private async Task <IGetUserCredentialsResponse> GetUserCredentials(string loginData)
{
IGetUserCredentialsResponse result = null;
try
{
var brokerResponse = await _requestClient.GetResponse <IOperationResult <IGetUserCredentialsResponse> >(
IGetUserCredentialsRequest.CreateObj(loginData));
if (!brokerResponse.Message.IsSuccess)
{
_logger.LogWarning("Can't get user credentials for LoginData: '{loginData}'", loginData);
}
else
{
result = brokerResponse.Message.Body;
}
}
catch (Exception exc)
{
_logger.LogError(
exc,
"Exception was caught while receiving user credentials for LoginData: {loginData}",
loginData);
}
return(result);
}
private void VerifyPasswordHash(IGetUserCredentialsResponse savedUserCredentials, string requestPassword)
{
string requestPasswordHash = PasswordHelper.GetPasswordHash(
savedUserCredentials.UserLogin,
savedUserCredentials.Salt,
requestPassword);
if (!string.Equals(savedUserCredentials.PasswordHash, requestPasswordHash))
{
throw new ForbiddenException("Wrong user credentials.");
}
}
public async Task <LoginResult> Execute(LoginRequest request)
{
request.LoginData = request.LoginData.Trim();
_logger.LogInformation(
"User login request for LoginData: '{loginData}' from IP: '{requestIP}'.",
request.LoginData,
_httpContext.Connection.RemoteIpAddress);
_validator.ValidateAndThrowCustom(request);
IGetUserCredentialsResponse userCredentials = await GetUserCredentials(request.LoginData);
if (userCredentials == null)
{
throw new NotFoundException(
"User was not found, please check your credentials and try again. In case this error occurred again contact DO support team by email '*****@*****.**'.");
}
VerifyPasswordHash(userCredentials, request.Password);
var result = new LoginResult
{
UserId = userCredentials.UserId,
AccessToken = _tokenEngine.Create(userCredentials.UserId, TokenType.Access, out double accessTokenLifeTime),
RefreshToken = _tokenEngine.Create(userCredentials.UserId, TokenType.Refresh, out double refreshTokenLifeTime),
AccessTokenExpiresIn = accessTokenLifeTime,
RefreshTokenExpiresIn = refreshTokenLifeTime
};
_logger.LogInformation(
"User was successfully logged in with LoginData: '{loginData}' from IP: {requestIP}",
request.LoginData,
_httpContext.Connection.RemoteIpAddress);
return(result);
}
