public async Task <IActionResult> Login([FromBody] EmailPasswordModel model) { if (!ModelState.IsValid) { return(BadRequest("Invalid user name or password")); } var user = await _userManager.FindByEmailAsync(model.Email); if (user == null) { return(Conflict("Bad user name password combination")); } if (!await _userManager.CheckPasswordAsync(user, model.Password)) { return(Conflict("Bad user name password combination")); } //TODO: implement user account lockout to avoid guess password with brute force var refreshToken = AesCryptor.EncryptStringAes(user.Id, RefreshtokenKey.Value, RefreshtokenKey.IV); var jwtToken = JwtTokenizer.GenerateJwtToken(user.Id, user.Email); //CreateAuthenticatedCookie(jwtToken); return(Ok(new { userId = user.Id, Token = jwtToken, refreshtoken = refreshToken })); }
public async Task <IActionResult> Login([FromBody] LoginViewmodel value) { var user = await _userManager.FindByEmailAsync(value.Email); if (user != null && await _userManager.CheckPasswordAsync(user, value.Password)) { _jwtTokenService.CreateToken(user); } return(Unauthorized()); }
public async Task <IActionResult> Login([FromBody] LoginModel loginModel) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var user = await userManager.FindByNameAsync(loginModel.Email); if (!(user != null && await userManager.CheckPasswordAsync(user, loginModel.Password))) { return(Unauthorized()); } if (!await userManager.IsEmailConfirmedAsync(user)) { return(Ok(new { success = false, message = "Check your email to verify your account." })); } return(Ok(new { access_token = new ApplicationJwtProvider(Configuration, userManager).JwtTokenBuilder(user).Result })); }
protected override async Task <Response <CreateResult> > HandleCore(LoginRequest request) { var user = await _userManager.FindByNameAsync(request.UserName); if (user == null) { return(new Response <CreateResult>(CreateResult.NotCreated)); } var passwordCheckResult = await _userManager.CheckPasswordAsync(user, request.Password); // todo: add new results with errors, (password bad, user not found, user locked and etc.) if (passwordCheckResult) { return(new Response <CreateResult>(CreateResult.Created)); } else { return(new Response <CreateResult>(CreateResult.NotCreated)); } }