private async Task <IGetUserCredentialsResponse> GetUserCredentials(string loginData) { IGetUserCredentialsResponse result = null; try { var brokerResponse = await _requestClient.GetResponse <IOperationResult <IGetUserCredentialsResponse> >( IGetUserCredentialsRequest.CreateObj(loginData)); if (!brokerResponse.Message.IsSuccess) { _logger.LogWarning("Can't get user credentials for LoginData: '{loginData}'", loginData); } else { result = brokerResponse.Message.Body; } } catch (Exception exc) { _logger.LogError( exc, "Exception was caught while receiving user credentials for LoginData: {loginData}", loginData); } return(result); }
private void VerifyPasswordHash(IGetUserCredentialsResponse savedUserCredentials, string requestPassword) { string requestPasswordHash = PasswordHelper.GetPasswordHash( savedUserCredentials.UserLogin, savedUserCredentials.Salt, requestPassword); if (!string.Equals(savedUserCredentials.PasswordHash, requestPasswordHash)) { throw new ForbiddenException("Wrong user credentials."); } }
public async Task <LoginResult> Execute(LoginRequest request) { request.LoginData = request.LoginData.Trim(); _logger.LogInformation( "User login request for LoginData: '{loginData}' from IP: '{requestIP}'.", request.LoginData, _httpContext.Connection.RemoteIpAddress); _validator.ValidateAndThrowCustom(request); IGetUserCredentialsResponse userCredentials = await GetUserCredentials(request.LoginData); if (userCredentials == null) { throw new NotFoundException( "User was not found, please check your credentials and try again. In case this error occurred again contact DO support team by email '*****@*****.**'."); } VerifyPasswordHash(userCredentials, request.Password); var result = new LoginResult { UserId = userCredentials.UserId, AccessToken = _tokenEngine.Create(userCredentials.UserId, TokenType.Access, out double accessTokenLifeTime), RefreshToken = _tokenEngine.Create(userCredentials.UserId, TokenType.Refresh, out double refreshTokenLifeTime), AccessTokenExpiresIn = accessTokenLifeTime, RefreshTokenExpiresIn = refreshTokenLifeTime }; _logger.LogInformation( "User was successfully logged in with LoginData: '{loginData}' from IP: {requestIP}", request.LoginData, _httpContext.Connection.RemoteIpAddress); return(result); }