public User Post([FromBody] UserViewModel userViewModel)
{
userViewModel.Password = CommonHelper.Base64Encode(userViewModel.Password);
var user = _userRepository.Add(userViewModel.Adapt <User>());
return(user);
}
public async Task <IActionResult> Login([FromBody] CredentialsViewModel applicationUserViewModel)
{
const string badUserNameOrPasswordMessage = "Username or password is incorrect.";
if (applicationUserViewModel == null)
{
return(BadRequest(badUserNameOrPasswordMessage));
}
var lookupUser = _userRepository.GetByEmail(applicationUserViewModel.Email);
var lookupUserPassword = CommonHelper.Base64Decode(lookupUser?.Password);
if (lookupUserPassword != applicationUserViewModel.Password)
{
return(BadRequest(badUserNameOrPasswordMessage));
}
var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
identity.AddClaim(new Claim(ClaimTypes.Name, lookupUser.FirstName));
identity.AddClaim(new Claim(ClaimTypes.Role, lookupUser.UserRoleId.ToString()));
var claimsPrincipal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal);
var auth = JsonConvert.SerializeObject(identity);
return(Redirect($"{Configuration["Clientapp:ClientURL"] }/callback?auth={CommonHelper.Base64Encode(auth)}"));
}
private async Task <ClaimsIdentity> GetClaimsIdentity(string email, string password)
{
if (string.IsNullOrEmpty(email) || string.IsNullOrEmpty(password))
{
return(await Task.FromResult <ClaimsIdentity>(null));
}
//var lookupUser = _userRepository.GetByEmail(applicationUserViewModel.Email);
// var lookupUserPassword = CommonHelper.Base64Decode(lookupUser?.Password);
// if (lookupUserPassword != applicationUserViewModel.Password)
// get the user to verifty
var userToVerify = _userRepository.GetByEmail(email);
var encodedPassword = CommonHelper.Base64Encode(password);//System.Text.ASCIIEncoding.ASCII.GetString(System.Convert.FromBase64String(userToVerify?.Password));
if (userToVerify == null)
{
return(await Task.FromResult <ClaimsIdentity>(null));
}
// check the credentials
if (encodedPassword == userToVerify?.Password)
{
var userRole = _userRoleRepository.GetById(userToVerify.UserRoleId);
return(await Task.FromResult(_jwtFactory.GenerateClaimsIdentity(email, userToVerify.Id.ToString(), userRole.UserRoleName)));
}
// Credentials are invalid, or account doesn't exist
return(await Task.FromResult <ClaimsIdentity>(null));
}
