private async Task SendRecoverEmail(string email, string userName)
{
var expires = DateTime.Now.AddHours(2);
var issuer = _configuration["Issuer"];
var securityKey = _awsSecretManagerService.GetSecret(_configuration["SecretName_RecoverEmail"]);
var claims = new[]
{
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Sub, email),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.UniqueName, email)
};
var serializedToken = _securityTokenHandler.WriteToken(email, claims, issuer, securityKey, expires);
var url = _configuration["PLAYERS2_URL"] + "newpassword?u17=";
var template = ForgotPasswordTemplate.GetForgotPasswordBody(url + serializedToken);
var emailTopic = _configuration["EMAIL_TOPIC"];
var message = new Message()
{
From = "*****@*****.**",
Body = template,
To = email,
Subject = $"{userName}, change your password of PLAYER2 here!"
};
await _snsClient.Send(emailTopic, JsonConvert.SerializeObject(new
{
Message = message
})).ConfigureAwait(false);
}
private async Task SendConfirmationEmail(string email, string userName)
{
var expires = DateTime.Now.AddDays(30);
var issuer = _configuration["Issuer"];
var securityKey = _awsSecretManagerService.GetSecret(_configuration["SecretName_ConfirmEmail"]);
var claims = new[]
{
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Sub, email),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.UniqueName, email)
};
var serializedToken = _securityTokenHandler.WriteToken(email, claims, issuer, securityKey, expires);
var url = _configuration["PLAYERS2_URL"] + "confirm.html?u19=";
var template = CreateAccountTemplate.GetAcocuntsBody(url + serializedToken);
var emailTopic = _configuration["EMAIL_TOPIC"];
var message = new Message()
{
From = "*****@*****.**",
Body = template,
To = email,
Subject = $"Welcome to PLAYER2 {userName}! Please confirm your e-mail here"
};
await _snsClient.Send(emailTopic, JsonConvert.SerializeObject(new
{
Message = message
})).ConfigureAwait(false);
}
public string GenerateToken(string name, string role, int userId, object validationId, string userPath, out string refreshTokenString, bool refreshTokenAsWell = false)
{
if (string.IsNullOrWhiteSpace(name))
{
throw new ArgumentOutOfRangeException(nameof(name));
}
string tokenString = null;
refreshTokenString = null;
if (_handler.CanWriteToken)
{
var signingCredentials = new SigningCredentials(_securityKey.SecurityKey, _tokenParameters.EncryptionAlgorithm);
var now = _tokenParameters.ValidFrom ?? DateTime.UtcNow;
var numericNow = GetNumericDate(now);
var notBefore = now;
var numericNotBefore = GetNumericDate(notBefore);
var expiration = now.AddMinutes(_tokenParameters.AccessLifeTimeInMinutes);
var numericExpiration = GetNumericDate(expiration);
var header = new JwtHeader(signingCredentials);
var payload = new JwtPayload
{
{ "iss", _tokenParameters.Issuer },
{ "sub", _tokenParameters.Subject },
{ "aud", _tokenParameters.Audience },
{ "exp", numericExpiration },
{ "iat", numericNow },
{ "nbf", numericNotBefore },
{ "name", name },
{ "jti", Guid.NewGuid().ToString("N") },
{ "uid", userId },
{ "uvid", validationId },
{ "upath", userPath }
};
if (!string.IsNullOrWhiteSpace(role))
{
payload.AddClaim(new Claim("role", role));
}
var accessToken = new JwtSecurityToken(header, payload);
tokenString = _handler.WriteToken(accessToken);
if (refreshTokenAsWell)
{
var refreshExpiration = expiration.AddMinutes(_tokenParameters.RefreshLifeTimeInMinutes);
numericExpiration = GetNumericDate(refreshExpiration);
notBefore = expiration;
numericNotBefore = GetNumericDate(notBefore);
payload = new JwtPayload
{
{ "iss", _tokenParameters.Issuer },
{ "sub", _tokenParameters.Subject },
{ "aud", _tokenParameters.Audience },
{ "exp", numericExpiration },
{ "iat", numericNow },
{ "nbf", numericNotBefore },
{ "name", name },
{ "jti", Guid.NewGuid().ToString("N") },
{ "uid", userId },
{ "uvid", validationId },
{ "upath", userPath }
};
var refreshToken = new JwtSecurityToken(header, payload);
refreshTokenString = _handler.WriteToken(refreshToken);
}
}
return(tokenString);
}
internal override HandleResponse HandleIt(AuthenticateUserCommand request, CancellationToken cancellationToken)
{
var email = request.Email;
_logger.Info($"Trying loggin for user {email}");
var isFacebook = request.FacebookLogin != null &&
!string.IsNullOrEmpty(request.FacebookLogin.Email) &&
!string.IsNullOrEmpty(request.FacebookLogin.AccessToken);
if (isFacebook)
{
var isValid = InvokeFunction(LAMBDA_FACEBOOK_VALIDATED, new { request.FacebookLogin }).Result;
if (!isValid)
{
return new HandleResponse()
{
Error = "Invalid token!"
}
}
;
email = request.FacebookLogin.Email;
}
var isGoogle = request.GoogleLogin != null &&
!string.IsNullOrEmpty(request.GoogleLogin.AccessToken) &&
!string.IsNullOrEmpty(request.GoogleLogin.ProfileObj.Email);
if (isGoogle)
{
var isValid = InvokeFunction(LAMBDA_GOOGLE_VALIDATED, new { request.GoogleLogin }).Result;
if (!isValid)
{
return new HandleResponse()
{
Error = "Invalid token!"
}
}
;
email = request.GoogleLogin.ProfileObj.Email;
}
var user = _accountRepository.GetAccountByEmail(email).Result;
if (user == null)
{
_logger.Info($"User {email} was not found on database.");
return(new HandleResponse()
{
Error = $"Invalid credentials, User {email} was not found"
});
}
if (!isFacebook && !isGoogle)
{
var isPasswordValid = _passwordHasher.Verify(request.Password, user.PasswordHash);
if (!isPasswordValid)
{
return new HandleResponse()
{
Error = $"Invalid credentials invalid password"
}
}
;
if (!user.IsActive)
{
return new HandleResponse()
{
Error = "You must verificated your e-mai. Please, check your inbox messages."
}
}
;
}
var roleClaims = user.Roles.Select(e => e.Role.Claims.Select(c => c.Claim));
var customClaims = new List <System.Security.Claims.Claim>();
foreach (var roleClaim in roleClaims)
{
foreach (var claim in roleClaim)
{
var customClaim = new System.Security.Claims.Claim(claim.ClaimType, claim.ClaimValue);
var existent = customClaims.FirstOrDefault(c => c.Type.Equals(customClaim.Type,
StringComparison.InvariantCultureIgnoreCase) &&
c.Value.Equals(customClaim.Value, StringComparison.InvariantCultureIgnoreCase));
if (existent == null)
{
customClaims.Add(customClaim);
}
}
}
var roleId = user.Roles.FirstOrDefault()?.Role?.Id ?? 0;
var claims = new[]
{
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Sub, roleId.ToString()),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.UniqueName, email),
new System.Security.Claims.Claim(JwtRegisteredClaimNames.Sid, user.Id.ToString()),
}.Union(customClaims);
var expires = DateTime.Now.AddHours(2);
var issuer = _configuration["Issuer"];
var securityKey = _awsSecretManagerService.GetSecret(_configuration["SecretName"]);
var serializedToken = _securityTokenHandler.WriteToken(email, claims, issuer, securityKey, expires);
var userDto = _mapper.Map <UserDto>(user);
return(new HandleResponse()
{
Content = new
{
access_token = serializedToken,
token_type = "Bearer",
user = userDto
}
});
}
