirstOrDefault(t =>
t.ClientId == _appSettings.ClientId &&
t.UserId == user.Id);
if (rt == null)
{
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
// check if refresh token is expired
if (rt.ExpiryTime < DateTime.UtcNow)
{
_cookieSvc.DeleteCookie("access_token");
_cookieSvc.DeleteCookie("refreshToken");
_cookieSvc.DeleteCookie("loginStatus");
_cookieSvc.DeleteCookie("username");
_cookieSvc.DeleteCookie("userRole");
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
/* Get the Data protection service instance */
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
/* Create a protector instance */
var protectorRt = protectorProvider.CreateProtector(rt.EncryptionKeyRt);
var unprotectedToken = protectorRt.Unprotect(_cookieSvc.Get("refreshToken"));
var decryptedToken = unprotectedToken.ToString();
if (rt.Value != decryptedToken)
{
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
var accessToken = await CreateAccessToken(user);
var expireTime = accessToken.Expiration.Subtract(DateTime.UtcNow).TotalMinutes;
var refreshTokenExpireTime = accessToken.RefreshTokenExpiration.Subtract(DateTime.UtcNow).TotalMinutes;
// set cookie for jwt and refresh token
// Expiry time for cookie - When Refresh token expires all other cookies should expire
// therefor set all the cookie expiry time to refresh token expiry time
_cookieSvc.SetCookie("access_token", accessToken.Token.ToString(), Convert.ToInt32(refreshTokenExpireTime));
_cookieSvc.SetCookie("refreshToken", accessToken.RefreshToken, Convert.ToInt32(refreshTokenExpireTime));
_cookieSvc.SetCookie("loginStatus", "1", Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("username", user.UserName, Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("userRole", user.UserRole, Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("user_id", accessToken.UserId, Convert.ToInt32(refreshTokenExpireTime));
accessToken.Principal = validateToken;
return(accessToken);
}
}
}
catch (Exception ex)
{
Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
return(CreateErrorResponseToken($"Error => {ex.Message}", HttpStatusCode.Unauthorized));
}
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
private async Task SetAdminBaseViewModel()
{
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
var protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var userProfile = await _userSvc.GetUserProfileByIdAsync(protector.Unprotect(_cookieSvc.Get("user_id")));
var resetPassword = new ResetPasswordViewModel();
_adminBaseViewModel = new AdminBaseViewModel
{
Profile = userProfile,
AddUser = null,
AppSetting = null,
Dashboard = null,
ResetPassword = resetPassword,
SiteWideSetting = _writableSiteWideSettings.Value
};
}
