public IHttpActionResult SwitchBranch(int branchId)
{
var tokenExpiration = TimeSpan.FromDays(1);
try
{
string userName = Request.GetOwinContext().Authentication.User.Claims.FirstOrDefault(o => o.Type == "sub").Value;
Module.Framework.DTO.UserInfoDTO dtoUserInfo = bll.GetUserInfo(userName);
ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
identity.AddClaim(new Claim("sub", userName));
identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString()));
identity.AddClaim(new Claim("branchid", branchId.ToString()));
identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString()));
identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString()));
identity.AddClaim(new Claim("role", "user"));
var props = new AuthenticationProperties()
{
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration),
};
var ticket = new AuthenticationTicket(identity, props);
var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
JObject tokenResponse = new JObject(
new JProperty("access_token", accessToken),
new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString())
);
return(Ok(tokenResponse));
}
catch (Exception ex) { }
return(Ok());
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (AuthRepository _repo = new AuthRepository())
{
//_repo.RetrieveHash();
IdentityUser user = await _repo.Login(context.UserName, HttpContext.Current.Server.UrlDecode(context.Password));
if (user == null)
{
context.SetError("IncorrectLogin");
return;
}
else if (accountBll.IsAccountDisabled(user.Id))
{
context.SetError("AccountDisabled", user.UserName);
return;
}
else if (accountBll.IsNeedToChangePassword(user.Id))
{
context.SetError("ChangePassword", user.UserName);
return;
}
}
Module.Framework.DTO.UserInfoDTO dtoUserInfo = null;
try
{
dtoUserInfo = bll.GetUserInfo(context.UserName);
}
catch (Exception ex)
{
context.SetError("Error", Library.Helper.GetInnerException(ex).Message);
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString()));
identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString()));
identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString()));
identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString()));
identity.AddClaim(new Claim("clientid", dtoUserInfo.UserCientID.HasValue ? dtoUserInfo.UserCientID.ToString() : string.Empty));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
public IHttpActionResult AutoLogin(string identifier)
{
var tokenExpiration = TimeSpan.FromDays(1);
IdentityUser user = null;
using (AuthRepository _repo = new AuthRepository())
{
//_repo.RetrieveHash();
user = _repo.FinByIdentifier(identifier);
}
if (user != null)
{
Module.Framework.DTO.UserInfoDTO dtoUserInfo = bll.GetUserInfo(user.UserName);
ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
identity.AddClaim(new Claim("sub", user.UserName));
identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString()));
identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString()));
identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString()));
identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString()));
identity.AddClaim(new Claim("role", "user"));
var props = new AuthenticationProperties()
{
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration),
};
var ticket = new AuthenticationTicket(identity, props);
var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
JObject tokenResponse = new JObject(
new JProperty("access_token", accessToken),
new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString())
);
return(Ok(tokenResponse));
}
return(Ok());
}
public IHttpActionResult ChangePassword(Models.PasswordChangeViewModel data)
{
Library.DTO.Notification notification = new Library.DTO.Notification()
{
Type = Library.DTO.NotificationType.Success
};
// change password
using (AuthRepository _repo = new AuthRepository())
{
if (data.NewPassword.Length < 7)
{
throw new Exception("Password length must be at least 7 chars");
}
string errMsg = string.Empty;
if (!_repo.ChangePassword(data.UserName, data.NewPassword, data.OldPassword, out errMsg))
{
notification.Type = Library.DTO.NotificationType.Error;
notification.Message = errMsg;
return(Ok(new Library.DTO.ReturnData <string>()
{
Data = string.Empty, Message = notification
}));
}
}
// auto login
var tokenExpiration = TimeSpan.FromDays(1);
IdentityUser user = null;
using (AuthRepository _repo = new AuthRepository())
{
//_repo.RetrieveHash();
user = _repo.FindByUserNameNormal(data.UserName);
}
if (user != null)
{
Module.Framework.DTO.UserInfoDTO dtoUserInfo = bll.GetUserInfo(user.UserName);
ClaimsIdentity identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
identity.AddClaim(new Claim("sub", user.UserName));
identity.AddClaim(new Claim("subid", dtoUserInfo.UserID.ToString()));
identity.AddClaim(new Claim("branchid", dtoUserInfo.UserBranchID.ToString()));
identity.AddClaim(new Claim("companyid", dtoUserInfo.UserCompanyID.ToString()));
identity.AddClaim(new Claim("factoryid", dtoUserInfo.UserFactoryID.ToString()));
identity.AddClaim(new Claim("role", "user"));
var props = new AuthenticationProperties()
{
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration),
};
var ticket = new AuthenticationTicket(identity, props);
var accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
JObject tokenResponse = new JObject(
new JProperty("access_token", accessToken),
new JProperty("expires_in", tokenExpiration.TotalSeconds.ToString())
);
return(Ok(new Library.DTO.ReturnData <Object>()
{
Data = tokenResponse, Message = notification
}));
}
// if we get here, something wrong with the process
return(InternalServerError());
}
