internal async Task RemoveSession(UserActiveSessionModel session, UserModel owner)
{
owner.RemoveSession(session);
DBContext.Sessions.Remove(session);
DBContext.Users.Update(owner);
await Save();
}
internal async Task <UserActiveSessionModel> DoLogin(string email, string password)
{
if (!await ValidateAccount(email, password)) //Hot Spot : hash generation is too slow
{
throw new ArgumentException("username_or_password_incorrect");
}
var usr = await FindByEmailAddress(email);
if (!usr.IsEmailConfirmed)
{
throw new ArgumentException("email_not_confirmed");
}
//Clean up all of the sessions that have expired
var removable = new List <UserActiveSessionModel>();
foreach (var mdl in usr.ActiveSessions)
{
if (DateTime.UtcNow > mdl.ExpiryDate)
{
removable.Add(mdl);
}
}
foreach (var m in removable)
{
await RemoveSession(m, usr);
}
//Check if we are over the limit
while (usr.ActiveSessions.Count > MaxActiveLoginCount)
{
await RemoveSession(usr.ActiveSessions.First(), usr);
}
//And create the login key
var sess = new UserActiveSessionModel(LoginLength);
usr.AddSession(sess);
DBContext.Sessions.Add(sess);
await Save();
return(sess);
}
