async Task <AuthenticationToken> ISecurityLayer.LoginUser(UserPass userpass, IPAddress ip) { var id = default(Guid); byte[] salt = null; byte[] password = null; await this.connectionManager.ExecuteSql( "auth.getPassword", collection => { collection.AddWithValue("email", userpass.Email); }, reader => { if (false == reader.Read()) { HomeHubEventSource.Log.Info($"Could not find user with email: {userpass.Email}"); return; } id = (Guid)reader["id"]; salt = (byte[])reader["salt"]; password = (byte[])reader["password"]; }, CancellationToken.None); if (null == password) { throw new UnauthorizedAccessException("Authentication failure"); } if (false == PasswordHelper.ArePasswordsEqual(salt, password, userpass.Password)) { throw new UnauthorizedAccessException("Auth failure"); } var newToken = PasswordHelper.GenerateRandom(64); var expiration = default(DateTime); var assigned = default(DateTime); var claims = default(UserRoles); await this.connectionManager.ExecuteSql( "auth.loginUser", collection => { collection.AddWithValue("email", userpass.Email); collection.AddWithValue("password", password); collection.AddWithValue("token", newToken); collection.AddWithValue("ip", PasswordHelper.GetIPAddressInSqlForm(ip)); }, reader => { if (false == reader.Read()) { ExceptionUtility.ThrowFailureException("Could not insert token into db."); } id = (Guid)reader["id"]; newToken = (byte[])reader["token"]; assigned = (DateTime)reader["assigned"]; reader.NextResult(); while (reader.Read()) { var role = (UserRoles)Enum.Parse(typeof(UserRoles), (string)reader["claim"]); claims |= role; } }, this.tokenSource.Token); return(new AuthenticationToken { Token = Convert.ToBase64String(newToken), Claims = claims, }); }