public async Task <IHttpActionResult> InitiateLogin([System.Web.Mvc.Bind(Exclude = "Token")] LoginDataModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
string token;
using (ModelNFCZavrsniService db = new ModelNFCZavrsniService())
{
IdentityUser user = UserManager.Users.Where(x => x.PhoneNumber == model.PhoneNumber).First();
Employee employee = db.Employee.Where(x => x.PhoneID == model.PhoneID && x.PhoneNumber == model.PhoneNumber).First();
if (user != null && employee != null && employee.Working == true)
{
token = UserManager.GenerateTwoFactorToken(user.Id, "Phone Code");
//BITNO---------------------------------------------
//await UserManager.SmsService.SendAsync(new IdentityMessage { Body = $"Your security code is {token}", Destination = user.PhoneNumber });
}
else
{
return(BadRequest("Credentials do not match."));
}
}
//return token;
return(Ok(token));
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
var data = await context.Request.ReadFormAsync();
string phoneID = data["PhoneID"].ToString();
string phoneNumber = data["PhoneNumber"].ToString();
string token = data["Token"].ToString();
ApplicationUser user;
using (ModelNFCZavrsniService db = new ModelNFCZavrsniService())
{
Employee employee = db.Employee.Where(x => x.PhoneID == phoneID && x.PhoneNumber == phoneNumber).First();
user = userManager.Users.Where(x => x.PhoneNumber == phoneNumber).First();
if (user == null || employee == null || employee.Working != true)
{
context.SetError("invalid_grant", "Access not permitted.");
return;
}
bool result = await userManager.VerifyTwoFactorTokenAsync(user.Id, "Phone Code", token);
if (result == false)
{
context.SetError("invalid_grant", "Invalid token.");
return;
}
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
