//[ValidateAntiForgeryToken]
public async Task <IActionResult> Login([FromBody] LoginViewModel model)
{
if (!this.ValidateRecaptcha(model.Recaptcha))
{
return(BadRequest(Errors.AddErrorToModelState("Recaptcha", "Please verify that you are not a robot.", ModelState)));
}
if (ModelState.IsValid)
{
model.Username = model.Username.ToLowerInvariant();
// Require the user to have a confirmed email before they can log on.
var user = await _userManager.FindByNameAsync(model.Username);
if (user != null)
{
if (!await _userManager.IsEmailConfirmedAsync(user))
{
ModelState.AddModelError(string.Empty,
"You must have a confirmed email to sign in.");
return(BadRequest(Errors.AddErrorToModelState("Email", "You must have a confirmed email to sign in.", ModelState)));
}
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var result = await _signInManager.PasswordSignInAsync(model.Username, model.Password, model.RememberMe, lockoutOnFailure : false);
if (result.Succeeded)
{
HttpContext.User = await _userClaimsPrincipalFactory.CreateAsync(user);
var tokens = _antiforgery.GetAndStoreTokens(HttpContext);
var identity = _jwtFactory.GenerateClaimsIdentity(model.Username, user.Id);
var tenant = string.Empty;
if (_configuration["DomainAsTenant"] == "y")
{
tenant = user.Tenant;
if (string.IsNullOrEmpty(tenant))
{
tenant = this.GetUserDomain(user.Email);
}
}
var profile = await _contentItemRepository.CreateProfileIfNotExists(
tenant,
user.Id,
user.UserName,
user.Email);
bool isSuperAdmin = _claimsService.IsSuperAdmin(user.UserName);
bool isAdmin = (_claimsService.IsAdmin(HttpContext.User) || isSuperAdmin);
_logger.LogInformation(1, "User logged in.");
var jwt = await Tokens.GenerateJwt(
identity,
_jwtFactory,
user.UserName,
tenant,
user.Email,
isAdmin,
isSuperAdmin,
_jwtOptions,
new JsonSerializerSettings { Formatting = Formatting.Indented }
);
return(new OkObjectResult(jwt));
}
if (result.RequiresTwoFactor)
{
//return RedirectToAction(nameof(SendCode), new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
}
if (result.IsLockedOut)
{
string message = "User account locked out.";
_logger.LogWarning(2, message);
return(BadRequest(Errors.AddErrorToModelState("Email", message, ModelState)));
}
if (result.IsNotAllowed)
{
string message = "User account is not allowed to sign in.";
_logger.LogWarning(2, message);
return(BadRequest(Errors.AddErrorToModelState("Email", message, ModelState)));
}
return(BadRequest(Errors.AddErrorToModelState("", "Sign in failed.", ModelState)));
}
// If we got this far, something failed, redisplay form
return(BadRequest(Errors.AddErrorToModelState("", "", ModelState)));
}
public bool IsAdmin()
{
return(_claimsService.IsAdmin(_httpContextAccessor.HttpContext.User));
}