public async Task <LoginResult> Handle(LoginRequest request, CancellationToken cancellationToken)
{
var user = await _userRepository.IsValidUserCredentials(request.UserName);
if (user.Id == Guid.Empty)
{
throw new Exception("User does not exist");
}
var isPasswordValid = PasswordHelper.Check(user.Password, request.Password);
if (isPasswordValid == false)
{
throw new Exception("Password is not correct");
}
var roles = await _userRepository.GetUserRoles(user.Id);
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, request.UserName),
};
roles.ForEach(role => { claims.Add(new Claim(ClaimTypes.Role, role)); });
var jwtResult = await _jwtAuthManager.GenerateTokens(request.UserName, claims, DateTime.Now);
return(new LoginResult
{
UserName = request.UserName,
Role = String.Join(",", roles.Select(x => x)),
AccessToken = jwtResult.AccessToken,
RefreshToken = jwtResult.RefreshToken.TokenString
});
}
public async Task <IActionResult> TryLoginUserAsync(LoginModel loginData)
{
if (ModelState.IsValid)
{
ModelState.ClearValidationState("ErrorMessage");
//validate the user exists
var user = _dbContext.Users.SingleOrDefault(x => x.UserName == loginData.UserName);
if (user == null)
{
//return error. Best practice is not to specify whether it was the username or the password that failed
ModelState.AddModelError("ErrorMessage", "User Name or Password is invalid");
return(View("Login", loginData));
}
var hasher = new PasswordHelper(new HashingOptions());
var hashCheckResult = hasher.Check(user.HashedPassword, loginData.Password);
if (hashCheckResult.NeedsUpgrade)
{
//TODO: decide if we care to actually handle this - probably via emailing someone
}
if (!hashCheckResult.Verified)
{
//return error. Best practice is not to specify whether it was the username or the password that failed
ModelState.AddModelError("ErrorMessage", "User Name or Password is invalid");
return(View("Login", loginData));
}
//login the user and issue a claims identity stored in a cookie
await LoginUserAsync(loginData.UserName, loginData.RememberMe);
return(RedirectToAction("Index", "Inventory"));
}
else
{
ModelState.AddModelError("ErrorMessage", "User Name or Password not specified");
return(View("Login", loginData));
}
}
public async Task <ActionResult> OnPost(UserChangeRequest changeRequest)
{
this.Success = string.Empty;
this.Error = string.Empty;
string userEmail = this.HttpContext.User.Identity.Name;
if (string.IsNullOrEmpty(userEmail))
{
return(Redirect("~/login"));
}
this.CurrentUser = context.Set <Models.User>().Where(entry => entry.Email.Equals(userEmail)).FirstOrDefault();
if (this.CurrentUser == null)
{
return(Redirect("~/login"));
}
else
{
context.Entry(this.CurrentUser).Collection(u => u.UserInfo).Load();
string res = string.Empty;
if (!string.IsNullOrEmpty(changeRequest.AltEmail) && !DataValidator.Email(changeRequest.AltEmail, out res))
{
this.Error = res;
return(Page());
}
if (!DataValidator.FirstName(changeRequest.FirstName, out res))
{
this.Error = res;
return(Page());
}
if (!DataValidator.LastName(changeRequest.LastName, out res))
{
this.Error = res;
return(Page());
}
if (!string.IsNullOrEmpty(changeRequest.Phone) && !DataValidator.PhoneNumber(changeRequest.Phone, out res))
{
this.Error = res;
return(Page());
}
if (!string.IsNullOrEmpty(changeRequest.Web) && !DataValidator.Website(changeRequest.Web, out res))
{
this.Error = res;
return(Page());
}
if (!string.IsNullOrEmpty(changeRequest.NewPassword))
{
if (!DataValidator.Password(changeRequest.NewPassword, out res))
{
this.Error = res;
return(Page());
}
if (PasswordHelper.Check(this.CurrentUser, changeRequest.OldPassword))
{
this.CurrentUser.PasswordHash = PasswordHelper.Hash(changeRequest.NewPassword);
}
else
{
this.Error = "Old password provided is not correct.";
return(Page());
}
}
this.CurrentUser.FirstName = changeRequest.FirstName;
this.CurrentUser.LastName = changeRequest.LastName;
if (!this.CurrentUser.UserInfo.Any())
{
UserInfo info = new UserInfo()
{
Id = Guid.NewGuid(),
UserId = this.CurrentUser.ID,
AltEmail = changeRequest.AltEmail,
NameExt = changeRequest.NameExt,
PhoneNumber = changeRequest.Phone,
Summary = changeRequest.Summary,
Website = changeRequest.Web
};
this.CurrentUser.UserInfo.Add(info);
}
else
{
this.CurrentUser.UserInfo.First().AltEmail = changeRequest.AltEmail;
this.CurrentUser.UserInfo.First().NameExt = changeRequest.NameExt;
this.CurrentUser.UserInfo.First().PhoneNumber = changeRequest.Phone;
this.CurrentUser.UserInfo.First().Summary = changeRequest.Summary;
this.CurrentUser.UserInfo.First().Website = changeRequest.Web;
}
this.Success = "Changes have been save successfully.";
await context.SaveChangesAsync();
return(Page());
}
}
