public IActionResult Register([FromBody] ProfileAuthenticationRequestDto profileParam)
{
try
{
_profileService.Register(profileParam);
return(Ok());
}
catch (ValidationException validationException)
{
return(BadRequest(new ErrorResponse(validationException.FieldNames)));
}
catch (DomainModelException domainModelException)
{
return(BadRequest(new ErrorResponse(domainModelException.Message)));
}
}
public void Register(ProfileAuthenticationRequestDto profileFromUi)
{
var invalidParams = new List <string>();
if (!IsValidEmail(profileFromUi.Email))
{
invalidParams.Add(nameof(profileFromUi.Email));
}
if (!IsValidPassword(profileFromUi.Password))
{
invalidParams.Add(nameof(profileFromUi.Password));
}
if (invalidParams.Any())
{
throw new ValidationException(invalidParams);
}
CreatePasswordHash(profileFromUi.Password, out byte[] passwordHash,
out byte[] passwordSalt);
var profileForDb = new Profile()
{
Email = profileFromUi.Email,
PasswordHash = passwordHash,
PasswordSalt = passwordSalt
};
try
{
_profileRepository.CreateProfile(profileForDb);
}
catch (DbUpdateException dbUpdateException)
{
if (dbUpdateException.InnerException?.Message
.Contains("Email") ?? false)
{
throw new DomainModelException("Email already used");
}
throw;
}
}
public IActionResult Authenticate([FromBody] ProfileAuthenticationRequestDto profileParam)
{
try
{
var profile = _profileService.Authenticate(profileParam);
return(Ok(profile));
}
catch (ValidationException validationException)
{
return(BadRequest(new ErrorResponse(validationException.FieldNames)));
}
catch (AuthenticationException)
{
return(BadRequest(new ErrorResponse(
"Could not find any profile with this email and password")));
}
catch (DomainModelException domainModelException)
{
return(BadRequest(new ErrorResponse(domainModelException.Message)));
}
}
public ProfileAuthenticationResponseDto Authenticate(ProfileAuthenticationRequestDto profileFromUi)
{
// Validating parameters
var invalidParams = new List <string>();
if (!IsValidEmail(profileFromUi.Email)) // TODO: Do I need email validation on login?
{
invalidParams.Add(nameof(profileFromUi.Email));
}
if (invalidParams.Any())
{
throw new ValidationException(invalidParams);
}
var profileFromDb = _profileRepository.GetProfileByEmail(profileFromUi.Email);
if (profileFromDb == null)
{
throw new AuthenticationException();
}
if (profileFromDb.LockDate.HasValue &&
profileFromDb.LockDate.Value < DateTime.Now.AddDays(1))// TODO: Magic number
{
throw new DomainModelException("Account locked");
}
if (!VerifyPasswordHash(profileFromUi.Password,
profileFromDb.PasswordHash, profileFromDb.PasswordSalt))
{
_profileRepository.AddAttempt(profileFromDb.Email);
if (profileFromDb.IncorrectAttempts >= 5)// TODO: Magic number
{
_profileRepository.LockProfile(profileFromDb.Email);
throw new DomainModelException("Account locked");
}
throw new AuthenticationException();
}
// Generating response
var responseProfile = new ProfileAuthenticationResponseDto
{
Email = profileFromDb.Email
};
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new []
{
new Claim(ClaimTypes.Name, profileFromDb.Id.ToString()),
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials
(
new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha256Signature
)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
responseProfile.Token = tokenHandler.WriteToken(token);
return(responseProfile);
}
