private string GetAccessTokenForUser(PasswordlessAuthIdentityUser user) { var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, user.Id) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Options.BearerTokenSecurityKey)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var jwtToken = new JwtSecurityToken( issuer: Options.BearerTokenIssuer, audience: Options.BearerTokenAudience, claims: claims, notBefore: DateTime.UtcNow, expires: DateTime.UtcNow.Add(Options.BearerAccessTokenLifespan), signingCredentials: credentials); return(new JwtSecurityTokenHandler().WriteToken(jwtToken)); }
public async Task <AuthenticationRequest> SendInviteAsync(InvitationRequest request) { var user = await _userManager.FindByEmailAsync(request.Email); if (user == null) { user = new PasswordlessAuthIdentityUser { UserName = request.Email, Email = request.Email, Name = request.Name }; var result = await _userManager.CreateAsync(user); _logger.LogInformation($"[{nameof(SendInviteAsync)}] Created user '{user.Name}' with an id of '{user.Id}'. Success: '{result.Succeeded}'."); } if (!user.IsEnabled) { _logger.LogWarning($"[{nameof(SendInviteAsync)}] User '{user.Id}' is disabled."); throw new AuthenticationServiceForbiddenException(); } var token = await _userManager.GenerateUserTokenAsync(user, Options.OtpProvider, Options.OtpPurpose); _logger.LogInformation($"[{nameof(SendInviteAsync)}] Generated one-time-password token '{token}' for user '{user.Id}'."); if (_emailSettings != null && _emailSettings.IsEnabled) { if (!Validator.TryValidateObject(_emailSettings, new ValidationContext(_emailSettings), null)) { throw new InvalidOperationException("Email settings are invalid. Unable to send email."); } using (var client = new SmtpClient()) { await client.ConnectAsync(_emailSettings.Host, _emailSettings.Port, SecureSocketOptions.SslOnConnect); await client.AuthenticateAsync(_emailSettings.Username, _emailSettings.Password); var magicLink = $"{SharedSettings.AppWebUri}api/auth/token?id={Uri.EscapeDataString(user.Id)}&token={Uri.EscapeDataString(token)}"; var message = new MimeMessage { Subject = $"{SharedSettings.AppName} Invitation", Body = new BodyBuilder { HtmlBody = $"<!DOCTYPE html>" + $"<html>" + $"<head>" + $"<title>{SharedSettings.AppName} Invitation</title>" + $"</head>" + $"<body>" + $"<table bgcolor=\"#f8f8f8\" border=\"0\" cellpadding=\"10\" cellspacing=\"0\" style=\"background-color: #f8f8f8; width: 100%;\"><tbody><tr><td width=\"120\"><img src=\"{SharedSettings.AppWebUri}images/logo.png\" width=\"100\" height=\"100\" /></td><td><h2>{SharedSettings.AppName} Invitation</h2></td></tr></tbody></table>" + $"<table bgcolor=\"#fcfcfc\" border=\"0\" cellpadding=\"30\" cellspacing=\"0\" style=\"background-color: #fcfcfc; width: 100%;\"><tbody><tr><td>" + $"<p>Congrats {request.Name}, you have been invited to try out our password-less authentication app. Our hope is that all app makers do away with usernames and passwords forever! We'd love to get your feedback on this app using <a href=\"mailto:[email protected]?subject={SharedSettings.AppName} Feedback\">[email protected]</a>.</p>" + $"<h3>STEP 1</h3>" + $"<p>Download the '{SharedSettings.AppName}' app from the appropriate app store.</p><p><a href=\"{SharedSettings.AppStoreGoogleUri}\">Google Play Store</a> | <a href=\"{SharedSettings.AppStoreAppleUri}\">Apple App Store</a></p>" + $"<h3>STEP 2</h3>" + $"<p>Once the app is installed, open the link below on your mobile device. <b>NOTE: The link below expires in {Options.OtpTokenLifespan.TotalMinutes} minutes and can only be used once</b>. If you uninstall the app you will need to request another invite.<br /><a href=\"{magicLink}\"><h3>OPEN THIS LINK</h3></a></p>" + $"<p align=\"center\"><small>Generated: {DateTime.Now.ToString("f")} | Copyright © {DateTime.Now.Year} by <a href=\"https://www.hyprsoft.com/\">Hyprsoft Corporation</a></small></p>" + $"</td></tr></tbody></table>" + $"</body>" + $"</html>" }.ToMessageBody() }; message.From.Add(new MailboxAddress(_emailSettings.FromEmail)); message.To.Add(new MailboxAddress(request.Email)); message.Bcc.Add(new MailboxAddress("*****@*****.**")); await client.SendAsync(message); await client.DisconnectAsync(true); } // using smtp client } else { _logger.LogWarning($"[{nameof(SendInviteAsync)}] Email settings are invalid or email is disabled."); } // email settings valid? return(new AuthenticationRequest { Id = user.Id, Token = token }); }