public async Task <IActionResult> Login(UserForLoginDto userForLogin)
{
try
{
var userForLoggedDto = await _authService.Login(userForLogin.Email.ToLower(), userForLogin.Password);
if (userForLoggedDto == null)
{
return(Unauthorized());
}
var token = _authTokenProvider.GetToken(
new Claim(ClaimTypes.NameIdentifier, userForLoggedDto.Id.ToString()),
new Claim(ClaimTypes.Email, userForLoggedDto.Email),
new Claim(ClaimTypes.Name, userForLoggedDto.Username)
);
return(Ok(new
{
token
}));
}
catch (EntityNotFoundException ex)
{
return(NotFound(ex.Message));
}
catch (NotAuthorizedException ex)
{
return(Unauthorized());
}
}
public TokenModel ResetPasword(ResetPaswordModel model)
{
var token = _unitOfWork.Repository <ForgotPaswordTokenEntity>().Include(x => x.User).FirstOrDefault(x => x.Code == model.Code && !x.Used);
if (token != null)
{
var salt = _cryptoContext.GenerateSaltAsBase64();
var password = Convert.ToBase64String(_cryptoContext.DeriveKey(model.Password, salt));
token.User.Salt = salt;
token.User.Password = password;
token.Used = true;
_unitOfWork.Repository <UserEntity>().Update(token.User);
_unitOfWork.Repository <ForgotPaswordTokenEntity>().Update(token);
return(_authTokenProvider.GetToken(token.User));
}
return(null);
}
protected override async Task Intercept <TRequest, TResponse>(TRequest request,
ClientInterceptorContext <TRequest, TResponse> context)
where TRequest : class where TResponse : class
{
var token = await _authTokenProvider.GetToken();
if (token == null)
{
return;
}
context.Options.Headers?.AddAuthorizationIfEmpty(token);
}
public TokenModel GetToken(LoginCredentials loginCredentials)
{
var user = _unitOfWork.Repository <UserEntity>().Include(x => x.Profile).FirstOrDefault(x => x.Id == loginCredentials.Id && x.Confirmation.Confirmed);
if (user == null)
{
return(null);
}
if (_cryptoContext.ArePasswordsEqual(loginCredentials.Password, user.Password, user.Salt))
{
return(_authTokenProvider.GetToken(user));
}
return(null);
}
public async Task <HttpClient> Create(string appName)
{
var uri = await _serviceDiscovery.GetService(appName);
var httpClientHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback =
HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
};
var httpClient = new HttpClient(httpClientHandler)
{
BaseAddress = uri,
};
var token = await _authTokenProvider.GetToken();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
return(httpClient);
}
