[HttpPost("[action]")] // Login Method
public async Task <IActionResult> Login([FromBody] LoginInfo loginInfo)
{
try
{
/// If email parameter is empty
/// return "unauthorized" response (stop code execution)
if (string.IsNullOrWhiteSpace(loginInfo.Email))
{
/// in the case any exceptions return the following error
AppFunc.Error(ref ErrorsList, "Email is required!");
return(BadRequest(ErrorsList));
}
/// Find the user with the provided email address
User user = await _UserManager.Users.Include(u => u.RegistrationMethod)
.SingleOrDefaultAsync(u => u.Email.EqualCurrentCultureIgnoreCase(loginInfo.Email))
.ConfigureAwait(false);
/// if no user is found on the database
// return "unauthorized" response (stop code execution)
if (user == null)
{
/// in the case any exceptions return the following error
AppFunc.Error(ref ErrorsList, "Email not registered");
return(BadRequest(ErrorsList));
}
/// Check if user's account is locked
if (user.LockoutEnabled)
{
/// get the current lockout end dateTime
var currentLockoutDate =
await _UserManager.GetLockoutEndDateAsync(user).ConfigureAwait(false);
/// if the user's lockout is not expired (stop code execution)
if (user.LockoutEnd > DateTimeOffset.UtcNow)
{
/// in the case any exceptions return the following error
AppFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}"
, AppFunc.CompareWithCurrentTime(user.LockoutEnd)));
return(BadRequest(ErrorsList));
}
/// else lockout time has expired
// disable user lockout
await _UserManager.SetLockoutEnabledAsync(user, false).ConfigureAwait(false);
await _UserManager.ResetAccessFailedCountAsync(user).ConfigureAwait(false);
}
/// else user account is not locked
// Attempt to sign in the user
var SignInResult = await _AuthManager
.PasswordSignInAsync(user,
loginInfo.Password,
loginInfo.RememberMe,
false).ConfigureAwait(false);
/// If password sign-in succeeds
// responded ok 200 status code with
//the user's role attached (stop code execution)
if (!SignInResult.Succeeded)
{
switch (user.RegistrationMethod.Type)
{
case CoreConst.RegistrationTypes.Google:
AppFunc.Error(ref ErrorsList, "Password not set or incorrect. Please Use Google login.");
return(Unauthorized(ErrorsList));
case CoreConst.RegistrationTypes.Facebook:
AppFunc.Error(ref ErrorsList, "Password not set or incorrect. Please Use Facebook login.");
return(Unauthorized(ErrorsList));
case CoreConst.RegistrationTypes.Github:
AppFunc.Error(ref ErrorsList, "Password not set or incorrect. Please Use Github login.");
return(Unauthorized(ErrorsList));
}
/// else login attempt failed
/// increase and update the user's failed login attempt by 1
await _UserManager.AccessFailedAsync(user).ConfigureAwait(false);
/// if failed login attempt is less than/ equal to 5 (stop code execution)
if (user.AccessFailedCount <= 5)
{
/// in the case any exceptions return the following error
AppFunc.Error(ref ErrorsList, "Incorrect Password!");
return(Unauthorized(ErrorsList));
}
/// else user has tried their password more than 15 times
// lock the user and ask them to reset their password
user.LockoutEnabled = true;
user.LockoutEnd = DateTimeOffset.UtcNow.AddMinutes(user.AccessFailedCount);
/// in the case any exceptions return the following error
AppFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}"
, AppFunc.CompareWithCurrentTime(user.LockoutEnd)));
return(Unauthorized(ErrorsList));
}
user.Role = (await _DbContext.Users
.Include(u => u.Role)
.FirstOrDefaultAsync(u => u.Id == user.Id)
.ConfigureAwait(false))
?.Role;
return(Ok(user));
}
catch (Exception ee)
{
/// Add the error below to the error list and return bad request
AppFunc.Error(ref ErrorsList, AppConst.CommonErrors.ServerError);
return(StatusCode(417, ErrorsList));
}
}
public async Task <IActionResult> LoginAsync([FromBody] LoginInfo loginInfo)
{
try
{
///// If email parameter is empty
///// return "unauthorized" response (stop code execution)
//if (string.IsNullOrWhiteSpace(loginInfo.UserName))
// /// in the case any exceptions return the following error
// AppFunc.Error(ref ErrorsList, "UserName is required!", "UserName");
//if (string.IsNullOrWhiteSpace(loginInfo.Password))
// AppFunc.Error(ref ErrorsList, "Password is required!", "Password");
//if (ErrorsList.Count > 0)
// return BadRequest(ErrorsList);
/// if model validation failed
if (!TryValidateModel(loginInfo))
{
AppFunc.ExtractErrors(ModelState, ref ErrorsList);
/// return Unprocessable Entity with all the errors
return(UnprocessableEntity(ErrorsList));
}
/// Find the user with the provided email address
User user = await _UserManager
.FindByNameAsync(loginInfo.UserName).ConfigureAwait(false);
/// if no user is found on the database
// return "unauthorized" response (stop code execution)
if (user == null)
{
/// in the case any exceptions return the following error
AppFunc.Error(ref ErrorsList, "UserName not registered", "UserName");
return(BadRequest(ErrorsList));
}
/// Check if user's account is locked
if (user.LockoutEnabled)
{
/// get the current lockout end dateTime
var currentLockoutDate =
await _UserManager.GetLockoutEndDateAsync(user).ConfigureAwait(false);
/// if the user's lockout is not expired (stop code execution)
if (user.LockoutEnd > DateTimeOffset.UtcNow)
{
/// in the case any exceptions return the following error
AppFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}"
, AppFunc.CompareWithCurrentTime(user.LockoutEnd)));
return(BadRequest(ErrorsList));
}
/// else lockout time has expired
// disable user lockout
await _UserManager.SetLockoutEnabledAsync(user, false).ConfigureAwait(false);
await _UserManager.ResetAccessFailedCountAsync(user).ConfigureAwait(false);
}
/// else user account is not locked
// Attempt to sign in the user
var SignInResult = await _SignInManager
.PasswordSignInAsync(user,
loginInfo.Password,
loginInfo.RememberMe,
false).ConfigureAwait(false);
/// If password sign-in succeeds
// responded ok 200 status code with
//the user's role attached (stop code execution)
if (!SignInResult.Succeeded)
{
/// else login attempt failed
/// increase and update the user's failed login attempt by 1
await _UserManager.AccessFailedAsync(user).ConfigureAwait(false);
/// if failed login attempt is less than/ equal to 5 (stop code execution)
if (user.AccessFailedCount <= 5)
{
/// in the case any exceptions return the following error
AppFunc.Error(ref ErrorsList, "Incorrect Password!", "password");
return(Unauthorized(ErrorsList));
}
/// else user has tried their password more than 15 times
// lock the user and ask them to reset their password
user.LockoutEnabled = true;
user.LockoutEnd = DateTimeOffset.UtcNow.AddMinutes(user.AccessFailedCount);
/// in the case any exceptions return the following error
AppFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}"
, AppFunc.CompareWithCurrentTime(user.LockoutEnd)));
return(Unauthorized(ErrorsList));
}
user.Role = (await AppDbContext.Users.Include(u => u.Role)
.FirstOrDefaultAsync(u => u.Id == user.Id)
.ConfigureAwait(false))
?.Role;
return(Ok(user));
}
catch (Exception)
{
/// Add the error below to the error list and return bad request
AppFunc.Error(ref ErrorsList, AppConst.CommonErrors.ServerError);
return(StatusCode(417, ErrorsList));
}
}
