Exemplo n.º 1
0
        public async Task <IActionResult> Login([FromBody] EmailPasswordModel model)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest("Invalid user name or password"));
            }

            var user = await _userManager.FindByEmailAsync(model.Email);

            if (user == null)
            {
                return(Conflict("Bad user name password combination"));
            }

            if (!await _userManager.CheckPasswordAsync(user, model.Password))
            {
                return(Conflict("Bad user name password combination"));
            }
            //TODO: implement user account lockout to avoid guess password with brute force

            var refreshToken = AesCryptor.EncryptStringAes(user.Id, RefreshtokenKey.Value, RefreshtokenKey.IV);
            var jwtToken     = JwtTokenizer.GenerateJwtToken(user.Id, user.Email);

            //CreateAuthenticatedCookie(jwtToken);
            return(Ok(new { userId = user.Id, Token = jwtToken, refreshtoken = refreshToken }));
        }
Exemplo n.º 2
0
        public async Task <IActionResult> Register([FromBody] EmailPasswordModel model)
        {
            if (!model.Email.IsValidEmail())
            {
                return(BadRequest());
            }

            var user = new ApplicationUser {
                UserName = model.Email, Email = model.Email
            };
            var result = await _userManager.CreateAsync(user, model.Password);

            if (!result.Succeeded)
            {
                var errorMessages = result.Errors.Select(e => e.Description).Aggregate((en, enn) => en + ", " + enn);
                return(Conflict(new { Status = "Error", Message = errorMessages }));
            }

            //await SendEmailConfirmationAsync(model, user); TODO send email confirmation
            var refreshToken = AesCryptor.EncryptStringAes(user.Id, RefreshtokenKey.Value, RefreshtokenKey.IV);
            var jwtToken     = JwtTokenizer.GenerateJwtToken(user.Id, user.Email);

            //CreateAuthenticatedCookie(jwtToken);
            return(Ok(new { userId = user.Id, Token = jwtToken, refreshtoken = refreshToken }));
        }