public UserWithoutPasswordDto Authenticate(UsernamePasswordDto dto) { var user = this.context.Users.SingleOrDefault(u => u.Username == dto.Username); if (user == null) { throw new DotaException(Constants.IncorrectUsernamePassword); } if (!VerifyPasswordHash(dto.Password, user.PasswordHash, user.PasswordSalt)) { throw new DotaException(Constants.IncorrectUsernamePassword); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(this.appSettings.Secret); var claims = new Claim[] { new Claim(ClaimTypes.Name, user.Id.ToString()) }; claims = claims.Concat(user.Roles.Select(r => new Claim(ClaimTypes.Role, r.Role.Name))).ToArray(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity ( claims ), Expires = DateTime.UtcNow.AddMinutes(30), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var userDto = new UserWithoutPasswordDto { Id = user.Id, Email = user.Email, FirstName = user.FirstName, LastName = user.LastName, Username = user.Username, Token = tokenHandler.WriteToken(token) }; return(userDto); }
public IActionResult Authenticate([FromBody] UsernamePasswordDto usernamePasswordDto) { if (!this.ModelState.IsValid) { return(BadRequest(this.ModelState)); } try { var user = this.userService.Authenticate(usernamePasswordDto); return(Ok(user)); } catch (DotaException ex) { return(BadRequest(new { message = ex.Message })); } }
public void Authenticate_WithDummyUsers_ShouldThrowErrorIfUserWithThatUsernameIsNotFound() { var context = DotaAppContextInitializer.InitializeContext(); this.SeedUsers(context); var options = this.GetOptions(); this.userService = new UserService(context, options); var usernamePasswordDto = new UsernamePasswordDto { Username = "******" }; DotaException exception = Assert.Throws <DotaException>(() => this.userService.Authenticate(usernamePasswordDto)); Assert.Equal(Constants.IncorrectUsernamePassword, exception.Message); }