// this is used to validate your user account with provided grant at /connect/token
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext input)
{
try {
// get your user model from db (by username - in my case its email)
var repoUser = await _repoUser.GetOne(input.UserName);
if (repoUser != null)
{
// check if password match - remember to hash password if stored as hash in db
if (_utlPasswordHasher.ValidatePassword(input.Password, repoUser.password))
{
// set the result
input.Result = new GrantValidationResult(
subject: repoUser.username.ToString(),
authenticationMethod: "custom",
claims: GetUserClaims(repoUser.user_detail));
return;
}
input.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Incorrect password");
return;
}
input.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "User does not exist.");
return;
}
catch (Exception ex) {
input.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Invalid username or password");
Log.Error($"Err: {ex.Message}");
}
}
public async Task <ResBase> ChangePassword(string username, IMUser.ChangePassword input)
{
// get user
var tbuUser = await _repoUser.GetOne(username);
if (tbuUser == null)
{
return(new ResBase($"user {username} not found"));
}
// validate user's old password
if (!_utlPasswordHasher.ValidatePassword(input.oldPassword, tbuUser.password))
{
return(new ResBase($"old password is incorrect"));
}
// edit header
tbuUser.password = _utlPasswordHasher.HashPassword(input.newPassword);
tbuUser.md_password = now;
try {
// update user
_repoUser.Update(tbuUser);
// commit
await _unitOfWork.Commit();
return(new ResBase());
}
catch (Exception ex) {
return(new ResBase($"Server errror: {ex.Message}"));
}
}
// Get user profile date in terms of claims when calling /connect/userinfo
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
try {
// depending on the scope accessing the user data.
if (!string.IsNullOrEmpty(context.Subject.Identity.Name))
{
// get user from db (in my case this is by email)
var repoUser = await _repoUser.GetOne(context.Subject.Identity.Name);
if (repoUser != null)
{
var claims = ResourceOwnerPasswordValidator.GetUserClaims(repoUser.user_detail);
// set issued claims to return
context.IssuedClaims = claims.Where(x => context.RequestedClaimTypes.Contains(x.Type)).ToList();
}
}
else
{
// get subject from context (this was set ResourceOwnerPasswordValidator.ValidateAsync),
// where and subject was set to my user id.
var username = context.Subject.Claims.FirstOrDefault(x => x.Type == "sub");
if (username.Value.HasValue())
{
// get user from db (find user by user id)
var repoUser = await _repoUser.GetOne(username.Value);
// issue the claims for the user
if (repoUser != null)
{
var claims = ResourceOwnerPasswordValidator.GetUserClaims(repoUser.user_detail);
context.IssuedClaims = claims.ToList();
// context.IssuedClaims = claims.Where(x => context.RequestedClaimTypes.Contains(x.Type)).ToList();
}
}
}
}
catch (Exception ex) {
Log.Error($"Err: {ex.Message}");
}
}