public async Task <ActionResult <AuthenticationResult> > AuthenticateUser(
[FromRoute, Required] Guid userId,
[FromQuery, Required] string pw,
[FromQuery] string?password)
{
var user = _userManager.GetUserById(userId);
if (user == null)
{
return(NotFound("User not found"));
}
if (!string.IsNullOrEmpty(password) && string.IsNullOrEmpty(pw))
{
return(StatusCode(StatusCodes.Status403Forbidden, "Only sha1 password is not allowed."));
}
AuthenticateUserByName request = new AuthenticateUserByName
{
Username = user.Username,
Pw = pw
};
return(await AuthenticateUserByName(request).ConfigureAwait(false));
}
public async Task<ActionResult<AuthenticationResult>> AuthenticateUserByName([FromBody, Required] AuthenticateUserByName request)
{
var auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
try
{
var result = await _sessionManager.AuthenticateNewSession(new AuthenticationRequest
{
App = auth.Client,
AppVersion = auth.Version,
DeviceId = auth.DeviceId,
DeviceName = auth.Device,
Password = request.Pw,
RemoteEndPoint = HttpContext.GetNormalizedRemoteIp().ToString(),
Username = request.Username
}).ConfigureAwait(false);
return result;
}
catch (SecurityException e)
{
// rethrow adding IP address to message
throw new SecurityException($"[{HttpContext.GetNormalizedRemoteIp()}] {e.Message}", e);
}
}
