public virtual async Task <ActionResult> Token([FromForm] TokenRequest tokenRequest, CancellationToken cancellationToken)
{
if (!tokenRequest.Grant_type.Equals("password", StringComparison.OrdinalIgnoreCase))
{
throw new Exception("OAuth flow is not password.");
}
//var user = await userRepository.GetByUserAndPass(username, password, cancellationToken);
var user = await _userManager.FindByNameAsync(tokenRequest.Username);
if (user == null)
{
throw new BadRequestException("نام کاربری یا رمز عبور اشتباه است");
}
var isPasswordValid = await _userManager.CheckPasswordAsync(user, tokenRequest.Password);
if (!isPasswordValid)
{
throw new BadRequestException("نام کاربری یا رمز عبور اشتباه است");
}
//if (user == null)
// throw new BadRequestException("نام کاربری یا رمز عبور اشتباه است");
var jwt = await _jwtService.GenerateAsync(user);
return(new JsonResult(jwt));
}
public virtual async Task <SignInStatus> PasswordSignIn(string userName, string password, bool isPersistent, bool shouldLockout)
{
var user = await _userManager.FindByNameAsync(userName).ConfigureAwait(false);
if (user == null)
{
return(SignInStatus.Failure);
}
if (await _userManager.IsLockedOutAsync(user.Id).ConfigureAwait(false))
{
return(SignInStatus.LockedOut);
}
if (await _userManager.CheckPasswordAsync(user, password).ConfigureAwait(false))
{
return(await SignInOrTwoFactor(user, isPersistent).ConfigureAwait(false));
}
if (shouldLockout)
{
// If lockout is requested, increment access failed count which might lock out the user
await _userManager.AccessFailedAsync(user.Id).ConfigureAwait(false);
if (await _userManager.IsLockedOutAsync(user.Id).ConfigureAwait(false))
{
return(SignInStatus.LockedOut);
}
}
return(SignInStatus.Failure);
}
public async Task <ApiResult <UserViewModelApi> > SignIn([FromBody] SignInViewModel viewModel)
{
if (ModelState.IsValid)
{
AppUser user = await _userManager.FindUserWithRolesByNameAsync(viewModel.UserName);
if (user == null)
{
return(BadRequest(NotificationMessages.UserNotFound));
}
bool result = await _userManager.CheckPasswordAsync(user, viewModel.Password);
if (!result)
{
return(BadRequest(NotificationMessages.InvalidUserNameOrPassword));
}
UserViewModelApi userViewModel = await _userManager.FindUserApiByIdAsync(user.Id);
userViewModel.Image = $"{Request.Scheme}://{Request.Host}{Request.PathBase.Value}/wwwroot/Users/{userViewModel.Image}";
userViewModel.Token = await _jwtService.GenerateAccessTokenAsync(user);
return(Ok(userViewModel));
}
return(BadRequest(ModelState.GetErrorsModelState()));
}
public virtual async Task <ApiResult <string> > SignIn([FromBody] SignInBaseViewModel ViewModel)
{
var User = await _userManager.FindByNameAsync(ViewModel.UserName);
if (User == null)
{
return(BadRequest("نام کاربری یا کلمه عبور شما صحیح نمی باشد."));
}
else
{
var result = await _userManager.CheckPasswordAsync(User, ViewModel.Password);
if (result)
{
return(Ok(await _jwtService.GenerateTokenAsync(User)));
}
else
{
return(BadRequest("نام کاربری یا کلمه عبور شما صحیح نمی باشد."));
}
}
}
public async Task <IHttpActionResult> ProfileUpdate(IdentityUser profile)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var currentUser = User.Identity.Name;
var userinfo = await _userManager.FindByNameAsync(currentUser);
var passwordValidation = await _userManager.CheckPasswordAsync(userinfo, profile.PasswordHash);
if (passwordValidation)
{
var identityUser = new IdentityUser
{
Id = userinfo.Id,
UserName = userinfo.UserName,
Email = profile.Email,
Name = profile.Name,
Company = profile.Company,
PasswordHash = userinfo.PasswordHash,
SecurityStamp = userinfo.SecurityStamp,
Roles = userinfo.Roles,
Image = userinfo.Image,
};
var result = await _userManager.UpdateAsync(identityUser);
if (!result.Succeeded)
{
return(BadRequest(ModelState));
}
return(Ok(identityUser));
}
return(BadRequest(ModelState));
}
public async Task <ResponseTokenViewModel> AuthenticateUser(HttpRequest request, RequestTokenViewModel requestToken)
{
string ipAddress = _httpContextAccessor.HttpContext.Connection?.RemoteIpAddress.ToString();
ResponseTokenViewModel responseTokenViewModel = new ResponseTokenViewModel();
if (requestToken.GrantType == "Password")
{
AppUser user = await _userManager.FindUserWithRolesByNameAsync(requestToken.UserName);
if (user == null)
{
responseTokenViewModel.IsSuccess = false;
responseTokenViewModel.Message = NotificationMessages.UserNotFound;
responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.UnAuthorized;
//throw new AppException(ApiResultStatusCode.UnAuthorized, NotificationMessages.UserNotFound, HttpStatusCode.BadRequest);
}
else
{
bool result = await _userManager.CheckPasswordAsync(user, requestToken.Password);
if (!result)
{
responseTokenViewModel.IsSuccess = false;
responseTokenViewModel.Message = NotificationMessages.InvalidUserNameOrPassword;
responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.UnAuthorized;
// throw new AppException(ApiResultStatusCode.UnAuthorized, NotificationMessages.InvalidUserNameOrPassword, HttpStatusCode.BadRequest);
}
else
{
UserViewModelApi userViewModel = await _userManager.FindUserApiByIdAsync(user.Id);
userViewModel.Image = $"{request.Scheme}://{request.Host}{request.PathBase.Value}/wwwroot/Users/{userViewModel.Image}";
RefreshToken oldRefreshToken = await _refreshTokenService.GetRefreshTokenByUserIdAsync(user.Id);
if (oldRefreshToken != null)
{
await _refreshTokenService.RemoveRefreshTokenAsync(oldRefreshToken);
}
RefreshToken refreshToken = _refreshTokenService.CreateRefreshToken(_siteSettings.RefreshTokenSetting, user.Id, requestToken.IsRemember, ipAddress);
await _refreshTokenService.AddRefreshTokenAsync(refreshToken);
responseTokenViewModel.AccessToken = await GenerateAccessTokenAsync(user);
responseTokenViewModel.RefreshToken = refreshToken.Value;
responseTokenViewModel.User = userViewModel;
responseTokenViewModel.IsSuccess = true;
}
}
}
else if (requestToken.GrantType == "RefreshToken")
{
responseTokenViewModel = await GenerateAccessAndRefreshToken(requestToken, ipAddress);
}
else
{
responseTokenViewModel.IsSuccess = false;
responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.NotFound;
responseTokenViewModel.Message = NotificationMessages.UserNotFound;
//throw new AppException(ApiResultStatusCode.BadRequest, NotificationMessages.TargetNotFounded, HttpStatusCode.BadRequest);
}
return(responseTokenViewModel);
}
