public async Task <IHttpActionResult> Login([FromBody] LoginRequestDto model) { if (!ModelState.IsValid) { return(Response(AppMessage.InvalidModel)); } var courier = await _authService.GetCourierByPhoneAsync(model.Username); // if (courier == null) { return(Response(AppMessage.InvalidLoginOrPassword)); } // if (string.IsNullOrEmpty(courier.PasswordHash) || string.IsNullOrEmpty(model.Password.Trim())) { throw new Exception("Courier password is empty"); } // var hasher = new PasswordHasher(); if (hasher.VerifyHashedPassword(courier.PasswordHash, model.Password.Trim()) != PasswordVerificationResult.Success) { return(Response(AppMessage.InvalidLoginOrPassword)); } var newRefreshToken = GenerateTokenByRandomNumber(); var refreshTokenDto = new RefreshTokenDto { IsActive = true, Token = newRefreshToken, Expires = DateTime.Now.AddDays(1), RemoteIp = GetRemoteIp() }; await _refreshTokenService.SetAsync(refreshTokenDto, courier.Id); var jwToken = await _jwTokenService.GetTokenAsync(courier.Id); var newJWToken = await _authService.GenerateJWTokenAsync(courier.Id); var memCacher = new CustomMemoryCacher(); if (jwToken != null) { if (memCacher.GetValue(jwToken) != null) { memCacher.Delete(jwToken); } } memCacher.Add(newJWToken, courier.Id, DateTimeOffset.UtcNow.AddHours(12)); await _jwTokenService.SetAsync(courier.Id, newJWToken); _logger.Information($"Courier {model.Username} logged in."); var response = new LoginResponseDto() { AccessToken = newJWToken, RefreshToken = newRefreshToken }; return(Ok(response)); }