public async Task <UserLoginResponseDTO> Login(UserLoginDTO dto) { var user = await _context.Users.WhereIsNotDeleted() .Include(u => u.Role) .FirstOrDefaultAsync(u => u.UserName == dto.UserName); if (user != null && PasswordHelper.VerifyPassword(dto.Password, user.PasswordHash)) { //todo think about BL_CODE_USER_NOT_CONFIRMED exception /*if (user.StatusId < (int) UserStatusEnum.Confirmed) * { * throw new BusinessLogicException(ExceptionCodes.BL_CODE_USER_NOT_CONFIRMED); * }*/ var jwtToken = GetJwt(user); var refreshToken = GetRefreshToken(user.Id, user.UserName, user.Role?.Name); var response = new UserLoginResponseDTO { AccessToken = jwtToken, UserName = user.UserName, Role = user.Role?.Name, CompanyId = user.CompanyId, RefreshToken = refreshToken }; return(response); } throw new BadRequestException(ExceptionCodes.COMMON_NOT_EXIST); }
public async Task RequestTokenAsync_exist_correctPassword_get_token() { // Arrange var controller = new UserController(UserService.Object); UserLoginDTO userLoginDTO = new UserLoginDTO(UserEntities.First().Username, UserEntities.First().Password); // Act IActionResult response = await controller.RequestTokenAsync(userLoginDTO); // Assert Assert.IsInstanceOfType(response, typeof(OkObjectResult)); var result = response as OkObjectResult; Assert.AreEqual(200, result.StatusCode); Assert.IsNotNull(result.Value); Assert.IsInstanceOfType(result.Value, typeof(UserLoginResponseDTO)); UserLoginResponseDTO loginDTO = result.Value as UserLoginResponseDTO; Assert.IsNotNull(loginDTO.Token); Assert.IsInstanceOfType(loginDTO.Token, typeof(string)); }
//public async Task<MobileUserDTO> ResetPasswordMobile(string code, string newPassword) //{ // var id = ValidateCodeAndGetUser(code); // var user = await _context.MobileUsers.WhereIsNotDeleted(x => x.Id == id).FirstAsync(); // var passwordHash = PasswordHelper.GetPasswordHash(newPassword); // user.PasswordHash = passwordHash; // await _context.SaveChangesAsync(); // var userDto = _mapper.Map<MobileUser, MobileUserDTO>(user); // var paramDict = new Dictionary<string, string>(); // paramDict.Add("name", userDto.Name); // paramDict.Add("clientDomain", ConstantsApp.CLIENT_DOMAIN); // await _emailService.SendEmailAsync(user.Email, EmailTemplateEnum.MobileUserResetPasswordDoneEmail, // paramDict); // return userDto; //} //public async Task ResetPasswordMobileInit(string userName) //{ // var user = await _context.MobileUsers.FirstOrDefaultAsync(x => x.UserName == userName); // if (user == null) // { // throw new BadRequestException(ExceptionCodes.COMMON_NOT_EXIST); // } // var userDto = _mapper.Map<MobileUser, MobileUserDTO>(user); // var paramDict = new Dictionary<string, string>(); // paramDict.Add("name", userDto.Name); // paramDict.Add("clientDomain", ConstantsApp.CLIENT_DOMAIN); // var code = GetCode(user.Id, user.UserName); // paramDict.Add("code", code); // await _emailService.SendEmailAsync(user.Email, EmailTemplateEnum.MobileUserResetPasswordEmail, // paramDict); //} #endregion #region Refresh token public async Task <UserLoginResponseDTO> RefreshToken(string jwtToken, string refreshToken) { var id = ValidateRefreshTokenAndGetUser(refreshToken); var idFromJwt = ValidateJwtBigExpireAndGetUser(jwtToken); var user = await _context.Users.WhereIsNotDeleted(x => x.Id == id).Include(x => x.Role).FirstAsync(); var newJwtToken = GetJwt(user); var newRefreshToken = GetRefreshToken(user.Id, user.UserName, user.Role?.Name); if (id == idFromJwt) { var response = new UserLoginResponseDTO { AccessToken = newJwtToken, UserName = user.UserName, Role = user.Role?.Name, RefreshToken = newRefreshToken }; return(response); } throw new BusinessLogicException(ExceptionCodes.AUTH_REFRESH_TOKEN_INCORRECT); }
public async Task <ActionResult> Login([FromBody] UserLoginRequestDTO userLoginRequestDTO, [FromServices] SigningConfigurations signingConfigurations, [FromServices] TokenConfigurations tokenConfigurations) { try { bool credentialsIsValid = false; if (userLoginRequestDTO != null && !string.IsNullOrEmpty(userLoginRequestDTO.Email)) { User userLogin = _userManager.FindByEmailAsync(userLoginRequestDTO.Email).Result; IEnumerable <Address> address = userLogin.Addresses; if (userLogin != null) { var result = await _signInManager.PasswordSignInAsync(userLoginRequestDTO.Email, userLoginRequestDTO.Password, false, true); if (result.Succeeded) { credentialsIsValid = _userManager.IsInRoleAsync(userLogin, userLoginRequestDTO.Role).Result; } if (credentialsIsValid) { ClaimsIdentity identity = new ClaimsIdentity( new GenericIdentity(userLoginRequestDTO.Email, "Login"), new[] { new Claim("Id", userLogin.Id.ToString()), new Claim("EstablishmentId", userLogin.EstablishmentId.ToString()), new Claim("UserName", userLogin.UserName), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")), new Claim(JwtRegisteredClaimNames.UniqueName, userLoginRequestDTO.Email) } ); var roles = _userManager.GetRolesAsync(userLogin).Result; foreach (string role in roles) { identity.AddClaim(new Claim(ClaimTypes.Role, role)); } DateTime creationDate = DateTime.Now; DateTime expirationDate = creationDate + TimeSpan.FromSeconds(tokenConfigurations.Seconds); UserLoginResponseDTO userLoginResponseDTO = new UserLoginResponseDTO { User = _mapper.Map <UserResponseDTO>(userLogin), Token = new AuthToken().GemerateToken(signingConfigurations, tokenConfigurations, identity, creationDate, expirationDate), CreationDate = creationDate, ExpirationDate = expirationDate }; return(Ok(userLoginResponseDTO)); } } return(NotFound()); } return(BadRequest("Unable to login.")); } catch (Exception ex) { return(BadRequest(ex)); } }