public virtual async Task <ActionResult> Token([FromForm] TokenRequest tokenRequest, CancellationToken cancellationToken) { if (!tokenRequest.Grant_type.Equals("password", StringComparison.OrdinalIgnoreCase)) { throw new Exception("OAuth flow is not password."); } //var user = await userRepository.GetByUserAndPass(username, password, cancellationToken); var user = await _userManager.FindByNameAsync(tokenRequest.Username); if (user == null) { throw new BadRequestException("نام کاربری یا رمز عبور اشتباه است"); } var isPasswordValid = await _userManager.CheckPasswordAsync(user, tokenRequest.Password); if (!isPasswordValid) { throw new BadRequestException("نام کاربری یا رمز عبور اشتباه است"); } //if (user == null) // throw new BadRequestException("نام کاربری یا رمز عبور اشتباه است"); var jwt = await _jwtService.GenerateAsync(user); return(new JsonResult(jwt)); }
public virtual async Task <SignInStatus> PasswordSignIn(string userName, string password, bool isPersistent, bool shouldLockout) { var user = await _userManager.FindByNameAsync(userName).ConfigureAwait(false); if (user == null) { return(SignInStatus.Failure); } if (await _userManager.IsLockedOutAsync(user.Id).ConfigureAwait(false)) { return(SignInStatus.LockedOut); } if (await _userManager.CheckPasswordAsync(user, password).ConfigureAwait(false)) { return(await SignInOrTwoFactor(user, isPersistent).ConfigureAwait(false)); } if (shouldLockout) { // If lockout is requested, increment access failed count which might lock out the user await _userManager.AccessFailedAsync(user.Id).ConfigureAwait(false); if (await _userManager.IsLockedOutAsync(user.Id).ConfigureAwait(false)) { return(SignInStatus.LockedOut); } } return(SignInStatus.Failure); }
public async Task <ApiResult <UserViewModelApi> > SignIn([FromBody] SignInViewModel viewModel) { if (ModelState.IsValid) { AppUser user = await _userManager.FindUserWithRolesByNameAsync(viewModel.UserName); if (user == null) { return(BadRequest(NotificationMessages.UserNotFound)); } bool result = await _userManager.CheckPasswordAsync(user, viewModel.Password); if (!result) { return(BadRequest(NotificationMessages.InvalidUserNameOrPassword)); } UserViewModelApi userViewModel = await _userManager.FindUserApiByIdAsync(user.Id); userViewModel.Image = $"{Request.Scheme}://{Request.Host}{Request.PathBase.Value}/wwwroot/Users/{userViewModel.Image}"; userViewModel.Token = await _jwtService.GenerateAccessTokenAsync(user); return(Ok(userViewModel)); } return(BadRequest(ModelState.GetErrorsModelState())); }
public virtual async Task <ApiResult <string> > SignIn([FromBody] SignInBaseViewModel ViewModel) { var User = await _userManager.FindByNameAsync(ViewModel.UserName); if (User == null) { return(BadRequest("نام کاربری یا کلمه عبور شما صحیح نمی باشد.")); } else { var result = await _userManager.CheckPasswordAsync(User, ViewModel.Password); if (result) { return(Ok(await _jwtService.GenerateTokenAsync(User))); } else { return(BadRequest("نام کاربری یا کلمه عبور شما صحیح نمی باشد.")); } } }
public async Task <IHttpActionResult> ProfileUpdate(IdentityUser profile) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var currentUser = User.Identity.Name; var userinfo = await _userManager.FindByNameAsync(currentUser); var passwordValidation = await _userManager.CheckPasswordAsync(userinfo, profile.PasswordHash); if (passwordValidation) { var identityUser = new IdentityUser { Id = userinfo.Id, UserName = userinfo.UserName, Email = profile.Email, Name = profile.Name, Company = profile.Company, PasswordHash = userinfo.PasswordHash, SecurityStamp = userinfo.SecurityStamp, Roles = userinfo.Roles, Image = userinfo.Image, }; var result = await _userManager.UpdateAsync(identityUser); if (!result.Succeeded) { return(BadRequest(ModelState)); } return(Ok(identityUser)); } return(BadRequest(ModelState)); }
public async Task <ResponseTokenViewModel> AuthenticateUser(HttpRequest request, RequestTokenViewModel requestToken) { string ipAddress = _httpContextAccessor.HttpContext.Connection?.RemoteIpAddress.ToString(); ResponseTokenViewModel responseTokenViewModel = new ResponseTokenViewModel(); if (requestToken.GrantType == "Password") { AppUser user = await _userManager.FindUserWithRolesByNameAsync(requestToken.UserName); if (user == null) { responseTokenViewModel.IsSuccess = false; responseTokenViewModel.Message = NotificationMessages.UserNotFound; responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.UnAuthorized; //throw new AppException(ApiResultStatusCode.UnAuthorized, NotificationMessages.UserNotFound, HttpStatusCode.BadRequest); } else { bool result = await _userManager.CheckPasswordAsync(user, requestToken.Password); if (!result) { responseTokenViewModel.IsSuccess = false; responseTokenViewModel.Message = NotificationMessages.InvalidUserNameOrPassword; responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.UnAuthorized; // throw new AppException(ApiResultStatusCode.UnAuthorized, NotificationMessages.InvalidUserNameOrPassword, HttpStatusCode.BadRequest); } else { UserViewModelApi userViewModel = await _userManager.FindUserApiByIdAsync(user.Id); userViewModel.Image = $"{request.Scheme}://{request.Host}{request.PathBase.Value}/wwwroot/Users/{userViewModel.Image}"; RefreshToken oldRefreshToken = await _refreshTokenService.GetRefreshTokenByUserIdAsync(user.Id); if (oldRefreshToken != null) { await _refreshTokenService.RemoveRefreshTokenAsync(oldRefreshToken); } RefreshToken refreshToken = _refreshTokenService.CreateRefreshToken(_siteSettings.RefreshTokenSetting, user.Id, requestToken.IsRemember, ipAddress); await _refreshTokenService.AddRefreshTokenAsync(refreshToken); responseTokenViewModel.AccessToken = await GenerateAccessTokenAsync(user); responseTokenViewModel.RefreshToken = refreshToken.Value; responseTokenViewModel.User = userViewModel; responseTokenViewModel.IsSuccess = true; } } } else if (requestToken.GrantType == "RefreshToken") { responseTokenViewModel = await GenerateAccessAndRefreshToken(requestToken, ipAddress); } else { responseTokenViewModel.IsSuccess = false; responseTokenViewModel.ApiStatusCode = ApiResultStatusCode.NotFound; responseTokenViewModel.Message = NotificationMessages.UserNotFound; //throw new AppException(ApiResultStatusCode.BadRequest, NotificationMessages.TargetNotFounded, HttpStatusCode.BadRequest); } return(responseTokenViewModel); }