public async Task <Credential> CreateCredential(LoginCredentialDto loginCredential)
{
Credential credentialDb;
if (loginCredential.GrantType.ToLower().Equals("refreshtoken"))
{
refreshToken = loginCredential.RefreshToken;
logsheet = await unitOfWork.Logsheet.FindLogsheetByRefreshTokenAsync(refreshToken);
if (logsheet != null && logsheet.Credential != null)
{
credential = logsheet.Credential;
credential.IsAuthenticated = true;
}
}
else if (loginCredential.GrantType.ToLower().Equals("idtoken"))
{
credentialDb = unitOfWork.Credential.FindByEmail(loginCredential.Email);
if (credentialDb != null && StringHelper.CompareStringToHash(credentialDb.Password, loginCredential.Password))
{
credential = credentialDb;
credential.IsAuthenticated = true;
}
}
return(credential);
}
public async Task <IActionResult> Login([FromBody] LoginCredentialDto loginCredential)
{
string errCode = "01";
Client client = await clientService.CreateClientAsync(loginCredential.ClientId, loginCredential.ClientSecret);
if (!client.IsValid)
{
return(new Response(HttpStatusCode.Forbidden,
new Error[] { new Error {
Code = ErrorCode + errCode + "01",
Title = "Invalid Client",
Detail = "Client info is incorrect."
} }).ToActionResult());
}
Credential credential = await credentialService.CreateCredential(loginCredential);
if (credential.IsAuthenticated)
{
// check user
if (!credential.IsActive)
{
return(new Response(HttpStatusCode.Forbidden,
new Error[] { new Error {
Code = ErrorCode + errCode + "04",
Detail = "Your account is suspended"
} }).ToActionResult());
}
if (!credential.IsEmailVerified)
{
return(new Response(HttpStatusCode.Forbidden,
new Error[] { new Error {
Code = ErrorCode + errCode + "05",
Detail = "Your email is not verified"
} }).ToActionResult());
}
var payload = new
{
authToken = credentialService.Login(client, credential)
};
return(new Response(HttpStatusCode.Accepted, payload).ToActionResult());
}
else
{
if (loginCredential.GrantType.ToLower().Equals("refreshtoken"))
{
return(new Response(HttpStatusCode.Forbidden,
new Error[] { new Error {
Code = ErrorCode + errCode + "02",
Detail = "Refresh token is incorrect or expired."
} }).ToActionResult());
}
return(new Response(HttpStatusCode.Forbidden,
new Error[] { new Error {
Code = ErrorCode + errCode + "03",
Detail = "Email or password is incorrect."
} }).ToActionResult());
}
}
