public async Task <string> Login(LoginModel loginModel) { var user = await _fsEntityRepository.GetEntity <User>(x => x.Email == loginModel.Username || x.Username == loginModel.Username); if (user == null) { throw new ErrorCodeException(LoginErrorCode.InvalidCredentials); } var passwordIsCorrect = _hashService.Verify(loginModel.Password, user.Password, user.PasswordSalt); if (!passwordIsCorrect) { throw new ErrorCodeException(LoginErrorCode.InvalidCredentials); } if (!user.IsEmailConfirmed) { throw new ErrorCodeException(LoginErrorCode.EmailNotConfirmed); } var token = GenerateJWTToken(user); return(token); }
public async Task RequestPasswordReset(UserRequestPasswordResetModel resetModel) { var user = await _entityRepository.GetEntity <User>(x => x.Email == resetModel.Username || x.Username == resetModel.Username); //Just return if user is null, dont throw any exceptions as this could be used as indication wether user exists or not if (user == null) { return; } var passwordResetUrlWithKey = _verificationService.CreateVerificationUrl(resetModel.PasswordResetUrl, user, UserVerificationType.PasswordReset); var passwordResetMailModel = new PasswordResetMailModel(user.FirstName, user.LastName, passwordResetUrlWithKey); var message = new MailMessage <PasswordResetMailModel>(user.Email, MailResources.PasswordResetMail_Subject, MailResources.PasswordResetMail_Body, passwordResetMailModel); await _mailService.SendMail(message); }
public async Task <long> CreateVaultForAuthenticatedUser(VaultCreateModel vaultCreateModel) { if (!_authenticationService.IsAuthenticated) { throw new StatusCodeException(HttpStatusCode.Unauthorized); } var userId = _authenticationService.UserId; var user = await _entityRepository.GetEntity <User>(x => x.Id == userId); using var transaction = _dbContext.Database.BeginTransaction(); try { var vaultId = await CreateVault(vaultCreateModel, user.Id); var vaultOwnerId = await CreateVaultOwner(vaultId, user.OwnerId, user.Id); await CreateVaultOwnerRights(vaultOwnerId, user.Id, VaultOwnerRightType.CreateSecrets, VaultOwnerRightType.DeleteSecrets, VaultOwnerRightType.ReadSecrets, VaultOwnerRightType.UpdateSecrets); await transaction.CommitAsync(); return(vaultId); } catch { await transaction.RollbackAsync(); throw; } }
/// <summary> /// Validates wether given key is valid. If not throws status code exception bad request. If is valid returns userid /// </summary> /// <param name="key"></param> /// <param name="verificationType"></param> /// <returns>User id</returns> public async Task <User> ValidateVerificationKey(string key, UserVerificationType verificationType) { var decodedKey = HttpUtility.UrlDecode(key); var userVerificationModel = _encryptionService.DecryptModel <UserVerificationModel>(decodedKey); var user = await _entityRepository.GetEntity <User>(x => x.Id == userVerificationModel.UserId); if (user == null) { throw new StatusCodeException(HttpStatusCode.BadRequest); } if (_dateTimeProvider.Now > userVerificationModel.ExpirationDate) { throw new StatusCodeException(HttpStatusCode.BadRequest); } if (userVerificationModel.UserVerificationType != verificationType) { throw new StatusCodeException(HttpStatusCode.BadRequest); } return(user); }