public async Task <IActionResult> Login([FromBody] LoginViewModel model, string returnUrl = null)
{
// First get the return url - the url which the user was trying to access initially
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
try
{
var jwtToken = await _authSvc.Auth(model);
const int expireTime = 60; // set the value to 60 - as dont want the admin cookie to stay in browser for longer
_cookieSvc.SetCookie("access_token", jwtToken.Token, expireTime);
_cookieSvc.SetCookie("user_id", jwtToken.UserId, expireTime);
_cookieSvc.SetCookie("username", jwtToken.Username, expireTime);
Log.Information($"User {model.Email} logged in.");
return(Ok("Success"));
}
catch (Exception ex)
{
Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
}
ModelState.AddModelError("", "Invalid Username/Password was entered");
Log.Error("Invalid Username/Password was entered");
return(Unauthorized("Please Check the Login Credentials - Invalid Username/Password was entered"));
}
public async Task <IActionResult> Login([FromBody] LoginViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
try
{
var jwtTokenResponse = await _authenticateSvc.Auth(model);
const int expireTime = 60;
_cookieSvc.SetCookie(AccessToken, jwtTokenResponse.Token, expireTime);
_cookieSvc.SetCookie(User_Id, jwtTokenResponse.UserId, expireTime);
_cookieSvc.SetCookie("username", jwtTokenResponse.Username, expireTime);
Log.Information($"User {model.Email} :Login success");
return(Ok("success"));
}
catch (Exception ex)
{
Log.Error("Error while Login Post with user {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
}
ModelState.AddModelError("", "Invaid UserName/Password was entered");
Log.Error("Invaid UserName / Password was entered");
return(Unauthorized("Please Check UserNAME/Password"));
}
public async Task <TokenResponseModel> GenerateNewToken()
{
try
{
var loggedInUserId = GetLoggedInUserId();
var user = await _userManager.FindByIdAsync(loggedInUserId);
// password was already validated - therefore we need to check if the two-factor token exists
if (user == null)
{
return(CreateErrorResponseToken("Something went wrong. Please try again later", HttpStatusCode.Unauthorized));
}
var accessToken = await CreateAccessToken(user);
var refreshTokenExpireTime = accessToken.RefreshTokenExpiration.Subtract(DateTime.UtcNow).TotalMinutes;
// set cookie for jwt and refresh token
// Expiry time for cookie - When Refresh token expires all other cookies should expire
// therefor set all the cookie expiry time to refresh token expiry time
_cookieSvc.SetCookie("access_token", accessToken.Token.ToString(), Convert.ToInt32(refreshTokenExpireTime));
_cookieSvc.SetCookie("refreshToken", accessToken.RefreshToken, Convert.ToInt32(refreshTokenExpireTime));
_cookieSvc.SetCookie("loginStatus", "1", Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("username", user.UserName, Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("userRole", user.UserRole, Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("user_id", accessToken.UserId, Convert.ToInt32(refreshTokenExpireTime));
return(accessToken);
}
catch (Exception ex)
{
Log.Error("An error occurred at GenerateNewToken(TwoFactorResponseModel model) {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized));
}
private async Task <TokenResponseModel> GenerateNewToken(TokenRequestModel model)
{
try
{
// check if there's an user with the given username
var user = await _userManager.FindByEmailAsync(model.Email);
// Validate credentials
if (user != null && await _userManager.CheckPasswordAsync(user, model.Password))
{
// Create & Return the access token which contains JWT and Refresh Token
var accessToken = await CreateAccessToken(user);
var expireTime = accessToken.Expiration.Subtract(DateTime.UtcNow).TotalMinutes;
var refreshTokenExpireTime = accessToken.RefreshTokenExpiration.Subtract(DateTime.UtcNow).TotalMinutes;
// set cookie for jwt and refresh token
_cookieSvc.SetCookie("access_token", accessToken.Token.ToString(), Convert.ToInt32(refreshTokenExpireTime));
_cookieSvc.SetCookie("refreshToken", accessToken.RefreshToken, Convert.ToInt32(refreshTokenExpireTime));
_cookieSvc.SetCookie("loginStatus", "1", Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("username", user.UserName, Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("userRole", user.UserRole, Convert.ToInt32(refreshTokenExpireTime), false, false);
_cookieSvc.SetCookie("user_id", accessToken.UserId, Convert.ToInt32(refreshTokenExpireTime));
return(accessToken);
}
return(CreateErrorResponseToken("Invalid Username/Password", HttpStatusCode.Unauthorized));
}
catch (Exception ex)
{
Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
return(CreateErrorResponseToken("There was an Error While Processing this request", HttpStatusCode.InternalServerError));
}
}
public async Task <TwoFactorResponseModel> SendTwoFactorAsync(TwoFactorRequestModel model)
{
var twoFactorResponse = new TwoFactorResponseModel();
var result = new TwoFactorCodeModel();
try
{
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
var userIdFromHeader = _httpContextAccessor.HttpContext.Request.Headers["user_id"];
var twoFactorToken = model.TwoFactorToken;
// If two factor token is null we dont want to further execute this method
if (!string.IsNullOrEmpty(twoFactorToken) && !string.IsNullOrEmpty(userIdFromHeader))
{
var userId = DecryptData(userIdFromHeader, _dataProtectionKeys.ApplicationUserKey).ToString();
// First find user with that Id id two-factor Table
// If user was found, check if the token is valid or expired
var userResult = await _db.TwoFactorCodes.Where(x =>
x.UserId == userId &&
x.CodeExpired == false &&
x.CodeIsUsed == false &&
x.ExpiryDate > DateTime.UtcNow).FirstOrDefaultAsync();
if (userResult != null)
{
// Decrypted Two-Factor-Token from request
var protector = protectorProvider.CreateProtector(userResult.EncryptionKey2Fa);
var decryptedTwoFactorToken = protector.Unprotect(twoFactorToken);
// Get the Application User
var appUser = await _userManager.FindByIdAsync(userId);
// If both the values match request vs DB
if (userResult.Token != null && decryptedTwoFactorToken != null && userResult.Token == decryptedTwoFactorToken)
{
// check in current request if they want to remember
userResult.RememberDevice = model.RememberDevice;
await using var dbContextTransaction = await _db.Database.BeginTransactionAsync();
_db.Entry(userResult).State = EntityState.Modified;
await _db.SaveChangesAsync();
await dbContextTransaction.CommitAsync();
twoFactorResponse.IsValid = true;
twoFactorResponse.Email = appUser.Email;
twoFactorResponse.Code = userResult.TwoFactorCode;
twoFactorResponse.RememberDevice = userResult.RememberDevice;
twoFactorResponse.ResponseMessage = new ResponseStatusInfoModel
{
Message = "Authentication Success",
StatusCode = HttpStatusCode.OK
};
protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var protectedUserId = protector.Protect(userId);
_cookieSvc.SetCookie("user_id", protectedUserId, Convert.ToInt32(userResult.ExpiryDate.Subtract(DateTime.UtcNow).TotalMinutes));
return(twoFactorResponse);
}
}
}
twoFactorResponse.IsValid = false;
twoFactorResponse.Email = string.Empty;
twoFactorResponse.Code = string.Empty;
twoFactorResponse.RememberDevice = false;
twoFactorResponse.ResponseMessage = new ResponseStatusInfoModel
{
Message = "Authentication Failed",
StatusCode = HttpStatusCode.Unauthorized
};
}
catch (Exception ex)
{
Log.Error("An error occurred at ValidateTwoFactorAsync {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
return(twoFactorResponse);
}
