public async Task <IActionResult> LogIn([FromBody] LogInRequestModel model) { if (ModelState.IsValid) { LogInActionResult result = await _accountService.LogInActionAsync(model.Email, model.Password, model.RememberMe); if (result == LogInActionResult.TwoFactorRequired) { return(BadRequest(new LogInResponseModel { ExpectedError = true, TwoFactorRequired = true })); } if (result == LogInActionResult.Success) { _antiforgery.AddAntiforgeryCookies(HttpContext); return(Ok()); } // Don't reveal whether email or password was invalid return(BadRequest(new LogInResponseModel { ExpectedError = true, ErrorMessage = Strings.ErrorMessage_LogIn_Failed })); } return(BadRequest(new LogInResponseModel { ExpectedError = true, ModelState = new SerializableError(ModelState) })); }
/// <summary> /// /// </summary> /// <param name="context"></param> /// <returns></returns> public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } try { await _antiforgery.ValidateRequestAsync(context.HttpContext); } catch (AntiforgeryValidationException) { _antiforgery.AddAntiforgeryCookies(context.HttpContext); context.Result = new BadRequestObjectResult(new ErrorResponseModel { ExpectedError = true, ErrorMessage = MvcStrings.ErrorMessage_InvalidAntiForgeryToken, AntiForgeryError = true }); } }