async Task <AuthenticationToken> ISecurityLayer.LoginUser(UserPass userpass, IPAddress ip)
{
var id = default(Guid);
byte[] salt = null;
byte[] password = null;
await
this.connectionManager.ExecuteSql(
"auth.getPassword",
collection => { collection.AddWithValue("email", userpass.Email); },
reader =>
{
if (false == reader.Read())
{
HomeHubEventSource.Log.Info($"Could not find user with email: {userpass.Email}");
return;
}
id = (Guid)reader["id"];
salt = (byte[])reader["salt"];
password = (byte[])reader["password"];
},
CancellationToken.None);
if (null == password)
{
throw new UnauthorizedAccessException("Authentication failure");
}
if (false == PasswordHelper.ArePasswordsEqual(salt, password, userpass.Password))
{
throw new UnauthorizedAccessException("Auth failure");
}
var newToken = PasswordHelper.GenerateRandom(64);
var expiration = default(DateTime);
var assigned = default(DateTime);
var claims = default(UserRoles);
await this.connectionManager.ExecuteSql(
"auth.loginUser",
collection =>
{
collection.AddWithValue("email", userpass.Email);
collection.AddWithValue("password", password);
collection.AddWithValue("token", newToken);
collection.AddWithValue("ip", PasswordHelper.GetIPAddressInSqlForm(ip));
},
reader =>
{
if (false == reader.Read())
{
ExceptionUtility.ThrowFailureException("Could not insert token into db.");
}
id = (Guid)reader["id"];
newToken = (byte[])reader["token"];
assigned = (DateTime)reader["assigned"];
reader.NextResult();
while (reader.Read())
{
var role = (UserRoles)Enum.Parse(typeof(UserRoles), (string)reader["claim"]);
claims |= role;
}
},
this.tokenSource.Token);
return(new AuthenticationToken
{
Token = Convert.ToBase64String(newToken),
Claims = claims,
});
}
