/// <summary>
/// Attempts to sign in the specified <paramref name="principal"/>.
/// </summary>
/// <param name="principal">The principal to sign in.</param>
/// <returns>Instance of <see cref="TokenContext"/>.</returns>
public virtual ValueTask <TokenContext> SignInAsync(ClaimsPrincipal principal)
{
if (principal is null)
{
throw new ArgumentNullException(nameof(principal));
}
var(user, tenant) = PrincipalProvider.GetUserAndTenant <User, Organization>(principal);
if (user is null || tenant is null)
{
throw new AuthenticationException();
}
Claim claim = principal.FindFirst(FunderMapsAuthenticationClaimTypes.TenantRole);
if (claim is null)
{
throw new AuthenticationException();
}
Logger.LogTrace($"User '{user}' sign in was successful.");
principal = PrincipalProvider.CreateTenantUserPrincipal(user, tenant,
Enum.Parse <OrganizationRole>(claim.Value),
JwtBearerDefaults.AuthenticationScheme);
return(new(TokenProvider.GetTokenContext(principal)));
}
/// <summary>
/// Attempts to sign in the specified <paramref name="email"/> and <paramref name="password"/> combination.
/// </summary>
/// <param name="email">The user email to sign in.</param>
/// <param name="password">The password to attempt to authenticate.</param>
/// <returns>Instance of <see cref="TokenContext"/>.</returns>
public virtual async Task <TokenContext> PasswordSignInAsync(string email, string password)
{
if (await UserRepository.GetByEmailAsync(email) is not IUser user)
{
throw new AuthenticationException();
}
// FUTURE: Single call?
var organizationId = await OrganizationUserRepository.GetOrganizationByUserIdAsync(user.Id);
if (await CheckPasswordAsync(user.Id, password))
{
if (await UserRepository.GetAccessFailedCount(user.Id) > 10)
{
Logger.LogWarning($"User '{user}' locked out.");
throw new AuthenticationException();
}
await UserRepository.ResetAccessFailed(user.Id);
await UserRepository.RegisterAccess(user.Id);
Logger.LogInformation($"User '{user}' password sign in was successful.");
Organization organization = await OrganizationRepository.GetByIdAsync(organizationId);
OrganizationRole organizationRole = await OrganizationUserRepository.GetOrganizationRoleByUserIdAsync(user.Id);
ClaimsPrincipal principal = PrincipalProvider.CreateTenantUserPrincipal(user, organization,
organizationRole,
JwtBearerDefaults.AuthenticationScheme);
return(TokenProvider.GetTokenContext(principal));
}
Logger.LogWarning($"User '{user}' failed to provide the correct password.");
await UserRepository.BumpAccessFailed(user.Id);
throw new AuthenticationException();
}
