public IActionResult Login(LoginRequestDto request)
{
LoginAttemptResponse loginAttempt = _dbService.checkLogin(request.Login);
if (loginAttempt == null)
{
return(NotFound("That login does not exist in the database"));
}
if (!AuthHandler.Validate(request.Password, loginAttempt.Salt, loginAttempt.Hash))
{
return(BadRequest("Incorrect Password"));
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, loginAttempt.Login),
new Claim(ClaimTypes.Name, loginAttempt.FirstName),
new Claim(ClaimTypes.Role, "user")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("FFFFFFFFFIIIIIIIIIXXXXXX THEEEEEE VAAAAAAAALLLLLLLLLUUUEEEEEEE!!!!!!!!!!!!!!!!!!!!"));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "AdvertCompany",
audience: "user",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var refreshToken = Guid.NewGuid();
string refreshTokenString = refreshToken.ToString();
RecordTokenRequest rtr = new RecordTokenRequest
{
IdClient = loginAttempt.IdClient,
refreshTokenValue = loginAttempt.TokenString
};
_dbService.RecordToken(rtr);
return(Ok(new
{
accessToken = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken
}));
}
public IActionResult Login(LoginRequestDto request)
{
LoginAttemptResponse loginAttemptResponse = _dbService.checkLogin(request.Login);
if (loginAttemptResponse == null)
{
return(NotFound("That index number does not exist in the database"));
}
if (!AuthHandler.Validate(request.Password, loginAttemptResponse.Salt, loginAttemptResponse.Hash))
{
return(BadRequest("Incorrect Password"));
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, request.Login),
new Claim(ClaimTypes.Name, loginAttemptResponse.FirstName),
new Claim(ClaimTypes.Role, "employee")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Gakko",
audience: "employee",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var refreshToken = Guid.NewGuid();
string refreshTokenString = refreshToken.ToString();
var tokenCreated = new Token
{
TokenString = refreshTokenString,
NameIdentifier = request.Login,
FirstName = loginAttemptResponse.FirstName
};
_dbService.RecordToken(tokenCreated);
return(Ok(new
{
accessToken = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken
}));
}
public LoginAttemptResponse checkLogin(string login)
{
LoginAttemptResponse loginAttemptResponse = _advertContext.Client.Where(s => s.Login == login).Select(p => new LoginAttemptResponse
{
FirstName = p.FirstName,
Hash = p.Hash,
IdClient = p.IdClient,
Login = p.Login,
Salt = p.Salt,
TokenString = p.TokenString
}).FirstOrDefault();
return(loginAttemptResponse);
}
