public async Task <AuthorizationDto> GetAuthorizationAsync(string email, string password, string authenticationType, CancellationToken ct)
{
var notracking = _context.Users.AsQueryable().AsNoTracking();
var user = await notracking.FirstOrDefaultAsync(p => p.Email == email, ct);
if (user is null)
{
throw new ServiceException("Incorrect login or password.");
}
// TODO add PasswordHasher
if (user.Password != password)
{
throw new ServiceException("Incorrect login or password.");
}
if (!user.IsActivated)
{
throw new ServiceException($"User {email} is not confirmed.");
}
var jit = Guid.NewGuid().ToString();
var(accessToken, expires) = CreateAccessToken(user, jit);
var claimsPrincipal = CreateClaimsPrincipal(user, jit, authenticationType);
var authorization = new AuthorizationDto()
{
AccessToken = accessToken,
ClaimsPrincipal = claimsPrincipal,
ExpirationIn = expires
};
_logger.LogInformation(LoggingEvents.GetItem, "User login {email}.", email);
return(authorization);
}
public async Task <AuthorizationDto> RegistrationConfirmAsync(Guid activationToken, string authenticationType, CancellationToken ct)
{
using (_logger.BeginScope("Registration confirm scope")) {
var key = activationToken.ToString();
var email = await _cache.GetStringAsync(key, ct);
if (email is null)
{
throw new ServiceNotFoundException("Activation token expired or incorrect.");
}
var tracking = _context.Users.AsQueryable();
var user = await tracking.FirstOrDefaultAsync(p => p.Email == email, ct);
if (user is null)
{
_logger.LogError(LoggingEvents.UnknownError, "Can't find user by activation token {activationToken}.", activationToken);
throw new ServiceException("Please, register again.");
}
if (user.IsActivated)
{
throw new ServiceException($"User {user.Id} has been activated.");
}
user.IsActivated = true;
user.UpdatedAt = DateTime.UtcNow;
await _context.SaveChangesAsync(ct);
var jit = Guid.NewGuid().ToString();
var(accessToken, expires) = CreateAccessToken(user, jit);
var claimsPrincipal = CreateClaimsPrincipal(user, jit, authenticationType);
var authorization = new AuthorizationDto()
{
AccessToken = accessToken,
ClaimsPrincipal = claimsPrincipal,
ExpirationIn = expires
};
await _cache.RemoveAsync(key, ct);
_logger.LogInformation(LoggingEvents.UpdateItem, "Register user {id} success.", user.Id);
return(authorization);
}
}