/// <summary>
/// Login for Account route.
/// </summary>
/// <param name="loginDto"></param>
/// <param name="account"></param>
/// <returns></returns>
private HttpResponseMessage AccountLoginHelper(SsoLoginRequestDTO loginDto, Account account)
{
var saltModel = _saltLogic.GetSalt(loginDto.Username);
if (saltModel == null)
{
return(new HttpResponseMessage(HttpStatusCode.InternalServerError));
}
// Make sure you append the salt, not prepend (group decision).
var hashedPassword = HashService.Instance.HashPasswordWithSalt(saltModel.PasswordSalt, loginDto.Password, true);
if (!account.Password.Equals(hashedPassword))
{
return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
}
var token = JwtManager.Instance.GenerateToken(loginDto.Username);
// Grab the previous access token associated with the account.
var accountAccessToken = _jAccessTokenLogic.GetJAccessToken(loginDto.Username);
if (accountAccessToken != null)
{
// Set current account token to expired list.
var expiredToken = new ExpiredAccessToken(accountAccessToken.Value, false);
_expiredAccessTokenLogic.Create(expiredToken);
// Updated new access token.
accountAccessToken.Value = token;
_jAccessTokenLogic.Update(accountAccessToken);
}
// Redirect them to our Home page with their credentials logged.
return(new HttpResponseMessage
{
Content = new StringContent(UrlConstants.BaseAppClient + "home?jwt=" + token),
StatusCode = HttpStatusCode.OK
});
}
public void Update(ExpiredAccessToken expiredAccessToken)
{
_expiredAccessTokenRepository.Update(expiredAccessToken);
}
public void Create(ExpiredAccessToken expiredAccessToken)
{
_expiredAccessTokenRepository.Insert(expiredAccessToken);
}
