// Encrypted password, encrypted AES key, and aesIV are all in hex string format.
public async Task <Result <AuthenticationResult> > LogInAsync(string username, string ipAddress,
string password, int currentNumExceptions)
{
bool authenticationSuccessful = false;
bool userExist = false;
try
{
// If the username doesn't exist.
if (!await _userManagementService.CheckUserExistenceAsync(username).ConfigureAwait(false))
{
// Log the action.
_ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString),
Constants.LogInOperation, Constants.AnonymousUserIdentifier, ipAddress,
Constants.UsernameDNELogMessage).ConfigureAwait(false);
// Return the result of the login failure.
AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist);
return(SystemUtilityService.CreateResult(Constants.InvalidLogInUserMessage, authenResult, false));
}
userExist = true;
// Get the information of the usernmae.
UserObject user = await _userManagementService.GetUserInfoAsync(username).ConfigureAwait(false);
// If the username is disabled.
if (user.Disabled == 1)
{
// Log the action.
_ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString),
Constants.LogInOperation, Constants.AnonymousUserIdentifier, ipAddress,
Constants.UserDisableLogMessage).ConfigureAwait(false);
// Return the result of the disabled username's login try.
AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist);
return(SystemUtilityService.CreateResult(Constants.UserDisableUserMessage, authenResult, false));
}
AuthenticationDTO existing = new AuthenticationDTO(username, user.Password);
AuthenticationDTO credentials = new AuthenticationDTO(username, password);
// If the username's stored password matches the hashed password.
if (_authenticationService.Authenticate(existing, credentials))
{
authenticationSuccessful = true;
// Create a token for the username.
string token = await _sessionService.CreateTokenAsync(username).ConfigureAwait(false);
// Get user type.
string userType = await _userManagementService.GetUserTypeAsync(username).ConfigureAwait(false);
Console.WriteLine(userType);
// Get the path to store the token.
string path = Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory);
path = path + $"{path.Substring(0, 1)}" + Constants.TokenFile;
// Save the token the the path.
using (StreamWriter sw = File.CreateText(path))
{
sw.WriteLine(token);
}
// Log the action.
_ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString),
Constants.LogInOperation, username, ipAddress).ConfigureAwait(false);
// Return the result of the successful login.
AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist, token, userType);
return(SystemUtilityService.CreateResult(Constants.LogInSuccessUserMessage, authenResult, false));
}
// If the password doesn't match.
else
{
// Increment the number of login failure.
await _userManagementService.IncrementLoginFailuresAsync(username,
Constants.LogInTriesResetTime,
Constants.MaxLogInAttempts).ConfigureAwait(false);
// Log the action.
_ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString),
Constants.LogInOperation, Constants.AnonymousUserIdentifier, ipAddress,
Constants.InvalidPasswordLogMessage).ConfigureAwait(false);
// Return the result of the unsuccessful login.
AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist);
return(SystemUtilityService.CreateResult(Constants.InvalidLogInUserMessage, authenResult, false));
}
}
// Catch exceptions.
catch (Exception e)
{
// Log the exception.
_ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString),
Constants.LogInOperation, Constants.AnonymousUserIdentifier, ipAddress, e.Message).ConfigureAwait(false);
// If the current number of consecutive exceptions has reached the maximum number of retries.
if (currentNumExceptions + 1 >= Constants.MaximumOperationRetries)
{
// Notify the system admin.
await SystemUtilityService.NotifySystemAdminAsync($"{Constants.LogInOperation} failed a maximum number of times for {username}.", Constants.SystemAdminEmailAddress).ConfigureAwait(false);
}
// Return the result of the exception occured.
AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist);
return(SystemUtilityService.CreateResult(Constants.SystemErrorUserMessage, authenResult, true));
}
}