public async Task <AuthResponse> CreateTokenAsync(string ipAddress, User user, IList <string> roles = null) { var accessToken = await _jwtFactory.GenerateEncodedToken(user, roles); var refreshToken = _tokenFactory.GenerateToken(); await SetRefreshTokenAsync(ipAddress, user, refreshToken); return(new AuthResponse { AccessToken = accessToken, RefreshToken = refreshToken }); }
public async Task <LoginResponseDto> Login(LoginInputDto inputDto) { var loginResult = await getLoginResultAsync(inputDto.UsernameOrEmailAddress, inputDto.Password, inputDto.TenancyName); if (loginResult.Result == HozaruLoginResultType.Success) { var user = loginResult.User; var refreshToken = _refreshTokenService.CreateRefreshToken(user, inputDto.RemoteIpAddress); var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName, user.TenantId); return(new LoginResponseDto(jwtToken, refreshToken.Token, true)); } return(new LoginResponseDto(null, "", false, "")); }
public async Task <ActionResult> Register(AccountRegisterViewModel registerVm) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } try { var identityResult = await _accountManager.Register(registerVm.FirstName, registerVm.LastName, registerVm.Email, registerVm.Password); if (!identityResult.Succeeded) { var error = identityResult.Errors.Any() ? identityResult.Errors.FirstOrDefault().Description : "Error while registering user!"; return(BadRequest(error)); } var user = await _accountManager.Authenticate(registerVm.Email, registerVm.Password, false); if (user == null) { return(Unauthorized()); } var identity = await GetClaimsIdentity(user); var response = new { uId = identity.Claims.Single(c => c.Type == "id").Value, firstName = user.FirstName, lastName = user.LastName, email = user.Email, formattedName = user.FirstName + " " + user.LastName, auth_token = await _jwtFactory.GenerateEncodedToken(user.Email, identity), expires_in = (int)_jwtOptions.ValidFor.TotalSeconds }; var userData = JsonConvert.SerializeObject(response); return(new OkObjectResult(userData)); } catch (Exception ex) { await _logger.Log(LogLevel.Error, "Account", ex, "Register"); return(new BadRequestObjectResult(ex.Message)); } }
public async Task <IActionResult> Login([FromForm] string email, [FromForm] string password) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var identity = await GetClaimsIdentity(email, password); if (identity == null) { return(BadRequest(Errors.AddErrorToModelState("login_failure", "Invalid username or password.", ModelState))); } // Serialize and return the response var response = new { id = identity.Claims.Single(c => c.Type == "id").Value, auth_token = await jwtFactory.GenerateEncodedToken(email, identity), expires_in = (int)jwtOptions.ValidFor.TotalSeconds }; var json = JsonConvert.SerializeObject(response, serializerSettings); return(new OkObjectResult(json)); }
public async Task <IActionResult> Login([FromBody] LoginRequest request) { var user = _userService.GetUserByName(request.UserName); if (user == null) { ModelState.AddModelError("login_failure", "Invalid username."); return(BadRequest(ModelState)); } if (!request.Password.Equals(user.Password)) { ModelState.AddModelError("login_failure", "Invalid password."); return(BadRequest(ModelState)); } var claimsIdentity = _jwtFactory.GenerateClaimsIdentity(user); var token = await _jwtFactory.GenerateEncodedToken(user.UserName, claimsIdentity); await _redis.StringSetAsync(user.Id.ToString(), JsonConvert.SerializeObject(user), TimeSpan.FromHours(2)); var response = new { auth_token = token, token_type = "Bearer" }; var result = JsonConvert.SerializeObject(response, new JsonSerializerSettings { Formatting = Formatting.Indented }); return(new OkObjectResult(result)); }
public async Task <LoginResponse> Login(LoginRequest request) { var user = await _repository.Get <User>(x => x.UserName == request.UserName); if (user != null) { if (_passwordHasher.VerifyHashedPassword(user, user.Password, request.Password) != PasswordVerificationResult.Success) { throw new UnAuthorizedExceptions("Invalid Password entered"); } // generate refresh token var refreshToken = _tokenFactory.GenerateToken(); // generate access token var generateEncodedToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName); return(new LoginSuccessResponse() { Token = generateEncodedToken, RefreshToken = refreshToken }); } return(new LoginErrorResponse { ErrorMessage = "No user found" }); }
public async Task <IActionResult> Post([FromBody] JwtPostPayload payload) { // Get user from db var user = _userManager.UserWithUsername(payload.Username); if (user == null) { return(NotFound()); // user not found } // Verify password if (!_authenticationManager.IsPasswordCorrect(user, payload.Password)) { return(Unauthorized()); // password is not valid } // Generate jwt var jwt = await _jwtFactory.GenerateEncodedToken(user); // Set jwt header Request.HttpContext.Response.Headers.Add("jwt", jwt); // Return correct result return(NoContent()); }
public async Task <LoginResponseMessage> Handle(LoginRequestMessage message) { List <string> errors = new List <string>(); ClaimsIdentity identity = await _authenticationService.GetClaimsIdentity(message.Email, message.Password); if (identity == null) { return(new LoginResponseMessage(false, null, new JwtToken(), "Not Authorised")); } JwtToken token = new JwtToken() { Id = identity.Claims.Single(c => c.Type == "id").Value, Auth_Token = await _jwtFactory.GenerateEncodedToken(message.Email, identity), ExpiresIn = (int)_jwtOptions.ValidFor.TotalSeconds }; if (!identity.IsAuthenticated) { errors.Add($"Failed to login {identity.ToString()}"); } return(new LoginResponseMessage(!errors.Any(), errors, token)); }
public async Task <Result <TokenResult> > Handle(RefreshTokenCommand request, CancellationToken cancellationToken) { if (request.AccessToken.IsEmpty()) { throw new AuthException($"invalid {nameof(request.AccessToken)}"); } if (request.RefreshToken.IsEmpty()) { throw new AuthException($"invalid {nameof(request.RefreshToken)}"); } var claimsPrincipal = _jwtTokenValidator.GetPrincipalFromToken(request.AccessToken, _authSettings.SecretKey); if (claimsPrincipal is null) { return(Result.Failure <TokenResult>("Invalid access token")); } var id = claimsPrincipal.Claims.First(c => c.Type == ClaimTypes.Sid); var role = claimsPrincipal.Claims.First(x => x.Type == ClaimTypes.Role); var user = await _userManager.FindByIdAsync(id.Value); var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName, role.Value, user.Email); var refreshToken = _tokenFactory.GenerateToken(); await _userManager.RemoveAuthenticationTokenAsync(user, TokenProviderNames.LoginProvider, TokenProviderNames.TokenName); await _userManager.SetAuthenticationTokenAsync(user, TokenProviderNames.LoginProvider, TokenProviderNames.TokenName, refreshToken); return(Result.Success(new TokenResult(refreshToken, jwtToken.Token, jwtToken.ExpiresIn))); }
public async Task <bool> Handle(LoginRequest message, IOutputPort <LoginResponse> outputPort) { LogInResponse result = null; if (!string.IsNullOrEmpty(message.UserName) && !string.IsNullOrEmpty(message.Password)) { result = await _userRepository.CheckPassword(message.UserName, message.Password); if (result != null && result.Success && result.User != null) { // generate refresh token var refreshToken = _tokenFactory.GenerateToken(); result.User.AddRefreshToken(refreshToken, message.RemoteIpAddress); _userRepository.Update(result.User); // generate access token outputPort.Handle(new LoginResponse(await _jwtFactory.GenerateEncodedToken(result.User.IdentityId, result.User.UserName), refreshToken, true)); return(true); } } outputPort.Handle(new LoginResponse(result != null ? result.Errors : new System.Collections.Generic.List <Error>() { new Error(HttpStatusCode.BadRequest.ToString(), "Invalid username or password!") })); return(false); }
public async Task <BaseResponseDto <Token> > Handle(AutenticarLoginRequest request, CancellationToken cancellationToken) { var response = new BaseResponseDto <Token>(); const string messageUserInvalid = "Usuário ou Senha inválido."; try { if (string.IsNullOrEmpty(request.Login) || string.IsNullOrEmpty(request.Senha)) { response.Errors.Add(messageUserInvalid); return(response); } var login = await _repository.FindWhereAsync(p => p.Login == request.Login && p.Senha == request.Senha); if (login == default) { response.Errors.Add(messageUserInvalid); return(response); } response.Data = await _jwtFactory.GenerateEncodedToken(login.Id.ToString(), login.Login); } catch (Exception ex) { _logger.LogError(ex, ex.Message); response.Errors.Add("Falha ao buscar o login."); } return(response); }
public async Task <IActionResult> Login([FromBody] CredentialsViewModel credentials) { bool isValidUser = false; ClaimsIdentity claimsIdentity; if (credentials.UserName != null && credentials.Password != null) { var userToVerify = await _userManager.FindByNameAsync(credentials.UserName); if (userToVerify != null) { if (await _userManager.CheckPasswordAsync(userToVerify, credentials.Password)) { isValidUser = true; claimsIdentity = _jwtFactory.GenerateClaimsIdentity(credentials.UserName, userToVerify.Id); return(new OkObjectResult(JsonConvert.SerializeObject(new { id = claimsIdentity.Claims.Single(x => x.Type == "id").Value, auth_token = await _jwtFactory.GenerateEncodedToken(credentials.UserName, claimsIdentity), expires_in = (int)(new JwtIssuerOptions().ValidFor.TotalSeconds), success = true, fullName = userToVerify.FirstName }, new JsonSerializerSettings { Formatting = Formatting.Indented }))); } } } return(BadRequest("Invalid UserName or Password")); }
public async Task <object> Authenticate(UserDto user) { if (user == null) { throw new ArgumentNullException(nameof(user)); } var identity = await GetClaimsIdentity(user); if (identity == null) { throw new ArgumentNullException(nameof(identity)); } string token = await JwtFactory.GenerateEncodedToken(user.UserName, identity); if (token == null) { throw new ArgumentNullException(nameof(token)); } return(new { id = identity.FindFirst(ClaimTypes.NameIdentifier).Value, auth_token = token, expires_in = (int)JwtOptions.ValidFor.TotalSeconds }); }
protected async override Task <Credentials> HandleCore(Query request) { var identity = await GetClaimsIdentity(request.Username, request.Password); var user = await _userManager.FindByNameAsync(request.Username); var role = await _userManager.GetRolesAsync(user); if (!await _userManager.IsEmailConfirmedAsync(user)) { return(new Credentials { IsEmailConfirmed = false }); } return(new Credentials { Id = identity.Claims.Single(c => c.Type == "id").Value, Username = request.Username, Token = await _jwtFactory.GenerateEncodedToken(request.Username, identity), ExpiresIn = (int)_jwtOptions.ValidFor.TotalSeconds, Role = role.FirstOrDefault(), IsEmailConfirmed = true }); }
public async Task <ActionResult <TokenResponseViewModel> > Post([FromBody] LogonViewModel credentials) { if (!ModelState.IsValid) { return(BadRequest(AuthenticationErrorViewModel.Init(ModelState))); } // user name used at logon is "email" var identity = await GetClaimsIdentity(credentials.UserName, credentials.Password); if (identity == null) { return(BadRequest(AuthenticationErrorViewModel.Init(Errors.AddErrorToModelState("login_failure", "User not known.", ModelState)))); } var user = new UserViewModel { UserName = identity.Name, Id = identity.Claims.Single(c => c.Type == "id").Value }; // log user immediately in var result = await _signin.CheckPasswordSignInAsync(user, credentials.Password, true); if (!result.Succeeded) { return(BadRequest(AuthenticationErrorViewModel.Init(Errors.AddErrorToModelState("login_failure", "Invalid username or password.", ModelState)))); } // Serialize and return the response var response = new TokenResponseViewModel { Id = identity.Claims.Single(c => c.Type == "id").Value, AuthToken = await _jwtFactory.GenerateEncodedToken(credentials.UserName, identity), ExpiresIn = (int)_jwtOptions.ValidFor.TotalSeconds }; return(response); }
public async Task <IActionResult> Login([FromBody] CredentialModel credentials) { try { var identity = await GetClaimsIdentity(credentials.UserName, credentials.Password); if (identity == null) { var error = new { message = "Invalid username or password" }; var errroJson = JsonConvert.SerializeObject(error, _serializerSettings); return(new BadRequestObjectResult(errroJson)); } // Serialize and return the response var response = new { id = identity.Claims.Single(c => c.Type == "id").Value, token = await _jwtFactory.GenerateEncodedToken(credentials.UserName, identity), expiresin = (int)_jwtOptions.ValidFor.TotalSeconds, username = credentials.UserName, email = "", }; var json = JsonConvert.SerializeObject(response, _serializerSettings); return(new OkObjectResult(json)); } catch (Exception ex) { throw ex; } }
public async Task <IActionResult> Authorize() { if (!User.Identity.IsAuthenticated) { return(await Task.FromResult(new UnauthorizedResult())); } var verifiedUser = await _userManager.FindByNameAsync(User.Identity.Name); foreach (var role in _roles) { var hasRole = await _userManager.IsInRoleAsync(verifiedUser, role.Name); if (hasRole) { verifiedUser.UserRoles.Add(new MacheteUserRole { Role = role, User = verifiedUser }); // TODO completely untested } } _jwtOptions.Issuer = Routes.GetHostFrom(Request).IdentityRoute(); _jwtOptions.Nonce = Guid.NewGuid().ToString(); // corners were cut; this is supposed to identify the client var claimsIdentity = await _jwtFactory.GenerateClaimsIdentity(verifiedUser, _jwtOptions); var jwt = await _jwtFactory.GenerateEncodedToken(claimsIdentity, _jwtOptions); return(await Task.FromResult <IActionResult>( new OkObjectResult(new { access_token = jwt }) )); }
public async Task <AccountDto> Login(LoginDto input) { //find user first... var user = await _userManager.FindByNameAsync(input.Email); if (user == null) { throw new ApplicationException($"Unable to load user with ID '{user.Id}'."); } //validate password... var result = await _signInManager.CheckPasswordSignInAsync(user, input.Password, false); //if password was ok, return this user. if (!result.Succeeded) { throw new ApplicationException($"Invalid username or password");; } var token = await _jwtFactory.GenerateEncodedToken(user.Id, user.UserName); return(new AccountDto { Name = user.Name, Surname = user.Surname, Email = user.Email, AccessToken = token }); }
public async Task <IActionResult> Login([FromBody] LoginModel loginModel) { if (!ModelState.IsValid) { return(BadRequest(new BadRequestError(ModelState.GetErrors().FirstOrDefault()))); } (ClaimsIdentity claimsIdentity, User user) = await GetClaimsIdentity(loginModel); if (claimsIdentity == null) { return(BadRequest(new ModelError("Login failed. Invalid email address or password."))); } // Serialize and return the response var response = new { auth_token = await _jwtFactory.GenerateEncodedToken(loginModel.EmailAddress, claimsIdentity), expires_in = (int)JwtIssuerOptions.ValidFor.TotalSeconds, user_id = user.UserId }; string json = JsonConvert.SerializeObject(response, _serializerSettings); return(new OkObjectResult(json)); }
public async Task <IActionResult> Post([FromBody] CredentialsViewModel credentials) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var identity = await GetClaimsIdentity(credentials.Email, credentials.Password); var user = await _applicationDbContext.Users.SingleOrDefaultAsync(x => x.Email == credentials.Email); if (identity == null) { return(BadRequest(Errors.AddErrorToModelState("login_failure", "Invalid username or password.", ModelState))); } var accountId = _applicationDbContext.Accounts.Single(x => x.UserId.ToString() == user.Id).Id; // Serialize and return the response var response = new { id = identity.Claims.Single(c => c.Type == "id").Value, auth_token = await _jwtFactory.GenerateEncodedToken(credentials.Email, identity, user.FullName, accountId), expires_in = (int)_jwtOptions.ValidFor.TotalSeconds }; var json = JsonConvert.SerializeObject(response, _serializerSettings); return(new OkObjectResult(json)); }
public async Task <IActionResult> Post([FromBody] Credentials credentials) { //see if credentials are valid var resultUser = await _userDAL.AuthorizeAsync(credentials.Username, credentials.Password); if (!resultUser.Success) { return(Unauthorized()); } if (resultUser.Data == null) { return(Unauthorized()); } //generate claims identity var identity = _jwtFactory.GenerateClaimsIdentity(resultUser.Data.Username, resultUser.Data.AccountID.ToString()); if (identity == null) { return(BadRequest()); } var response = new { id = identity.Claims.Single(c => c.Type == "id").Value, data = await _jwtFactory.GenerateEncodedToken(credentials.Username, identity), expires_in = (int)_jwtOptions.ValidFor.TotalSeconds }; return(new OkObjectResult(JsonConvert.SerializeObject(response))); }
public async Task <IActionResult> Post([FromBody] CredentialsViewModel credentials) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var identity = await GetClaimsIdentity(credentials.Email, credentials.Password); if (identity == null) { return(BadRequest(Errors.AddErrorToModelState("login_failure", "Niepoprawny login lub hasło", ModelState))); } // Serialize and return the response var user = _context.Users.Include(d => d.DeliveryData).Include(i => i.InvoiceData).Include((o => o.Orders)).SingleOrDefault(x => x.Email == credentials.Email); var response = new { auth_token = await _jwtFactory.GenerateEncodedToken(credentials.Email, identity), expires_in = (int)_jwtOptions.ValidFor.TotalSeconds, user = Mapper.Map <UsersViewModel>(user) }; return(new OkObjectResult(response)); }
private async Task <string> GenerateJwt(User localUser) { var jwtIdentity = _jwtFactory.GenerateClaimsIdentity(localUser.UserName, localUser.Id); var jwt = await _jwtFactory.GenerateEncodedToken(localUser.UserName, jwtIdentity); return(jwt); }
public async Task Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort) { if (!message.IsValid()) { NotifyValidationErrors(message); return; } var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { var id = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value)); if (user.HasValidRefreshToken(message.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one _userRepository.Update(user); if (Commit()) { outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken)); return; } } } await Bus.RaiseEvent(new DomainNotification(message.MessageType, "Failed to refresh token")); }
public async Task <IActionResult> Login([FromBody] LoginViewModel model) { var identity = await GetClaimsIdentity(model.Username, model.Password); var user = await _userManager.FindByNameAsync(model.Username); if (identity == null) { return(BadRequest("Login Failure")); } var response = new { id = identity.Claims.Single(x => x.Type == "id").Value, auth_token = await _factory.GenerateEncodedToken(model.Username, identity), expires_in = (int)_options.ValidFor.TotalSeconds, username = model.Username, email = user.Email, settings = new { theme = user.Theme, sortTeamsAscending = user.SortTeamsAscending } }; var json = JsonConvert.SerializeObject(response, _serializerSettings); return(new OkObjectResult(json)); }
public async Task <bool> Handle(LoginRequest message, IOutputPort <LoginResponse> outputPort) { if (!string.IsNullOrEmpty(message.UserName) && !string.IsNullOrEmpty(message.Password)) { // ensure we have a user with the given user name var user = await _userRepository.FindByName(message.UserName); if (user != null) { // validate password if (await _userRepository.CheckPassword(user, message.Password)) { // generate refresh token var refreshToken = _tokenFactory.GenerateToken(); user.AddRefreshToken(refreshToken, user.Id, message.RemoteIpAddress); await _userRepository.Update(user); // generate access token outputPort.Handle(new LoginResponse(await _jwtFactory.GenerateEncodedToken(user.IdentityId, user.UserName), refreshToken, true)); return(true); } } } outputPort.Handle(new LoginResponse(new[] { new Error("login_failure", "Invalid username or password.") })); return(false); }
public async Task <IActionResult> Post([FromBody] CredentialsViewModel credentials) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var identity = await GetClaimsIdentity(credentials.UserName, credentials.Password); if (identity == null) { return(BadRequest(Errors.AddErrorToModelState("login_failure", "Invalid username or password.", ModelState))); } // Serialize and return the response var response = new { id = identity.Claims.Single(c => c.Type == "id").Value, auth_token = await _jwtFactory.GenerateEncodedToken(credentials.UserName, identity), expires_in = (int)_jwtOptions.ValidFor.TotalSeconds, userName = identity.Name }; var json = JsonConvert.SerializeObject(response, _serializerSettings); return(new OkObjectResult(json)); }
private async Task <UserSummaryViewModel> GetUserData(CrmIdentityUser user) { if (user == null) { return(null); } var roles = await _userManager.GetRolesAsync(user); if (roles.Count == 0) { roles.Add("prospect"); } // generate the jwt for the local user... var jwt = await _jwtFactory.GenerateEncodedToken(user.UserName, _jwtFactory.GenerateClaimsIdentity(user.UserName, user.Id.ToString())); var userModel = new UserSummaryViewModel { //JWT could inject all these properties instead of creating a model, //but a model is a little easier to access from client code without //decoding the token. When this user model starts to contain arrays //of complex data, including it all in the JWT value can get complicated. Id = user.Id, Name = user.Name, EmailAddress = user.Email, JwtToken = jwt, Roles = roles.ToArray(), //each role could be a separate claim in the JWT AccountId = 0 //TODO: load this from registration data }; return(userModel); }
public async Task <bool> Handle(ExchangeRefreshTokenRequest message, IOutputPort <ExchangeRefreshTokenResponse> outputPort) { var cp = _jwtTokenValidator.GetPrincipalFromToken(message.AccessToken, message.SigningKey); // invalid token/signing key was passed and we can't extract user claims if (cp != null) { var id = cp.Claims.First(c => c.Type == "id"); var user = await _userRepository.GetSingleBySpec(new UserSpecification(id.Value)); if (user.HasValidRefreshToken(message.RefreshToken)) { var jwtToken = await _jwtFactory.GenerateEncodedToken(user.IdentityId, user.UserName, new List <string> { "ROLE_ADMINISTRADOR" }); var refreshToken = _tokenFactory.GenerateToken(); user.RemoveRefreshToken(message.RefreshToken); // delete the token we've exchanged user.AddRefreshToken(refreshToken, user.Id, ""); // add the new one await _userRepository.Update(user); outputPort.Handle(new ExchangeRefreshTokenResponse(jwtToken, refreshToken, true)); return(true); } } outputPort.Handle(new ExchangeRefreshTokenResponse(false, "Invalid token.")); return(false); }
public async Task Handle(LoginRequest message, IOutputPort <LoginResponse> outputPort) { if (!message.IsValid()) { NotifyValidationErrors(message); return; } // ensure we have a user with the given user name var user = await _userRepository.FindByName(message.UserName); if (user != null) { // validate password if (await _userRepository.CheckPassword(user, message.Password)) { // generate refresh token var refreshToken = _tokenFactory.GenerateToken(); user.AddRefreshToken(refreshToken, user.Id, message.RemoteIpAddress); _userRepository.Update(user); if (Commit()) { // generate access token outputPort.Handle(new LoginResponse(await _jwtFactory.GenerateEncodedToken(user.Id.ToString(), user.UserName), refreshToken)); return; } } } await Bus.RaiseEvent(new DomainNotification(message.MessageType, "Username/password is invalid")); }