public async Task <ActionResult <AuthenticationResult> > AuthenticateUser( [FromRoute, Required] Guid userId, [FromQuery, Required] string pw, [FromQuery] string?password) { var user = _userManager.GetUserById(userId); if (user == null) { return(NotFound("User not found")); } if (!string.IsNullOrEmpty(password) && string.IsNullOrEmpty(pw)) { return(StatusCode(StatusCodes.Status403Forbidden, "Only sha1 password is not allowed.")); } AuthenticateUserByName request = new AuthenticateUserByName { Username = user.Username, Pw = pw }; return(await AuthenticateUserByName(request).ConfigureAwait(false)); }
public async Task<ActionResult<AuthenticationResult>> AuthenticateUserByName([FromBody, Required] AuthenticateUserByName request) { var auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false); try { var result = await _sessionManager.AuthenticateNewSession(new AuthenticationRequest { App = auth.Client, AppVersion = auth.Version, DeviceId = auth.DeviceId, DeviceName = auth.Device, Password = request.Pw, RemoteEndPoint = HttpContext.GetNormalizedRemoteIp().ToString(), Username = request.Username }).ConfigureAwait(false); return result; } catch (SecurityException e) { // rethrow adding IP address to message throw new SecurityException($"[{HttpContext.GetNormalizedRemoteIp()}] {e.Message}", e); } }