public async Task <ActionResult <UserToken> > LoginUsers(SystemUserPasswordsDto userPAssword) { if (!await _userPasswordRepository.ValidUserName(userPAssword.UserID)) { return(new JsonErrorResult(new { Message = "Invalid User Name" }, HttpStatusCode.NotFound)); } var systemUserPassword = await _userPasswordRepository.GetSystemUserPasswords(userPAssword.UserID); using var hmac = new HMACSHA512(systemUserPassword.PasswordSalt); var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(userPAssword.PasswordText)); for (int i = 0; i < computedHash.Length; i++) { if (computedHash[i] != systemUserPassword.PasswordHash[i]) { return(new JsonErrorResult(new { Message = "Passowrd Not Valid" }, HttpStatusCode.NotFound)); } } int systemuserid = _userPasswordRepository.GetSystemUserID(userPAssword.UserID); await _userPasswordRepository.UserLoginTracker(systemuserid); IEnumerable <MenuModelsDto> lnMenu = new List <MenuModelsDto>(); lnMenu = _userPasswordRepository.GetUserMenuRights(userPAssword.UserID).Result; return(new UserToken { UserId = userPAssword.UserID, Token = _tokenServiceRepository.CreateToken(userPAssword.UserID), UserRights = lnMenu }); }
public async Task <UserLoginResponse> Login(UserLoginModel model) { List <SqlParameter> parms = new List <SqlParameter> { new SqlParameter { ParameterName = LoginStoredProcedure.StoredProcedureParameters[0].ToString(), Value = model.UserName.AsDbValue() } }; var result = await _tcContext.Set <LoginValidationResult>().FromSqlRaw(LoginStoredProcedure.Sql, parms.ToArray()).ToListAsync(); if (result.FirstOrDefault().Code == "1011")// password expired { var userLoginResponse = new UserLoginResponse() { UserName = model.UserName, Token = _tokenServiceRepository.CreateToken(model.UserName) }; throw new ServiceException(new ErrorMessage[] { new ErrorMessage() { Code = result.FirstOrDefault().Code, Message = result.FirstOrDefault().Message, Meta = userLoginResponse } }); } if (string.IsNullOrEmpty(result.FirstOrDefault().Code)) { var systemUserPassword = await _userPasswordRepository.GetSystemUserPasswords(model.UserName); if (PasswordManager.IsValidPassword(systemUserPassword.PasswordSalt, systemUserPassword.PasswordHash, model.Password)) { parms = new List <SqlParameter> { new SqlParameter { ParameterName = LoginPermissionStoredProcedure.StoredProcedureParameters[0].ToString(), Value = model.UserName.AsDbValue() } }; var resultPermission = await _tcContext.Set <UserModulePermission>().FromSqlRaw(LoginPermissionStoredProcedure.Sql, parms.ToArray()).ToListAsync(); var userInfo = GetUserOtherInfo(model.UserName); return(new UserLoginResponse() { UserName = model.UserName, UserFirstName = userInfo.UserFirstName, UserLastName = userInfo.UserLastName, UserRole = userInfo.UserRole, Token = _tokenServiceRepository.CreateToken(model.UserName), Permissions = resultPermission }); } else { parms = new List <SqlParameter> { new SqlParameter { ParameterName = LoginAttemptsUpdateStoredProcedure.StoredProcedureParameters[0].ToString(), Value = model.UserName.AsDbValue() }, new SqlParameter { ParameterName = LoginAttemptsUpdateStoredProcedure.StoredProcedureParameters[1].ToString(), Value = 0 } }; await _tcContext.Set <LoginValidationResult>().FromSqlRaw(LoginAttemptsUpdateStoredProcedure.Sql, parms.ToArray()).ToListAsync(); throw new ServiceException(new ErrorMessage[] { new ErrorMessage() { Code = "1010", Message = "Invalid Password" } }); } } throw new ServiceException(new ErrorMessage[] { new ErrorMessage() { Code = result.FirstOrDefault().Code, Message = result.FirstOrDefault().Message } }); }