public async Task <string> LoginAsync(LoginAccount command)
{
var loginOrEmailHash = _hashManager.CalculateDataHash(command.LoginOrEmail);
var user = await _context.Users.GetByEmail(loginOrEmailHash)
.Select(x => new { x.PasswordHash, x.Salt, x.Role, x.Id, x.IsActive })
.AsNoTracking().SingleOrDefaultAsync();
if (user == null)
{
user = await _context.Users.GetByLogin(loginOrEmailHash)
.Select(x => new { x.PasswordHash, x.Salt, x.Role, x.Id, x.IsActive })
.AsNoTracking().SingleOrDefaultAsync();
}
if (user == null)
{
throw new CorruptedOperationException("Invalid credentials.");
}
if (_hashManager.VerifyPasswordHash(command.Password, user.PasswordHash, user.Salt) == false)
{
throw new CorruptedOperationException("Invalid credentials.");
}
return(await _jwtHandler.CreateTokenAsync(user.Id, user.Role));
}
public async Task <IActionResult> LoginAsync([FromBody] LoginRequest request)
{
var userFromDatabase = _userRepository.GetUserByUsername(request.Username);
if (userFromDatabase == null)
{
return(Unauthorized());
}
var passHash = _encrypter.GetHash(request.Password, userFromDatabase.PasswordSalt);
if (passHash != userFromDatabase.PasswordHash)
{
return(Unauthorized());
}
var token = await _jwtHandler.CreateTokenAsync(request.Username);
return(Json(token));
}