public async Task <IActionResult> Authenticate(AuthDTO_In authDTO)
{
var auth = await this.service.AuthenticateAsync(authDTO, ipAddress());
if (auth == null)
{
return(Unauthorized());
}
this.setTokenCookie(auth.RefreshToken);
return(Ok(auth));
}
public async Task <AuthDTO_Out> AuthenticateAsync(AuthDTO_In authDTO, string ipAddress)
{
//check if the user exist
var user = await this.context.Users
.Include(u => u.Refresh_Tokens)
.SingleOrDefaultAsync(u => u.Email == authDTO.Email);
if (user == null)
{
return(null);
}
//check if for the password match
if (!VerifyPasswordHash(authDTO.Password, user.PasswordHash, user.PasswordSalt))
{
return(null);
}
//create the JWT token and return
var JWTToken = this.GenerateJWTToken(user);
var refreshToken = this.generateRefreshToken(ipAddress);
// save refresh token
user.Refresh_Tokens.Add(refreshToken);
context.Update(user);
await context.SaveChangesAsync();
return(new AuthDTO_Out
{
Id = user.Id,
FirstName = user.FirstName,
LastName = user.LastName,
Email = user.Email,
Token = JWTToken,
RefreshToken = refreshToken.Token
});
}