private static Task HandleUnauthorizedExceptionAsync(HttpContext context, UnauthorizedApiException exception) { context.Response.ContentType = "application/json"; context.Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(context.Response.WriteAsync(exception.Message)); }
public async Task <UserModel> SignInUserAsync(UserSignInSpec userSignInSpec) { userSignInSpec.Email = ProcessEmail(userSignInSpec.Email); userSignInSpec.Password = ProcessPassword(userSignInSpec.Password); try { using (var transaction = await _identityDbContext.Database.BeginTransactionAsync().ConfigureAwait(false)) { var user = await _userManager.FindByEmailAsync(userSignInSpec.Email).ConfigureAwait(false); if (user == null) { throw new UnauthorizedApiException(UnauthorizedApiException.InvalidCredentials, "The user credentials are not valid"); } bool remember = userSignInSpec.RememberSet && userSignInSpec.Remember; var result = await _signInManager.PasswordSignInAsync(userSignInSpec.Email, userSignInSpec.Password, remember, lockoutOnFailure : true).ConfigureAwait(false); if (result.Succeeded) { _logger.LogInformation("User signed in"); await _identityDbContext.SaveChangesAsync().ConfigureAwait(false); transaction.Commit(); return(user); } // authorization failed await _identityDbContext.SaveChangesAsync().ConfigureAwait(false); transaction.Commit(); if (result.IsLockedOut) { _logger.LogWarning("User account is locked out"); throw new UnauthorizedApiException(UnauthorizedApiException.AccountLockedOut, "The user account is locked out"); } else if (result.IsNotAllowed) { var exception = new UnauthorizedApiException(UnauthorizedApiException.EmailNotConfirmed, "The email address is not yet confirmed"); exception.UserUuid = user.Id; throw exception; } else { throw new UnauthorizedApiException(UnauthorizedApiException.InvalidCredentials, "The user credentials are not valid"); } } } catch (ApiException e) { throw e; } catch (Exception e) { _logger.LogError($"Error when signing in user: {e}"); throw new InternalServerErrorApiException(); } }