public async Task <IActionResult> Token([FromForm] LoginModel loginModel)
{
if (!ModelState.IsValid)
{
return(BadRequest(new { error = "invalid_grant" }));
}
if (loginModel.grant_type == "password" && !String.IsNullOrEmpty(loginModel.Username) && !String.IsNullOrEmpty(loginModel.Password))
{
var admin = await _adminAuthenticationProvider.AuthenticateAsync(loginModel.Username, loginModel.Password);
if (admin != null)
{
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, admin.AdminId.ToString()),
new Claim(ClaimTypes.Name, admin.AdminId.ToString()),
new Claim(ClaimTypes.Email, admin.Email),
new Claim(ClaimTypes.GivenName, admin.Firstname),
new Claim(ClaimTypes.Surname, admin.Lastname)
};
claims.AddRange(admin.Roles.Select(o => new Claim(ClaimTypes.Role, ((RoleTypes)o.RoleId).ToString())));
var jwtToken = CreateJwtToken(claims);
var(refreshTokenId, expiresUtc) = await CreateRefreshTokenAsync(jwtToken);
if (!(admin.Roles.Select(o => (RoleTypes)o.RoleId).Contains(RoleTypes.GlobalAdmin) || admin.Roles.Select(o => (RoleTypes)o.RoleId).Contains(RoleTypes.Partner)))
{
_log.Info($"{admin.Email} logged in");
}
return(CreateResponse(refreshTokenId, jwtToken, expiresUtc));
}
_log.Warn($"Failed login for username {loginModel.Username}, password is {loginModel.Password.Length} characters long");
}
else if (loginModel.grant_type == "refresh_token")
{
if (Request.Cookies.TryGetValue(_refreshTokenCookieName, out var refreshTokenId))
{
var refreshToken = await _refreshTokenRepository.GetRefreshTokenAsync(refreshTokenId);
if (refreshToken != null)
{
var newJwtToken = CreateJwtToken(new JwtSecurityTokenHandler().ReadJwtToken(refreshToken.AccessToken).Claims);
await _refreshTokenRepository.RemoveTokenAsync(refreshTokenId);
var(newRefreshTokenId, expiresUtc) = await CreateRefreshTokenAsync(newJwtToken);
return(CreateResponse(newRefreshTokenId, newJwtToken, expiresUtc));
}
}
}
return(BadRequest(new { error = "invalid_grant" }));
}
