public async Task <IActionResult> Login(BasicLoginViewModel model) { if (HttpContext.User.Identity.IsAuthenticated == false) { var api = RestService.For <IHealthyGamerPortalAccountApi>(new HttpClient(new Helpers.AuthenticatedHttpClientHandler()) { BaseAddress = new Uri(BaseUrl) }); var response = await api.IsBasicAccount(new EncryptedMessage() { Length = model.Email.Length, Text = Rfc7905.EncryptText(model.Email) }); if (response.Result == AccountType.Discord) { return(Oauth(Url.Action("Oauth", "Account"))); } else { // Response.StatusCode = 403; //prevents browsers from trying to remember a password when the login failed. return(RedirectToAction("BasicLogin", "Account", model)); } } return(RedirectToAction("Index", "Home")); }
/// <summary> /// Scout every request for basic login path and initiate authentication. /// </summary> public async Task InvokeAsync(HttpContext httpContext) { HttpRequest request = httpContext.Request; HttpResponse response = httpContext.Response; // If the request path doesn't match, skip if (request.Path.Equals(_options.Path, StringComparison.Ordinal)) { // Slow connection can cause collision between concurring tasks, delay until finished while (!_antiforgery.ValidateRequestAsync(httpContext).IsCompleted) { //wait a bit please :D } // Request must be POST with matching antiforgery token if (!request.Method.Equals("POST") || !_antiforgery.ValidateRequestAsync(httpContext).IsCompletedSuccessfully) { response.StatusCode = 400; } if (!httpContext.User.Identity.IsAuthenticated) { EncryptedBasicLoginModel model = new EncryptedBasicLoginModel { Email = new EncryptedMessage() { Text = Rfc7905.EncryptText(request.Form["Email"]), Length = Encoding.UTF8.GetBytes(request.Form["Email"]).Length }, Password = new EncryptedMessage() { Text = Rfc7905.EncryptText(request.Form["Password"]), Length = Encoding.UTF8.GetBytes(request.Form["Password"]).Length } }; _httpContext = httpContext; if (await Authenticate(model)) { response.Redirect("/"); } else { response.Redirect("/Account/Oauth"); } return; } } await _next(httpContext); }