public async Task <IActionResult> RequestPasswordReset([FromBody] string email)
{
try
{
if (string.IsNullOrWhiteSpace(email))
{
CoreFunc.Error(ref ErrorsList, "Email is required!");
return(StatusCode(412, ErrorsList));
}
User user = await _UserManager
.FindByEmailAsync(email).ConfigureAwait(false);
if (user == null)
{
CoreFunc.Error(ref ErrorsList, "Email not registered");
return(StatusCode(412, ErrorsList));
}
RegistrationMethod registrationMethod = await _DbContext.RegistrationMethods.FirstOrDefaultAsync(rm => rm.User.Id == user.Id).ConfigureAwait(false);
if (registrationMethod.Type != RegistrationTypes.Application)
{
CoreFunc.Error(ref ErrorsList, $"Your account is linked to your {registrationMethod.Type} account.");
return(StatusCode(412, ErrorsList));
}
if (user.LockoutEnabled)
{
var currentLockoutDate =
await _UserManager.GetLockoutEndDateAsync(user).ConfigureAwait(false);
if (user.LockoutEnd > DateTimeOffset.UtcNow)
{
CoreFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}"
, CoreFunc.CompareWithCurrentTime(user.LockoutEnd)));
return(StatusCode(412, ErrorsList));
}
await _UserManager.SetLockoutEnabledAsync(user, false).ConfigureAwait(false);
await _UserManager.ResetAccessFailedCountAsync(user).ConfigureAwait(false);
}
Request.Headers.TryGetValue("Origin", out StringValues OriginValue);
if (!await _EmailService.PasswordResetAsync(user, OriginValue).ConfigureAwait(false))
{
CoreFunc.Error(ref ErrorsList, "Unable to send email.");
return(StatusCode(417, ErrorsList));
}
return(Created("", "Created"));
}
catch (Exception ex)
{
CoreFunc.Error(ref ErrorsList, _LoggingService.LogException(Request.Path, ex, User));
return(StatusCode(417, ErrorsList));
}
}
public async Task <IActionResult> Login(LoginInfo loginInfo)
{
try
{
IEnumerable <string> policies = AppFunc.GetCurrentRequestPolicies(Request, out AppTypes apptype);
if (apptype == AppTypes.Invalid)
{
CoreFunc.Error(ref ErrorsList, "Unauthorised Application Access. 🤔");
return(Unauthorized(ErrorsList));
}
/// If email parameter is empty
/// return "unauthorized" response (stop code execution)
if (string.IsNullOrWhiteSpace(loginInfo.Email))
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, "Email is required!");
return(Unauthorized(ErrorsList));
}
/// Find the user with the provided email address
User user = await _DbContext.Users
.Include(u => u.Role)
.Include(u => u.RegistrationMethod)
.FirstOrDefaultAsync(r => r.Email.Equals(loginInfo.Email))
.ConfigureAwait(false);
/// if no user is found on the database
if (user == null)
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, "Email not registered");
return(Unauthorized(ErrorsList));
}
if (!await IsUserPolicyAccepted(user, policies).ConfigureAwait(false))
{
CoreFunc.Error(ref ErrorsList, "You do not have permission to login here.");
return(Unauthorized(ErrorsList));
}
if (user.RegistrationMethod.Type != RegistrationTypes.Application)
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, $"Please use {user.RegistrationMethod.Type} to login.");
return(StatusCode(403, ErrorsList));
}
if (string.IsNullOrWhiteSpace(loginInfo.Password))
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, "Password is required!");
return(Unauthorized(ErrorsList));
}
/// Check if user's account is locked
if (user.LockoutEnabled)
{
/// get the current lockout end dateTime
var currentLockoutDate =
await _UserManager.GetLockoutEndDateAsync(user).ConfigureAwait(false);
/// if the user's lockout is not expired (stop code execution)
if (user.LockoutEnd > DateTimeOffset.UtcNow)
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}"
, CoreFunc.CompareWithCurrentTime(user.LockoutEnd)));
return(Unauthorized(ErrorsList));
}
/// else lockout time has expired
// disable user lockout
await _UserManager.SetLockoutEnabledAsync(user, false).ConfigureAwait(false);
await _UserManager.ResetAccessFailedCountAsync(user).ConfigureAwait(false);
}
/// else user account is not locked
// Attempt to sign in the user
var SignInResult = await _SignInManager
.PasswordSignInAsync(user, loginInfo.Password, loginInfo.RememberMe, false).ConfigureAwait(false);
/// If password sign-in succeeds
// responded ok 200 status code with
//the user's role attached (stop code execution)
if (!SignInResult.Succeeded)
{
/// else login attempt failed
/// increase and update the user's failed login attempt by 1
await _UserManager.AccessFailedAsync(user).ConfigureAwait(false);
/// if failed login attempt is less than/ equal to 5 (stop code execution)
if (user.AccessFailedCount <= 5)
{
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, "Incorrect Password!");
return(Unauthorized(ErrorsList));
}
/// else user has tried their password more than 15 times
// lock the user and ask them to reset their password
user.LockoutEnabled = true;
user.LockoutEnd = DateTimeOffset.UtcNow.AddMinutes(user.AccessFailedCount);
/// in the case any exceptions return the following error
CoreFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}"
, CoreFunc.CompareWithCurrentTime(user.LockoutEnd)));
return(Unauthorized(ErrorsList));
}
user.Role = (await _DbContext.Users.AsNoTracking()
.Include(u => u.Role)
.FirstOrDefaultAsync(u => u.Id == user.Id)
.ConfigureAwait(false))
?.Role;
return(Ok(user));
}
catch (Exception ex)
{
CoreFunc.Error(ref ErrorsList, _LoggingService.LogException(Request.Path, ex, User));
return(StatusCode(417, ErrorsList));
}
}