Exemple #1
0
        public async Task <ActionResult <TokenResponse> > ClaimAuthCode(AuthCodeClaimDTO authCodeClaimDTO)
        {
            authCodeClaimDTO.SecurityKey = CryptographyUtils.Base64Decode(authCodeClaimDTO.SecurityKey);

            var dbAuthCode = await applicationDbContext.UserAuthenticationCodes.FirstOrDefaultAsync(code => code.Token == authCodeClaimDTO.Token);

            if (dbAuthCode == null)
            {
                return(BadRequest());
            }

            string md5Key = CryptographyUtils.ComputeSHA256Hash(authCodeClaimDTO.SecurityKey);

            if (dbAuthCode.SecurityKey.ToLower() != md5Key.ToLower())
            {
                return(BadRequest());
            }


            var user = await applicationDbContext.Users.Where(x => x.Id == dbAuthCode.UserId).FirstOrDefaultAsync();

            string purpose = authCodeClaimDTO.Purpose == ApplicationConstants.ExternalLoginTokenPurposeName ?
                             ApplicationConstants.ExternalLoginTokenPurposeName : authCodeClaimDTO.Purpose == ApplicationConstants.PersistentLoginTokenPurposeName ?
                             ApplicationConstants.PersistentLoginTokenPurposeName : string.Empty;

            if (string.IsNullOrEmpty(purpose))
            {
                return(BadRequest("Proposito incorrecto"));
            }



            bool result = await userManager.VerifyUserTokenAsync(user, ApplicationConstants.AuthCodeTokenProviderName, purpose,
                                                                 authCodeClaimDTO.Token);

            if (!result)
            {
                return(BadRequest());
            }


            return(await BuildLoginToken(user.Email, authCodeClaimDTO.Purpose == ApplicationConstants.PersistentLoginTokenPurposeName));
        }