public async Task <Credential> CreateCredential(LoginCredentialDto loginCredential) { Credential credentialDb; if (loginCredential.GrantType.ToLower().Equals("refreshtoken")) { refreshToken = loginCredential.RefreshToken; logsheet = await unitOfWork.Logsheet.FindLogsheetByRefreshTokenAsync(refreshToken); if (logsheet != null && logsheet.Credential != null) { credential = logsheet.Credential; credential.IsAuthenticated = true; } } else if (loginCredential.GrantType.ToLower().Equals("idtoken")) { credentialDb = unitOfWork.Credential.FindByEmail(loginCredential.Email); if (credentialDb != null && StringHelper.CompareStringToHash(credentialDb.Password, loginCredential.Password)) { credential = credentialDb; credential.IsAuthenticated = true; } } return(credential); }
public async Task <IActionResult> Login([FromBody] LoginCredentialDto loginCredential) { string errCode = "01"; Client client = await clientService.CreateClientAsync(loginCredential.ClientId, loginCredential.ClientSecret); if (!client.IsValid) { return(new Response(HttpStatusCode.Forbidden, new Error[] { new Error { Code = ErrorCode + errCode + "01", Title = "Invalid Client", Detail = "Client info is incorrect." } }).ToActionResult()); } Credential credential = await credentialService.CreateCredential(loginCredential); if (credential.IsAuthenticated) { // check user if (!credential.IsActive) { return(new Response(HttpStatusCode.Forbidden, new Error[] { new Error { Code = ErrorCode + errCode + "04", Detail = "Your account is suspended" } }).ToActionResult()); } if (!credential.IsEmailVerified) { return(new Response(HttpStatusCode.Forbidden, new Error[] { new Error { Code = ErrorCode + errCode + "05", Detail = "Your email is not verified" } }).ToActionResult()); } var payload = new { authToken = credentialService.Login(client, credential) }; return(new Response(HttpStatusCode.Accepted, payload).ToActionResult()); } else { if (loginCredential.GrantType.ToLower().Equals("refreshtoken")) { return(new Response(HttpStatusCode.Forbidden, new Error[] { new Error { Code = ErrorCode + errCode + "02", Detail = "Refresh token is incorrect or expired." } }).ToActionResult()); } return(new Response(HttpStatusCode.Forbidden, new Error[] { new Error { Code = ErrorCode + errCode + "03", Detail = "Email or password is incorrect." } }).ToActionResult()); } }