public async Task <string> Handle(LoginApplicationUserCommand request, CancellationToken cancellationToken)
{
var token = string.Empty;
var applicationUser = await _applicationDbContext
.ApplicationUsers
.FirstOrDefaultAsync(x => x.UserName == request.userName);
if (applicationUser != null && HashPassword.Verify(applicationUser.PasswordHash, request.Password))
{
var tokenDiscriptor = new SecurityTokenDescriptor()
{
Subject = new ClaimsIdentity(new Claim[] {
new Claim("UserId", applicationUser.Id)
}),
Expires = DateTime.UtcNow.AddDays(1),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_apiAppliationSettings.JwtSecret)), SecurityAlgorithms.HmacSha256Signature)
};
var tokenHandler = new JwtSecurityTokenHandler();
var securityToken = tokenHandler.CreateToken(tokenDiscriptor);
token = tokenHandler.WriteToken(securityToken);
}
return(token);
}
public bool CheckPassword(User user, UserViewmodel userViewmodel, HashPassword _hashPassword)
{
if (_hashPassword.Verify(userViewmodel.Password, user.Password))
{
return(true);
}
return(false);
}
public bool IsValidUser(string login, char[] password)
{
if (login.ToLower() == this.login.ToLower() &&
HashPassword.Verify(password, "", this.passwordHash))
{
if (HttpContext.Current != null) // Для юнит-тестов просто возвращаем true
{
HttpContext.Current.Response.Cookies.Add(FormsAuthentication.GetAuthCookie(login, false));
logger.Info(string.Format("User: '******' authorized.", login));
}
Array.Clear(password, 0, password.Length); // Очищаем массив с паролем
return(true);
}
return(false);
}