public async Task <bool> CheckAccess(string token, string permissionKey) { var decodedToken = AuthenticationHelpers.ReadToken(token); string userId = decodedToken.Claims.First(c => c.Type == "userId").Value; User user = await _users.Find <User>(user => user.Id == userId).FirstOrDefaultAsync(); if (user == null) { return(false); } List <Role> userRoles = new List <Role>(); foreach (string roleId in user.Roles) { userRoles.Add(await _roles.Find(role => role.Id == roleId).FirstOrDefaultAsync()); } string permissionId = Startup.StaticConfiguration.GetSection("PermissionIds")[permissionKey]; return(AuthenticationHelpers.IsPermissionGranted(user, userRoles, permissionId)); }
public async Task <IActionResult> Login([FromQuery] string username, [FromQuery] string password) { User user = await _userService.GetByUsername(username); if (user == null) { return(NotFound("username does not exist")); } if (!AuthenticationHelpers.IsPasswordValid(password, user.Password)) { return(Unauthorized("incorrect password")); } // Check if user has access to login List <Role> userRoles = new List <Role>(); foreach (string roleId in user.Roles) { userRoles.Add(await _roleService.Get(roleId)); } if (!AuthenticationHelpers.IsPermissionGranted(user, userRoles, Startup.StaticConfiguration.GetSection("PermissionIds")["login"])) { return(Unauthorized("not authorized for login")); } string authToken = AuthenticationHelpers.GenerateAuthToken(user, await _roleService.Get(), await _permissionService.Get()); await _tokenService.Create(new Token( null, user.Id, "auth", authToken, DateTime.UtcNow, new List <TokenAction>(), false, true )); var createdAuthToken = await _tokenService.GetByToken(authToken); string refreshToken = AuthenticationHelpers.GenerateRefreshToken(user, createdAuthToken.Id); await _tokenService.Create(new Token( null, user.Id, "refresh", refreshToken, DateTime.UtcNow, new List <TokenAction>(), false, true )); return(Ok( new Dictionary <string, string> { { "authToken", authToken }, { "refreshToken", refreshToken } } )); }