public IActionResult Login(LoginRequest request)
{
var login = request.Login;
var passwordValue = request.Password;
var passwordHashDb = _service.GetPassword(login);
if (passwordHashDb == "NO_SUCH_USER")
{
return(Unauthorized(passwordHashDb));
}
if (passwordHashDb == null)
{
var salt = GenerateSalt();
passwordHashDb = CreatePasswordHash(passwordValue, salt);
_service.CreatePassword(passwordHashDb, salt, login);
}
var saltDb = _service.GetSalt(login);
if (!ValidatePasswordHash(passwordValue, saltDb, passwordHashDb))
{
return(Unauthorized("Wrong password"));
}
var refreshToken = Guid.NewGuid();
_service.UpdateRefreshToken(login, refreshToken);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(GenerateToken(request.Login)),
refreshToken
}));
}