Пример #1
0
 public IHttpActionResult Login(LoginRequest request)
 {
     try
     {
         User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault();
         ValidationUtilities.ValidateUserForLogin(request, account);
         if (account != null)
         {
             if (account.IsActiveUser == false)
             {
                 return(BadRequest(ErrorCodes.USER_DEACTIVATED_BY_ADMIN.ToString()));
                 //var response = HttpUtilities.FrameHTTPResp(System.Net.HttpStatusCode.BadRequest, ErrorCodes.USER_DEACTIVATED_BY_ADMIN);
                 // throw new HttpResponseException(response);
             }
             if (account.IsActivated == false)
             {
                 return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString()));
             }
             if (!account.IsLocked)
             {
                 byte[] incoming = AuthorizationUtilities.hash(request.Password, account.Salt);
                 if (Utilities.Utilities.slowEquals(incoming, account.Password))
                 {
                     if (account.IsActivated)
                     {
                         //Audit Trial Entry.
                         //DbUtilities.AuditTrialEntry(account, AuditTrialStatus.SUCCESS, AuditTrialOpType.LOGIN, this.Request);
                         //Creating a Token
                         ClaimsIdentity claimsIdentity = new ClaimsIdentity();
                         claimsIdentity.AddClaim(new Claim(Constants.STR_FIRSTNAME, account.FirstName));
                         claimsIdentity.AddClaim(new Claim(Constants.STR_LASTNAME, account.LastName));
                         claimsIdentity.AddClaim(new Claim(ClaimTypes.Email, request.Email));
                         claimsIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, request.Email));
                         claimsIdentity.AddClaim(new Claim("UserId", account.Id));
                         List <Role> roles = (from userMaps in _context.UserRoleMaps.ToList()
                                              join rol in _context.Roles.ToList() on userMaps.RoleId equals rol.Id
                                              where userMaps.UserId == account.Id && userMaps.Deleted == false
                                              select rol).ToList();
                         if (roles != null && roles.Count > 0)
                         {
                             foreach (var item in roles)
                             {
                                 claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName));
                                 //claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName + "|" + item.Id));
                             }
                         }
                         // Update user details:
                         UpdateUserDetailsInLogin(account);
                         JwtSecurityToken token = AuthorizationUtilities.GetAuthenticationTokenForUser(request.Email, claimsIdentity.Claims.ToArray());
                         return(Ok(new
                         {
                             Token = token.RawData,
                             Username = request.Email,
                             UserId = account.Id
                         }));
                     }
                     else
                     {
                         return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString()));
                     }
                 }
                 else
                 {
                     //Audit Trial Entry.
                     DbUtilities.AuditTrialEntry(account, AuditTrialStatus.FAILURE, AuditTrialOpType.LOGIN, this.Request);
                     // return Unauthorized();
                     return(BadRequest(ErrorCodes.PASSWORD_NOTMATCHED.ToString()));
                 }
             }
             else
             {
                 return(BadRequest(ErrorCodes.ACCOUNT_LOCKED.ToString()));
             }
         }
         return(Unauthorized());
     }
     catch (HttpResponseException ex)
     {
         throw ex;
     }
     catch (Exception ex)
     {
         LGSELogger.Error(ex);
         return(InternalServerError(ex));
     }
 }