public async Task <ActionResult <SessionCreateResponseModel> > Create(SessionCreateRequestModel model) { var user = _authService.FindUser(model.Email); if (user == null) { return(BadRequest("Invalid username or password.")); } user.PasswordHash = IAuthService.HashPassword(model.Password); var jwt = _authService.AuthenticateUser(model); if (string.IsNullOrEmpty(jwt)) { return(BadRequest("Invalid username or password.")); } _context.Sessions.RemoveRange(_context.Sessions.Where(sess => sess.UserId == user.Id)); _context.Sessions.Add(new Session() { Token = jwt, CreatedAt = DateTime.UtcNow, UserId = user.Id }); await _context.SaveChangesAsync(); return(Ok(new SessionCreateResponseModel() { Id_token = jwt })); }
public string AuthenticateUser(SessionCreateRequestModel model) { var identity = GetIdentity(model.Email, model.Password); if (identity == null) { return(null); } var now = DateTime.UtcNow; var jwt = new JwtSecurityToken( issuer: AuthOptions.ISSUER, audience: AuthOptions.AUDIENCE, notBefore: now, claims: identity.Claims, expires: now.Add(TimeSpan.FromMinutes(AuthOptions.LIFETIME)), signingCredentials: new SigningCredentials(AuthOptions.GetSymmetricSecurityKey(), SecurityAlgorithms.HmacSha256)); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); return(encodedJwt); }