public async Task <Jwt> Login(LoginForm form)
{
var identity = await _identitiesRepository.GetByLoginAndPassword(form);
if (identity == null)
{
return(null);
}
var hashed = _passwordHashCalculator.Calc(form.Password);
if (identity.Password != hashed)
{
return(null);
}
var token = await _tokensRepository.IssueToken(identity.Id, DateTimeOffset.UtcNow.AddYears(1));
if (token == null)
{
return(null);
}
var mappedToken = _mapper.Map <Jwts, Jwt>(token);
var tokenBody = _jwtGenerator.Generate(mappedToken);
await _tokensRepository.WriteBody(tokenBody.Id, tokenBody.Token);
return(tokenBody);
}
public async Task <LoginVm> Login(LoginRequest request)
{
var user = await _userRepository.GetByEmail(request.Email);
if (user is null)
{
throw new BadRequestException("Invalid email or password");
}
var passwordIsCorrect = _passwordHasher.VerifyHashedPassword(user, user.PasswordHash, request.Password);
if (passwordIsCorrect == PasswordVerificationResult.Failed)
{
throw new BadRequestException("Invalid email or password");
}
var jwt = _jwtGenerator.Generate(user);
var loginVm = new LoginVm
{
Id = user.Id,
Token = jwt
};
return(loginVm);
}
public async Task <Result <LoginUserFoundDTO> > Handle(LoginUserQuery request, CancellationToken cancellationToken)
{
var login = Login.Create(request.Login);
var password = Password.Create(request.Password, _passwordHasher);
var result = Result.Combine(login, password);
if (result.Failure)
{
_logger.Error(result.Error);
throw new GroceryException(result.Error);
}
var memberShip = new MemberShip(login.Value, password.Value);
var user = await _memberShipRepository.GetMemberShipByLoginPassword(memberShip.Login.LoginValue, memberShip.Password.PasswordValue);
await _domainEventDispatcher.DispatchAsync(memberShip.DomainEvents.ToArray());
if (user is null)
{
_logger.Error(nameof(Parameters.INVALID_USER), DateTime.Now);
return(Result.Fail <LoginUserFoundDTO>(nameof(Parameters.INVALID_USER)));
}
var loggedUser = _mapper.Map <LoginUserFoundDTO>(user);
loggedUser.JwtDTO = _jwtGenerator.Generate(user);
_logger.Information($"User logged {loggedUser.MemberShipId} {DateTime.Now.ToStringDate()}");
return(Result.Ok(loggedUser));
}
public async Task <UserDto> Handle(AutheticateUserCommand request, CancellationToken cancellationToken)
{
var user = await _userRepository.GetAsync(request.Username);
return(_passwordHasher.Validate(request.Password, user.Salt, user.Password) ?
new UserDto(user.UserId, user.Email, user.Username, user.Role,
_jwtGenerator.Generate(user.UserId, user.Role)) :
throw new Exception());
}
public async Task <UserDto> Handle(RegisterUserCommand request, CancellationToken cancellationToken)
{
var salt = _passwordHasher.GenerateSalt();
var password = _passwordHasher.GenerateHash(request.Password, salt);
var user = User.Create(request.Email, request.Username, password, salt, Domain.Enums.Roles.User);
await _userRepository.CreateAsync(user);
var token = _jwtGenerator.Generate(user.UserId, Domain.Enums.Roles.User);
return(new UserDto(user.UserId, token));
}
public async Task <RegisterVolunteerResponse> Handle(RegisterVolunteer request, CancellationToken cancellationToken)
{
var invitation = await _invitationRepository.GetInvitationAsync(request.Email, cancellationToken);
if (invitation is null)
{
throw new InvitationNotFoundException();
}
if (_clock.UtcNow - invitation.CreatedAt > TimeSpan.FromHours(24))
{
throw new InvitationHasExpiredException();
}
if (invitation.Attempts >= 3)
{
throw new InvitationHasBeenRevokedException();
}
if (!invitation.Code.ToLower().Equals(request.Code.ToLower()))
{
invitation.Attempts += 1;
await _invitationRepository.UpdateAsync(invitation, cancellationToken);
throw new InvalidInvitationCodeException();
}
if (await _volunteerRepository.ExitsAsync(invitation.Email, cancellationToken))
{
throw new VolunteerAlreadyExistsException();
}
var passwordHash = _passwordHasher.HashPassword(null, request.Password);
var user = new User
{
FirstName = request.FirstName,
LastName = request.LastName,
Brand = request.Brand,
PhoneNumber = request.PhoneNumber,
Email = request.Email,
PasswordHash = passwordHash,
Role = UserRoleEnum.Volunteer
};
invitation.Status = InvitationStateEnum.Accepted;
await _volunteerRepository.AddAsync(user, cancellationToken);
var jwtToken = _jwtGenerator.Generate(user);
return(new RegisterVolunteerResponse(user.UserId, jwtToken));
}
public async Task <ApplicationResult <JwtDto> > LoginAsync(string email, string password)
{
var user = await _userManager.FindByEmailAsync(email);
var loginResult = await _signInManager.PasswordSignInAsync(email, password, false, false);
if (loginResult.Succeeded)
{
var token = _jwtGenerator.Generate(user.Id, email);
return(ApplicationResult <JwtDto> .Ok(token));
}
return(TranslateSignInResult(loginResult, email));
}
public async Task <IActionResult> Login([FromBody] LoginModel model)
{
var ident =
await GetIdentity(model.Email, model.Password);
if (!ident.success)
{
return(this.BadRequestCustom(ident.error));
}
var encodedJwt =
await _jwtGenerator.Generate(ident.name, ident.role, ident.id);
return(Ok(encodedJwt));
}
public async Task <AuthorizeUserPasswordResponse> Handle(AuthorizeUserPasswordRequest request, CancellationToken cancellationToken)
{
var user = await _databaseContext.Users.Where(u => u.Email == request.Login).SingleAsync();
var passwordHash = _passwordHasher.VerifyHashedPassword(null, user.PasswordHash, request.Password);
if (passwordHash == PasswordVerificationResult.Failed)
{
throw new InvalidPasswordException();
}
var token = _jwtGenerator.Generate(user);
return(new AuthorizeUserPasswordResponse {
Token = token, Login = user.Email, ApplicationType = user.ApplicationType,
});
}
private async Task <string> GetTokenForGoogleUser(GoogleSuccessResultModel model)
{
HttpClient client =
new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {model.access_token}");
var metaResult =
await client.GetAsync("https://people.googleapis.com/v1/people/me" +
"?personFields=names");
if (metaResult.IsSuccessStatusCode)
{
var metaContent =
await metaResult.Content.ReadAsStringAsync();
var metaInfo =
JsonConvert.DeserializeObject <GoogleMetaInfo>(metaContent);
var meta =
metaInfo.names.Single();
var googleId =
meta.metadata.source.id;
var userName =
meta.displayName;
var token =
await _jwtGenerator.Generate(userName, "user", "");
return(token);
}
throw new InvalidOperationException();
}
public async Task AuthorizeUserPasswordHandler_ValidatePassword_AgainstUserHashedPassword()
{
// Arrange
var password = _fixture.Create <string>();
var token = _fixture.Create <string>();
var users = _fixture.VolunteerBuilder().WithPassword(password).CreateMany(10);
var usersList = users.AsQueryable().BuildMockDbSet();
_databaseContext.Users.Returns(usersList);
_passwordHasher.VerifyHashedPassword(null, Arg.Any <string>(), Arg.Any <string>()).Returns(PasswordVerificationResult.Success);
_jwtGenerator.Generate(Arg.Any <User>()).Returns(token);
var usedUser = users.First();
// Act
var result = await _sut.Handle(new AuthorizeUserPasswordRequest { Login = usedUser.Email, Password = password }, default);
// Assert
result.Token.Should().NotBeNullOrWhiteSpace();
result.Token.Should().Be(token);
_passwordHasher.Received(1).VerifyHashedPassword(null, Arg.Any <string>(), Arg.Any <string>());
_passwordHasher.Received(1).VerifyHashedPassword(null, usedUser.PasswordHash, password);
_jwtGenerator.Received(1).Generate(Arg.Any <User>());
_jwtGenerator.Received(1).Generate(Arg.Is <User>(u => u.UserId == usedUser.UserId && u.Role == usedUser.Role));
}
private async Task <string> GetOrAddUser(string userName, string email, Expression <Func <AspNetUser, bool> > existsExpression, Action <AspNetUser> addExternalIdAndEmailAction, string platform)
{
using (var cp = _contextProviderFactory.Create())
{
var exists =
cp.GetTable <AspNetUser>()
.Where(existsExpression);
if (!exists.Any())
{
if (string.IsNullOrWhiteSpace(userName))
{
throw new InvalidOperationException();
}
string usrId = Guid.NewGuid().ToString();
var usr =
new AspNetUser()
{
IsBanned = false,
UserName = userName,
EmailConfirmed = true,
SecurityStamp = Guid.NewGuid().ToString(),
RegistrationDate = DateTimeOffset.Now,
Platform = platform,
Id = usrId,
};
addExternalIdAndEmailAction(usr);
var res =
await cp.InsertNonEntityAsync(usr);
var role =
await SetDefaultRole(cp, usr.Id);
return(await _jwtGenerator.Generate(usr.UserName, role.RoleName, usrId));
}
else if (exists.Count() > 1)
{
throw new InvalidOperationException();
}
else
{
AspNetUser usr =
usr = exists.First();
if (usr.IsBanned ?? false)
{
throw new UnauthorizedAccessException();
}
if (string.IsNullOrWhiteSpace(usr.Platform) || usr.Platform != platform)
{
var updateRes =
await
cp.GetTable <AspNetUser>()
.Where(w => w.Id == usr.Id)
.UpdateAsync(user => new AspNetUser()
{
Platform = platform
});
}
if (string.IsNullOrWhiteSpace(usr.Email) || usr.Email != email)
{
var updateRes =
await
cp.GetTable <AspNetUser>()
.Where(w => w.Id == usr.Id)
.UpdateAsync(user => new AspNetUser()
{
Email = email
});
}
var usrRole =
await cp.GetTable <AspNetUserRole>()
.Where(w => w.AspNetUserId == usr.Id)
.ToArrayAsync();
AspNetRole role;
if (!usrRole.Any())
{
role =
await SetDefaultRole(cp, usr.Id);
}
else if (usrRole.Length > 1)
{
var roles =
await cp.GetTable <AspNetRole>()
.Where(w => usrRole.Select(s => s.RoleId).Contains(w.Id))
.ToArrayAsync();
role = roles.Select(s => s.RoleName).Contains("admin")
? roles.First(f => f.RoleName == "admin")
: roles.First();
}
else
{
role =
cp.GetTable <AspNetRole>()
.First(f => f.Id == usrRole.First().RoleId);
}
return
(await _jwtGenerator.Generate(usr.UserName, role.RoleName, usr.Id));
}
}
}
public string Create(string audience, IEnumerable <Claim> claimModels)
{
var claims = claimModels.Select(x => new SystemClaim(x.Type, x.Value));
return(_jwtGenerator.Generate(_jwtValidatorSettings.SigningKey, audience, claims, TimeSpan.FromMinutes(60)));
}
