public async Task <IAuthToken> SignIn(string email, string password, string role)
{
var identity = await _identityRepository.GetByEmailAndRole(email, role);
if (identity is null)
{
_logger.LogWarning($"No user found with email: {email} role: {role}");
throw new VmsException(Codes.InvalidCredentials, "The credentials provided where incorrect.");
}
if (!_passwordManager.IsPasswordCorrect(password, identity.Hash, identity.Salt))
{
_logger.LogWarning($"Incorrect password for: {email}");
throw new VmsException(Codes.InvalidCredentials, "The credentials provided where incorrect.");
}
var jwt = _jwtManager.CreateToken(identity.Id, identity.Email, identity.Role);
var refreshToken = await _tokenService.CreateRefreshToken(identity.Email);
_logger.LogInformation($"User issued token email: {email}");
return(AuthToken.Create(jwt, refreshToken));
}
public async Task <IAuthToken> SignIn(string email, string password, int businessCode)
{
var identity = await _identityRepository.GetByEmail(email);
if (identity is null || identity.Role == Roles.SystemAdmin)
{
_logger.LogWarning($"No user found with email: {email} attempting to log into greeting system.");
throw new VmsException(Codes.InvalidCredentials, "The credentials provided where incorrect.");
}
if (!await _businessRepository.IsCodeValidAsync(businessCode))
{
_logger.LogInformation($"No business found with code {businessCode}.");
throw new VmsException(Codes.InvalidCredentials, "The credentials provided where incorrect.");
}
if (!_passwordManager.IsPasswordCorrect(password, identity.Hash, identity.Salt))
{
_logger.LogWarning($"Incorrect password for: {email}");
throw new VmsException(Codes.InvalidCredentials, "The credentials provided where incorrect.");
}
var jwt = _jwtManager.CreateToken(Guid.NewGuid(), identity.Email, Roles.Greeting, identity.BusinessId);
//var refresh = await _tokenService.CreateRefreshToken(id)
//TODO: Add a mechanism to store more that just email here unique id needs to be stored instead.
return(AuthToken.Create(jwt, ""));
}
public async Task <IAuthToken> SignIn(string email, string password)
{
var identity = await _identityRepository.GetByEmail(email);
if (identity is null || identity.Role == Roles.SystemAdmin)
{
_logger.LogWarning($"No user found with email: {email}.");
throw new VmsException(Codes.InvalidCredentials, "The credentials provided where incorrect.");
}
if (!_passwordManager.IsPasswordCorrect(password, identity.Hash, identity.Salt))
{
_logger.LogWarning($"Incorrect password for: {email}");
throw new VmsException(Codes.InvalidCredentials, "The credentials provided where incorrect.");
}
if (identity.BusinessId == Guid.Empty)
{
throw new VmsException("No business ID found on sign in.", "");
}
var jwt = _jwtManager.CreateToken(identity.Id, identity.Email, identity.Role, identity.BusinessId);
var refreshToken = await _tokenService.CreateRefreshToken(identity.Email);
_logger.LogInformation($"User issued token email: {email}");
return(AuthToken.Create(jwt, refreshToken));
}
public async Task <AuthToken> AuthenticateAsync(string username, string password)
{
await ValidateCredentialsAsync(username, password);
var token = _jwtTokenHandler.Create(username, Expiry);
return(AuthToken.Create(token, DateTime.UtcNow.AddTicks(Expiry.Ticks)));
}
public IToken Authenticate(string login, string password, string ip = null)
{
Token token = null;
var person = _dbContext.Set <Person>()
.Include(m => m.User.UserRoles)
.ThenInclude(ur => ur.Role)
.ThenInclude(r => r.RolePermissions)
.ThenInclude(p => p.Permission)
.SingleOrDefault(m => m.User.Login.ToLower() == login.ToLower());
if (person == null || person.User == null)
{
throw new CustomAuthenticationException(ERROR_PASSWORD);
}
//if (person.User.IsBlocked())
// throw new CustomAuthenticationException(ERROR_AUTH_BLOCKED);
var policy = this.GetSecurityPolicy();
if (!policy.VerifyPassword(password, person.User.Password))
{
//var authFailedData = new UserAuthFailedActivityData(person.User.ID, login, password, ip);
//_monitoringService?.CreateEventLog(null, EventLogType.LoginFailed, authFailedData, login, person.User.ID.ToString());
//DomainDispatcher.RaiseEvent(new UserLoginFailedEvent(authFailedData));
throw new CustomAuthenticationException(ERROR_PASSWORD);
}
token = BuildToken(person, ip);
if (token == null)
{
throw new CustomAuthenticationException(ERROR_AUTH);
}
var authToken = AuthToken.Create(token);
_dbContext.Set <AuthToken>().Add(authToken);
_dbContext.SaveChanges();
//_monitoringService?.CreateEventLog(token, EventLogType.Login, token, token.Login, token.Code);
return(token);
}
public ActionResult Login(LoginView model)
{
var role = _rolesProvider.GetRoleByPassword(model.Password);
if (!string.IsNullOrEmpty(role))
{
var token = AuthToken.Create(role, model.Password);
var cookie = new HttpCookie(AuthToken.AuthTokenKey, AuthToken.Encrypt(token))
{
Expires = DateTime.Now.AddYears(1)
};
Response.Cookies.Add(cookie);
return(RedirectToAction("Index", "App"));
}
ViewBag.ErrorMessage = "Неверный пароль";
return(View());
}
public void AuthTokenShouldBeSerializable()
{
CheckInstanceSerialization(AuthToken.Create());
}