internal async Task RemoveSession(UserActiveSessionModel session, UserModel owner) { owner.RemoveSession(session); DBContext.Sessions.Remove(session); DBContext.Users.Update(owner); await Save(); }
internal async Task <UserActiveSessionModel> DoLogin(string email, string password) { if (!await ValidateAccount(email, password)) //Hot Spot : hash generation is too slow { throw new ArgumentException("username_or_password_incorrect"); } var usr = await FindByEmailAddress(email); if (!usr.IsEmailConfirmed) { throw new ArgumentException("email_not_confirmed"); } //Clean up all of the sessions that have expired var removable = new List <UserActiveSessionModel>(); foreach (var mdl in usr.ActiveSessions) { if (DateTime.UtcNow > mdl.ExpiryDate) { removable.Add(mdl); } } foreach (var m in removable) { await RemoveSession(m, usr); } //Check if we are over the limit while (usr.ActiveSessions.Count > MaxActiveLoginCount) { await RemoveSession(usr.ActiveSessions.First(), usr); } //And create the login key var sess = new UserActiveSessionModel(LoginLength); usr.AddSession(sess); DBContext.Sessions.Add(sess); await Save(); return(sess); }