public async Task <PostAuthenticateResponseModel> Authenticate(PostAuthenticateRequestModel postAuthenticateRequestModel)
{
var postAuthenticateRequestModelJson = new StringContent(
JsonSerializer.Serialize(postAuthenticateRequestModel),
Encoding.UTF8,
"application/json");
using var httpResponse = await _httpClient.PostAsync("users/authenticate", postAuthenticateRequestModelJson);
using var httpResponseStream = await httpResponse.Content.ReadAsStreamAsync();
if (httpResponse.IsSuccessStatusCode)
{
// Get the Refresh Token details out of the response and save them in the model
string refreshToken = httpResponse.Headers.GetValues("Set-Cookie").SingleOrDefault();
PostAuthenticateResponseModel postAuthenticateResponseModel = await JsonSerializer.DeserializeAsync <PostAuthenticateResponseModel>(httpResponseStream);
postAuthenticateResponseModel.RefreshToken = refreshToken;
return(postAuthenticateResponseModel);
}
throw await JsonSerializer.DeserializeAsync <MovieMindException>(httpResponseStream);
}
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks
public async Task <IActionResult> Index(PostUserModel postUserModel, string rememberMe)
{
if (postUserModel.Password != postUserModel.ConfirmPassword)
{
ModelState.AddModelError("ConfirmPassword", _localizer["Passwords are not the same"]);
}
if (ModelState.IsValid)
{
try
{
if (postUserModel.Roles == null)
{
postUserModel.Roles = new List <String>
{
"Guest"
};
}
else if (postUserModel.Roles.Count == 0)
{
postUserModel.Roles.Add("Guest");
}
// Send an API request to create the new user
GetUserModel getUserModel = await _moviemindAPIService.PostModel <PostUserModel, GetUserModel>(postUserModel, "users");
// When the user was successfully created send an API request to authenticate the new user
PostAuthenticateRequestModel postAuthenticateRequestModel = new PostAuthenticateRequestModel
{
UserName = postUserModel.UserName,
Password = postUserModel.Password,
};
PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.Authenticate(postAuthenticateRequestModel);
_stateManagementService.SetState(postAuthenticateResponseModel);
// Redirect to the home page
return(RedirectToRoute(new { action = "Index", controller = "Home" }));
}
catch (MovieMindException e)
{
TempData["ApiError"] = e.Message;
}
}
return(View(postUserModel));
}
// JWT Methods
// ===========
public async Task <PostAuthenticateResponseModel> Authenticate(PostAuthenticateRequestModel postAuthenticateRequestModel, string ipAddress)
{
User user = await _userManager.Users
.Include(x => x.RefreshTokens)
.FirstOrDefaultAsync(x => x.UserName == postAuthenticateRequestModel.UserName);
if (user == null)
{
throw new UserNameException("Invalid username", this.GetType().Name, "Authenticate", "401");
}
// Verify password when user was found by UserName
SignInResult signInResult = await _signInManager.CheckPasswordSignInAsync(user, postAuthenticateRequestModel.Password, lockoutOnFailure : false);
if (!signInResult.Succeeded)
{
throw new PasswordException("Invalid password", this.GetType().Name, "Authenticate", "401");
}
// Authentication was successful so generate JWT and refresh tokens
string jwtToken = await GenerateJwtToken(user);
RefreshToken refreshToken = GenerateRefreshToken(ipAddress);
// save refresh token
user.RefreshTokens.Add(refreshToken);
await _userManager.UpdateAsync(user);
return(new PostAuthenticateResponseModel
{
Id = user.Id,
FirstName = user.FirstName,
LastName = user.LastName,
UserName = user.UserName,
JwtToken = jwtToken,
RefreshToken = refreshToken.Token,
Roles = await _userManager.GetRolesAsync(user)
});
}
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks
public async Task <IActionResult> Index(PostAuthenticateRequestModel postAuthenticateRequestModel)
{
if (ModelState.IsValid)
{
try
{
// Send an API request to authenticate the new user
PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.Authenticate(postAuthenticateRequestModel);
_stateManagementService.SetState(postAuthenticateResponseModel);
// Redirect to the home page
return(RedirectToRoute(new { action = "Index", controller = "Home" }));
}
catch (MovieMindException e)
{
TempData["ApiError"] = e.Message;
}
}
return(View(postAuthenticateRequestModel));
}
public async Task <ActionResult <PostAuthenticateResponseModel> > Authenticate(PostAuthenticateRequestModel postAuthenticateRequestModel)
{
try
{
PostAuthenticateResponseModel postAuthenticateResponseModel = await _userRepository.Authenticate(postAuthenticateRequestModel, IpAddress());
SetTokenCookie(postAuthenticateResponseModel.RefreshToken);
return(postAuthenticateResponseModel);
}
catch (MovieMindException e)
{
return(Unauthorized(e.MovieMindError));
}
}
