internal static async Task <DLUserToken> BuildToken(DALUserAccount efUserAccount, UserManager <DALUserAccount> userManager, string issuerSigningKey)
{
IList <Claim> claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.UniqueName, $"{efUserAccount.Email.GetHashCode()}{DateTime.UtcNow}{efUserAccount.PasswordHash.GetHashCode()}"),
new Claim(ClaimTypes.Name, efUserAccount.ToString()),
new Claim(ClaimTypes.Email, efUserAccount.Email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
foreach (var role in await userManager.GetRolesAsync(efUserAccount))
{
claims.Add(new Claim(ClaimTypes.Role, role));
}
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(issuerSigningKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expiration = DateTime.UtcNow.AddMinutes(10);
JwtSecurityToken token = new JwtSecurityToken(
issuer: Constants.API_BASE_ADDRESS,
audience: Constants.API_BASE_ADDRESS,
claims: claims,
expires: expiration,
signingCredentials: creds);
return(new DLUserToken(
userId: efUserAccount.Id,
loginProvider: "MTS-Security",
userName: efUserAccount.FirstName ?? efUserAccount.Email.Split('@')[0],
expiration: expiration,
jwtSecurityToken: new JwtSecurityTokenHandler().WriteToken(token)));
}
protected void GetEmailConfirmedMessages(DALUserAccount efUserAccount, List <string> responses)
{
if (efUserAccount.EmailConfirmed == false)
{
responses.Add("Email not yet confirmed by user");
}
}
protected void GetIsAdmittedMessages(DALUserAccount efUserAccount, List <string> responses)
{
if (efUserAccount.IsAdmitted == false)
{
responses.Add("Email not yet confirmed by admin");
}
}
{ // TODO Make callback url redirect to either webpage or mobile depending on what platform was used creating the account
internal static async Task SendConfirmationEmailAsync(DALUserAccount dalUserAccount, UserManager <DALUserAccount> userManager, IEmailSender emailSender)
{
var code = await userManager.GenerateEmailConfirmationTokenAsync(dalUserAccount);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
var callbackUrl = $"{Constants.BLAZOR_WEB_BASE_ADDRESS}/account/register/confirmemail?userid={dalUserAccount.Id}&code={code}";
await emailSender.SendEmailAsync(
dalUserAccount.Email,
"Confirm your email",
$"Welcome to the Maurice Tech Community!\n" +
$"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
}
/// <exception cref="System.Exception">Thrown when the UserManager was not able to create the useraccount</exception>
/// <exception cref="System.ArgumentException">Thrown when the UserAccount parameter was null or invalid</exception>
public async Task <IBLUserAccount> CreateByAccountAsync(IPLUserAccount userAccount)
{
if (userAccount == null || String.IsNullOrEmpty(userAccount.Email) || String.IsNullOrEmpty(userAccount.Password))
{
throw new ArgumentException("Parameter cannot be null or invalid");
}
var dalUserAccount = new DALUserAccount();
PropertyCopier <PLUserAccount, DALUserAccount> .Copy((PLUserAccount)userAccount, dalUserAccount);
dalUserAccount.UserName = dalUserAccount.Email;
dalUserAccount.Id = Guid.NewGuid().ToString();
IdentityResult result = await _userManager.CreateAsync(dalUserAccount, userAccount.Password);
return(await HandleAccountCreationResult(result, dalUserAccount));
}
/// <exception cref="System.Exception">Thrown when the UserManager was not able to create the useraccount</exception>
/// <exception cref="System.ArgumentException">Thrown when one or both of the parameters was null or empty</exception>
public async Task <IBLUserAccount> CreateByEmailAndPasswordAsync(string email, string password)
{
if (String.IsNullOrEmpty(email) || String.IsNullOrEmpty(password))
{
throw new ArgumentException("Parameters cannot be null or empty");
}
var dalUserAccount = new DALUserAccount
{
UserName = email,
Email = email,
Id = Guid.NewGuid().ToString()
};
IdentityResult result = await _userManager.CreateAsync(dalUserAccount, password);
return(await HandleAccountCreationResult(result, dalUserAccount));
}
protected void HandleNegativeSignInResult(SignInResult result, DALUserAccount efUserAccount, List <string> responses)
{
if (result.IsLockedOut == true)
{
responses.Add("You are locked out for some time.");
}
if (result.IsNotAllowed == true)
{
responses.Add($"You are not allowed to login");
}
if (responses.Count == 0)
{
responses.Add("Wrong password");
}
responses.Add($"Login attempts remaining: { _signInManager.Options.Lockout.MaxFailedAccessAttempts - efUserAccount.AccessFailedCount }");
}
private async Task <IBLUserAccount> HandleAccountCreationResult(IdentityResult result, DALUserAccount dalUserAccount)
{
if (result.Succeeded == false)
{
var errors = new string[result.Errors.Count()];
for (int i = 0; i < errors.Length; i++)
{
errors[i] = result.Errors.ElementAt(i).Description;
}
throw new Exception(JsonConvert.SerializeObject(errors));
}
await EmailHelper.SendConfirmationEmailAsync(dalUserAccount, _userManager, _emailSender);
dalUserAccount = await _userManager.FindByEmailAsync(dalUserAccount.Email);
await AddRolesToAccountAsync(dalUserAccount.Id, Constants.Roles.StandardUser);
return(dalUserAccount);
}
public async Task <IAuthentificationResult> LogIn(ICredentialHolder credentials)
{
if (credentials == null)
{
return new BLAuthentificationResult {
IsSucceeded = false, Errors = new[] { "The credentials parameter was null" }
}
}
;
DALUserAccount dalUserAccount = await _userManager.FindByEmailAsync(credentials.Email);
if (dalUserAccount == null)
{
return new BLAuthentificationResult {
IsSucceeded = false, Errors = new[] { "No user exists with this email and password" }
}
}
;
List <string> errorMessages = new List <string>();
GetEmailConfirmedMessages(dalUserAccount, errorMessages);
GetIsAdmittedMessages(dalUserAccount, errorMessages);
if (errorMessages.Count > 0)
{
return new BLAuthentificationResult {
IsSucceeded = false, Errors = errorMessages
}
}
;
SignInResult result = await _signInManager.PasswordSignInAsync(
credentials.Email,
credentials.Password,
isPersistent : credentials.RememberMe,
lockoutOnFailure : true);
if (result.Succeeded == false)
{
HandleNegativeSignInResult(result, dalUserAccount, errorMessages);
return(new BLAuthentificationResult {
IsSucceeded = false, Errors = errorMessages
});
}
try
{
var authResult = new BLAuthentificationResult
{
IsSucceeded = true,
UserToken = await UserTokenBuilder.BuildToken(dalUserAccount, _userManager, _dbConfigurations.IssuerSigningKey)
};
return(authResult);
}
catch
{
throw;
}
}
