/// <summary>
/// The user has an possibility to login with multiple account roles if the account is admin or site admin
/// This is implemented so that the user does not need multiple accounts for every functionality
/// </summary>
/// <param name="user">The user from the database</param>
/// <returns>The login result</returns>
private async Task <LoginResultViewmodel> HandleMultipleAccountRolesLogin(UserDto user)
{
var pendingLogin = new PendingLoginDto
{
UserUuid = user.Uuid
};
var userFromUserService = _rpcClient.Call <List <UserRabbitMqSensitiveInformation> >(new List <Guid>
{
user.Uuid
}, RabbitMqQueues.FindUserQueue).FirstOrDefault();
var email = new EmailRabbitMq
{
EmailAddress = userFromUserService.Email,
Subject = "Login code",
TemplateName = "LoginMultiRole",
KeyWordValues = new List <EmailKeyWordValue>
{
new EmailKeyWordValue
{
Key = "Username",
Value = user.Username
},
new EmailKeyWordValue
{
Key = "LoginCode",
Value = pendingLogin.AccessCode.ToString()
}
}
};
_publisher.Publish(new List <EmailRabbitMq> {
email
}, RabbitMqRouting.SendMail, RabbitMqExchange.MailExchange);
await _pendingLoginDal.Remove(pendingLogin.UserUuid);
await _pendingLoginDal.RemoveOutdated();
await _pendingLoginDal.Add(pendingLogin);
List <AccountRole> allAccountRoles = Enum.GetValues(typeof(AccountRole))
.Cast <AccountRole>()
.ToList();
return(new LoginResultViewmodel
{
UserHasMultipleAccountRoles = true,
SelectableAccountRoles = allAccountRoles
.FindAll(aa => aa != AccountRole.Undefined && aa <= user.AccountRole)
});
}
/// <summary>
/// Checks if the credentials are correct and returns an jwt and refresh token if password is correct
/// </summary>
/// <param name="login">The username and password</param>
/// <returns>An jwt and refresh token if password is correct, if not correct null is returned</returns>
public async Task <LoginResultViewmodel> Login(Login login)
{
UserDto dbUser = await _userDal.Find(login.Username);
if (dbUser == null)
{
throw new UnauthorizedAccessException();
}
bool userIsDisabled = _rpcClient.Call <bool>(dbUser.Uuid, RabbitMqQueues.DisabledExistsUserQueue);
if (userIsDisabled)
{
throw new DisabledUserException();
}
bool passwordCorrect = _securityLogic.VerifyPassword(login.Password, dbUser.Password);
if (!passwordCorrect)
{
throw new UnauthorizedAccessException();
}
if (login.LoginCode > 99999 && login.LoginCode < 1000000 && login.SelectedAccountRole != AccountRole.Undefined)
{
return(await LoginWithSelectedAccount(login, dbUser));
}
if (dbUser.AccountRole > AccountRole.User)
{
return(await HandleMultipleAccountRolesLogin(dbUser));
}
AuthorizationTokensViewmodel tokens = await _jwtLogic.CreateJwt(dbUser);
return(new LoginResultViewmodel
{
Jwt = tokens.Jwt,
RefreshToken = tokens.RefreshToken
});
}
private async Task <LoginResultViewmodel> LoginWithSelectedAccount(Login login, UserDto user)
{
PendingLoginDto dbPendingLogin = await _pendingLoginDal.Find(new PendingLoginDto
{
UserUuid = user.Uuid,
AccessCode = login.LoginCode
});
if (dbPendingLogin == null || dbPendingLogin.ExpirationDate < DateTime.Now)
{
throw new UnauthorizedAccessException(nameof(login));
}
if (login.SelectedAccountRole > user.AccountRole)
{
throw new UnauthorizedAccessException();
}
user.AccountRole = login.SelectedAccountRole;
await _pendingLoginDal.Remove(dbPendingLogin);
await _pendingLoginDal.RemoveOutdated();
AuthorizationTokensViewmodel tokens = await _jwtLogic.CreateJwt(user);
return(new LoginResultViewmodel
{
Jwt = tokens.Jwt,
RefreshToken = tokens.RefreshToken,
});
}
