public UserWithoutPasswordDto Authenticate(UsernamePasswordDto dto)
{
var user = this.context.Users.SingleOrDefault(u => u.Username == dto.Username);
if (user == null)
{
throw new DotaException(Constants.IncorrectUsernamePassword);
}
if (!VerifyPasswordHash(dto.Password, user.PasswordHash, user.PasswordSalt))
{
throw new DotaException(Constants.IncorrectUsernamePassword);
}
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(this.appSettings.Secret);
var claims = new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString())
};
claims = claims.Concat(user.Roles.Select(r => new Claim(ClaimTypes.Role, r.Role.Name))).ToArray();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity
(
claims
),
Expires = DateTime.UtcNow.AddMinutes(30),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var userDto = new UserWithoutPasswordDto
{
Id = user.Id,
Email = user.Email,
FirstName = user.FirstName,
LastName = user.LastName,
Username = user.Username,
Token = tokenHandler.WriteToken(token)
};
return(userDto);
}
public IActionResult Authenticate([FromBody] UsernamePasswordDto usernamePasswordDto)
{
if (!this.ModelState.IsValid)
{
return(BadRequest(this.ModelState));
}
try
{
var user = this.userService.Authenticate(usernamePasswordDto);
return(Ok(user));
}
catch (DotaException ex)
{
return(BadRequest(new { message = ex.Message }));
}
}
public void Authenticate_WithDummyUsers_ShouldThrowErrorIfUserWithThatUsernameIsNotFound()
{
var context = DotaAppContextInitializer.InitializeContext();
this.SeedUsers(context);
var options = this.GetOptions();
this.userService = new UserService(context, options);
var usernamePasswordDto = new UsernamePasswordDto
{
Username = "******"
};
DotaException exception = Assert.Throws <DotaException>(() => this.userService.Authenticate(usernamePasswordDto));
Assert.Equal(Constants.IncorrectUsernamePassword, exception.Message);
}
