public IActionResult Login(CredentialsModel credentials)
{
UserModel user = usersLogic.GetUserByCredentials(credentials);
if (user == null)
{
return(Unauthorized("incorrect username or password"));
}
user.JwtToken = jwtHelper.GetWjtToken(user.Username, user.Role);
user = (UserModel)user.Clone();
user.Password = null;
return(Ok(user));
}
public UserModel GetUserByCredentials(CredentialsModel credentialsModel)
{
UserModel userToCheck = new UserModel(DB.Users.SingleOrDefault(p => p.Username == credentialsModel.Username));
if (credentialsModel.Password == userToCheck.Password)
{
return(userToCheck);
}
credentialsModel.Password = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: credentialsModel.Password,
salt: Convert.FromBase64String(userToCheck.Salt),
prf: KeyDerivationPrf.HMACSHA1,
iterationCount: 10000,
numBytesRequested: 256 / 8));
if (credentialsModel.Password == userToCheck.Password)
{
return(userToCheck);
}
return(null);
}