public async Task CreateDefaultAdminUser()
{
try
{
var adminUser = new ApplicationUserEntities
{
Email = _adminUserModel.Email,
UserName = _adminUserModel.Username,
EmailConfirmed = true,
ProfilePic = GetDefaultProfilePic(), ///
AccountCreatedOn = DateTime.Now,
PhoneNumber = "1234567890",
PhoneNumberConfirmed = true,
Firstname = _adminUserModel.Firstname,
Lastname = _adminUserModel.Lastname,
UserRole = "Administrator",
IsActive = true,
};
var result = await _userManager.CreateAsync(adminUser, _adminUserModel.Password);
if (result.Succeeded)
{
await _userManager.AddToRoleAsync(adminUser, "Administrator");
// Log.Information("Admin User Created {UserName}", adminUser.UserName);
}
else
{
var errorString = string.Join(",", result.Errors);
Log.Error("Error while creating user {Error}", errorString);
}
}
catch (Exception ex)
{
Log.Error("Error while creating user {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
}
private async Task <ApplicationUserEntities> UpdateProfilePicAsync(IFormCollection formData, ApplicationUserEntities user)
{
// First we create an empty array to store old file info
var oldProfilePic = new string[1];
// we will store path of old file to delete in an empty array.
oldProfilePic[0] = Path.Combine(_env.WebRootPath + user.ProfilePic);
// Create the Profile Image Path
var profPicPath = _env.WebRootPath + $"{Path.DirectorySeparatorChar}uploads{Path.DirectorySeparatorChar}user{Path.DirectorySeparatorChar}profile{Path.DirectorySeparatorChar}";
// If we have received any files for update, then we update the file path after saving to server
// else we return the user without any changes
if (formData.Files.Count <= 0)
{
return(user);
}
var extension = Path.GetExtension(formData.Files[0].FileName);
var filename = DateTime.Now.ToString("yymmssfff");
var path = Path.Combine(profPicPath, filename) + extension;
var dbImagePath = Path.Combine($"{Path.DirectorySeparatorChar}uploads{Path.DirectorySeparatorChar}user{Path.DirectorySeparatorChar}profile{Path.DirectorySeparatorChar}", filename) + extension;
user.ProfilePic = dbImagePath;
// Copying New Files to the Server - profile Folder
await using (var stream = new FileStream(path, FileMode.Create))
{
await formData.Files[0].CopyToAsync(stream);
}
// Delete old file after successful update
if (!System.IO.File.Exists(oldProfilePic[0]))
{
return(user);
}
System.IO.File.SetAttributes(oldProfilePic[0], FileAttributes.Normal);
System.IO.File.Delete(oldProfilePic[0]);
return(user);
}
private async Task <TokenResponseModel> GenerateNewToken(ApplicationUserEntities user, LoginViewModel model)
{
// Create a key to encrypt the JWT
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_appSettings.Secret));
// Get user role => check if user is admin
var roles = await _userManager.GetRolesAsync(user);
// Creating JWT token
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.UserName), // Sub - Identifies principal that issued the JWT
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), // Jti - Unique identifier of the token
new Claim(ClaimTypes.NameIdentifier, user.Id), // Unique Identifier of the user
new Claim(ClaimTypes.Role, roles.FirstOrDefault()), // Role of the user
new Claim("LoggedOn", DateTime.Now.ToString(CultureInfo.InvariantCulture)), // Time When Created
}),
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature),
Issuer = _appSettings.Site, // Issuer - Identifies principal that issued the JWT.
Audience = _appSettings.Audience, // Audience - Identifies the recipients that the JWT is intended for.
Expires = (string.Equals(roles.FirstOrDefault(), "Administrator", StringComparison.CurrentCultureIgnoreCase)) ? DateTime.UtcNow.AddMinutes(60) : DateTime.UtcNow.AddMinutes(Convert.ToDouble(_appSettings.ExpireTime))
};
/* Create the unique encryption key for token - 2nd layer protection */
var encryptionKeyRt = Guid.NewGuid().ToString();
var encryptionKeyJwt = Guid.NewGuid().ToString();
/* Get the Data protection service instance */
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
/* Create a protector instance */
var protectorJwt = protectorProvider.CreateProtector(encryptionKeyJwt);
/* Generate Token and Protect the user token */
var token = tokenHandler.CreateToken(tokenDescriptor);
var encryptedToken = protectorJwt.Protect(tokenHandler.WriteToken(token));
/* Create and update the token table */
TokenEntities newRtoken = new TokenEntities();
/* Create refresh token instance */
newRtoken = CreateRefreshToken(_appSettings.ClientId, user.Id, Convert.ToInt32(_appSettings.RtExpireTime));
/* assign the tne JWT encryption key */
newRtoken.EncryptionKeyJwt = encryptionKeyJwt;
newRtoken.EncryptionKeyRt = encryptionKeyRt;
/* Add Refresh Token with Encryption Key for JWT to DB */
try
{
// First we need to check if the user has already logged in and has tokens in DB
var rt = _db.Tokens
.FirstOrDefault(t => t.UserId == user.Id);
if (rt != null)
{
// invalidate the old refresh token (by deleting it)
_db.Tokens.Remove(rt);
// add the new refresh token
_db.Tokens.Add(newRtoken);
}
else
{
await _db.Tokens.AddAsync(newRtoken);
}
// persist changes in the DB
await _db.SaveChangesAsync();
}
catch (Exception ex)
{
Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
// Return Response containing encrypted token
var protectorRt = protectorProvider.CreateProtector(encryptionKeyRt);
var layerOneProtector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var encAuthToken = new TokenResponseModel
{
Token = layerOneProtector.Protect(encryptedToken),
Expiration = token.ValidTo,
RefreshToken = protectorRt.Protect(newRtoken.Value),
Role = roles.FirstOrDefault(),
Username = user.UserName,
UserId = layerOneProtector.Protect(user.Id),
ResponseInfo = CreateResponse("Auth Token Created", HttpStatusCode.OK)
};
return(encAuthToken);
}
