public async Task <bool> CheckAccess(string token, string permissionKey)
{
var decodedToken = AuthenticationHelpers.ReadToken(token);
string userId = decodedToken.Claims.First(c => c.Type == "userId").Value;
User user = await _users.Find <User>(user => user.Id == userId).FirstOrDefaultAsync();
if (user == null)
{
return(false);
}
List <Role> userRoles = new List <Role>();
foreach (string roleId in user.Roles)
{
userRoles.Add(await _roles.Find(role => role.Id == roleId).FirstOrDefaultAsync());
}
string permissionId = Startup.StaticConfiguration.GetSection("PermissionIds")[permissionKey];
return(AuthenticationHelpers.IsPermissionGranted(user, userRoles, permissionId));
}
public async Task <IActionResult> Login([FromQuery] string username, [FromQuery] string password)
{
User user = await _userService.GetByUsername(username);
if (user == null)
{
return(NotFound("username does not exist"));
}
if (!AuthenticationHelpers.IsPasswordValid(password, user.Password))
{
return(Unauthorized("incorrect password"));
}
// Check if user has access to login
List <Role> userRoles = new List <Role>();
foreach (string roleId in user.Roles)
{
userRoles.Add(await _roleService.Get(roleId));
}
if (!AuthenticationHelpers.IsPermissionGranted(user, userRoles, Startup.StaticConfiguration.GetSection("PermissionIds")["login"]))
{
return(Unauthorized("not authorized for login"));
}
string authToken = AuthenticationHelpers.GenerateAuthToken(user, await _roleService.Get(), await _permissionService.Get());
await _tokenService.Create(new Token(
null,
user.Id,
"auth",
authToken,
DateTime.UtcNow,
new List <TokenAction>(),
false,
true
));
var createdAuthToken = await _tokenService.GetByToken(authToken);
string refreshToken = AuthenticationHelpers.GenerateRefreshToken(user, createdAuthToken.Id);
await _tokenService.Create(new Token(
null,
user.Id,
"refresh",
refreshToken,
DateTime.UtcNow,
new List <TokenAction>(),
false,
true
));
return(Ok(
new Dictionary <string, string>
{
{ "authToken", authToken },
{ "refreshToken", refreshToken }
}
));
}
