public IActionResult login(LoginReq loginReq)
{
string salt = securityDb.getSalt(loginReq.login);
if (salt == null)
{
return(BadRequest("salt doesnt exist for this user, u cant login"));
}
var valueBytes = KeyDerivation.Pbkdf2(
password: loginReq.password,
salt: Encoding.UTF8.GetBytes(salt),
prf: KeyDerivationPrf.HMACSHA512,
iterationCount: 10000,
numBytesRequested: 256);
loginReq.password = Convert.ToBase64String(valueBytes);
if (!securityDb.loginUser(loginReq))
{
return(Unauthorized());
}
var claims = new[]
{
new Claim(ClaimTypes.Role, "Employee"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["SecretKey"]));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512);
var token = new JwtSecurityToken
(
issuer: "Program",
audience: "Ktokolwiek",
claims: claims,
expires: DateTime.Now.AddMinutes(60),
signingCredentials: credentials
);
var rToken = Guid.NewGuid();
securityDb.createRefreshToken(rToken);
return(Ok(new {
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = rToken
}));
}
public IActionResult RefreshToken(RefreshReq refreshReq)
{
if (!securityDb.checkIfTokenExists(refreshReq.refreshToken))
{
return(NotFound());
}
var claims = new[]
{
new Claim(ClaimTypes.Role, "Employee"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["SecretKey"]));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512);
var token = new JwtSecurityToken
(
issuer: "Program",
audience: "Ktokolwiek",
claims: claims,
expires: DateTime.Now.AddMinutes(60),
signingCredentials: credentials
);
var rToken = Guid.NewGuid();
securityDb.createRefreshToken(rToken);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = rToken
}));
}