public async Task <ActionResult <SessionCreateResponseModel> > Create(SessionCreateRequestModel model)
{
var user = _authService.FindUser(model.Email);
if (user == null)
{
return(BadRequest("Invalid username or password."));
}
user.PasswordHash = IAuthService.HashPassword(model.Password);
var jwt = _authService.AuthenticateUser(model);
if (string.IsNullOrEmpty(jwt))
{
return(BadRequest("Invalid username or password."));
}
_context.Sessions.RemoveRange(_context.Sessions.Where(sess => sess.UserId == user.Id));
_context.Sessions.Add(new Session()
{
Token = jwt, CreatedAt = DateTime.UtcNow, UserId = user.Id
});
await _context.SaveChangesAsync();
return(Ok(new SessionCreateResponseModel()
{
Id_token = jwt
}));
}
public string AuthenticateUser(SessionCreateRequestModel model)
{
var identity = GetIdentity(model.Email, model.Password);
if (identity == null)
{
return(null);
}
var now = DateTime.UtcNow;
var jwt = new JwtSecurityToken(
issuer: AuthOptions.ISSUER,
audience: AuthOptions.AUDIENCE,
notBefore: now,
claims: identity.Claims,
expires: now.Add(TimeSpan.FromMinutes(AuthOptions.LIFETIME)),
signingCredentials: new SigningCredentials(AuthOptions.GetSymmetricSecurityKey(), SecurityAlgorithms.HmacSha256));
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
return(encodedJwt);
}
