private async Task <IActionResult> GenerateNewToken(TokenRequest model) { var user = await userManager.FindByNameAsync(model.Username); if (user != null && await userManager.CheckPasswordAsync(user, model.Password)) { if (!await userManager.IsEmailConfirmedAsync(user)) { return(BadRequest(new { response = ApiMessages.AccountNotConfirmed() })); } var newRefreshToken = CreateRefreshToken(appSettings.ClientId, user.Id); var oldRefreshTokens = db.Tokens.Where(rt => rt.UserId == user.Id); if (oldRefreshTokens != null) { foreach (var token in oldRefreshTokens) { db.Tokens.Remove(token); } } db.Tokens.Add(newRefreshToken); await db.SaveChangesAsync(); var accessToken = await CreateAccessToken(user, newRefreshToken.Value); return(Ok(new { response = accessToken })); } return(Unauthorized(new { response = ApiMessages.AuthenticationFailed() })); }
private async Task <IActionResult> GenerateNewToken(TokenRequest model) { var user = await userManager.FindByNameAsync(model.Username); if (user != null && user.IsActive && await userManager.CheckPasswordAsync(user, model.Password)) { if (this.IsFirstLogin(user)) { await this.UpdateFirstLogin(user); } else { if (IsOneTimePasswordChanged(user) == false) { return(StatusCode(401, new { response = ApiMessages.AuthenticationFailed() })); } } if (!await userManager.IsEmailConfirmedAsync(user)) { return(StatusCode(495, new { response = ApiMessages.AccountNotConfirmed() })); } var newRefreshToken = CreateRefreshToken(settings.ClientId, user.Id); var oldRefreshTokens = db.Tokens.Where(rt => rt.UserId == user.Id); if (oldRefreshTokens != null) { foreach (var token in oldRefreshTokens) { db.Tokens.Remove(token); } } db.Tokens.Add(newRefreshToken); await db.SaveChangesAsync(); var accessToken = await CreateAccessToken(user, newRefreshToken.Value); return(StatusCode(200, new { response = accessToken })); } return(StatusCode(401, new { response = ApiMessages.AuthenticationFailed() })); }