public ActionResult User_Login([FromBody] Login login)
{
// get users saved password hash and salt
User user = _context.Users.Single(a => a.Email.SequenceEqual(HelperMethods.EncryptStringToBytes_Aes(login.Email, _keyAndIV)));
// check if the user has a verified email or not
if (!user.EmailVerified)
{
ErrorMessage error = new ErrorMessage("Email unconfirmed.", "Please confirm email first.");
return(new UnauthorizedObjectResult(error));
}
// successful login.. compare user hash to the hash generated from the inputted password and salt
if (ValidatePassword(login.Password, user.Password))
{
string tokenString = HelperMethods.GenerateJWTAccessToken(user.ID, _configuration.GetValue <string>("UserJwtTokenKey"));
RefreshToken refToken = HelperMethods.GenerateRefreshToken(user, _context);
LoginResponse rtrn = new LoginResponse {
ID = user.ID, AccessToken = tokenString, RefreshToken = new ReturnableRefreshToken(refToken)
};
_context.SaveChanges(); // always last on db to make sure nothing breaks and db has new info
// append cookies to response after login
HelperMethods.SetCookies(Response, tokenString, refToken);
return(new OkObjectResult(rtrn));
}
else
{
ErrorMessage error = new ErrorMessage("Invalid Credentials.", "Email or Password does not match.");
return(new UnauthorizedObjectResult(error));
}
}
[HttpPost("login"), AllowAnonymous] //working
public ActionResult User_Login([FromBody] Login login)
{
try
{
// get users saved password hash and salt
User user = _context.Users.Single(a => a.Email == login.Email);
// successful login.. compare user hash to the hash generated from the inputted password and salt
if (ValidatePassword(login.Password, user.Password))
{
string tokenString = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("UserJwtTokenKey"));
RefreshToken refToken = HelperMethods.GenerateRefreshToken(user, _context);
LoginResponse rtrn = new LoginResponse {
ID = user.ID, AccessToken = tokenString, RefreshToken = new ReturnableRefreshToken(refToken)
};
_context.SaveChanges(); // always last on db to make sure nothing breaks and db has new info
// append cookies to response after login
HelperMethods.SetCookies(Response, tokenString, refToken);
return(new OkObjectResult(rtrn));
}
else
{
ErrorMessage error = new ErrorMessage("Invalid Credentials.", "Email or Password does not match.");
return(new UnauthorizedObjectResult(error));
}
}
catch (Exception ex)
{
ErrorMessage error = new ErrorMessage("Error validating credentials", ex.Message);
return(new InternalServerErrorResult(error));
}
}
public IActionResult Refresh()
{
try
{
// attempt getting user from claims
User user = HelperMethods.GetUserFromAccessToken(Request.Cookies["AccessTokenSameSite"] ?? Request.Cookies["AccessToken"], _context, _configuration.GetValue <string>("UserJwtTokenKey"));
// make sure this is a valid token for the user
if (!HelperMethods.ValidateRefreshToken(user, Request.Cookies["RefreshTokenSameSite"] ?? Request.Cookies["RefreshToken"]))
{
throw new SecurityTokenException("Invalid refresh token!");
}
string newTokenStr = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("UserJwtTokenKey"));
RefreshToken newRefToken = HelperMethods.GenerateRefreshToken(user, _context);
LoginResponse rtrn = new LoginResponse {
ID = user.ID, AccessToken = newTokenStr, RefreshToken = new ReturnableRefreshToken(newRefToken)
};
// append cookies after refresh
HelperMethods.SetCookies(Response, newTokenStr, newRefToken);
return(new OkObjectResult(rtrn));
}
catch (Exception ex)
{
ErrorMessage error = new ErrorMessage("Error refreshing access.", ex.Message);
return(new InternalServerErrorResult(error));
}
}
public string Refresh()
{
// attempt getting user from claims
User user = HelperMethods.GetUserFromAccessToken(Request.Cookies["AccessTokenSameSite"] ?? Request.Cookies["AccessToken"], _context, _configuration.GetValue <string>("JwtTokenKey"));
ValidateRefreshToken(user, Request.Cookies["RefreshTokenSameSite"] ?? Request.Cookies["RefreshToken"]); // make sure this is a valid token for the user
string newTokenStr = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("JwtTokenKey"));
RefreshToken newRefToken = HelperMethods.GenerateRefreshToken(user, _context);
string ret = HelperMethods.GenerateLoginResponse(newTokenStr, newRefToken, user.ID);
_context.SaveChanges(); // save refresh token just before returning string to be safe
// append cookies after refresh
HelperMethods.SetCookies(Response, newTokenStr, newRefToken);
return(ret);
}
public IActionResult Refresh()
{
// attempt getting user from claims
User user = HelperMethods.GetUserFromAccessToken(Request.Cookies["AccessTokenSameSite"] ?? Request.Cookies["AccessToken"], _context, _configuration.GetValue <string>("UserJwtTokenKey"));
// make sure this is a valid token for the user
if (!HelperMethods.ValidateRefreshToken(user, Request.Cookies["RefreshTokenSameSite"] ?? Request.Cookies["RefreshToken"]))
{
ErrorMessage error = new ErrorMessage("Invalid refresh token", "Refrsh token could not be validated.");
return(new BadRequestObjectResult(error));
}
string newTokenStr = HelperMethods.GenerateJWTAccessToken(user.ID, _configuration.GetValue <string>("UserJwtTokenKey"));
RefreshToken newRefToken = HelperMethods.GenerateRefreshToken(user, _context);
LoginResponse rtrn = new LoginResponse {
ID = user.ID, AccessToken = newTokenStr, RefreshToken = new ReturnableRefreshToken(newRefToken)
};
// append cookies after refresh
HelperMethods.SetCookies(Response, newTokenStr, newRefToken);
return(new OkObjectResult(rtrn));
}
[HttpPost("login"), AllowAnonymous] //working
public string User_Login([FromBody] string credentials)
{
JObject json = null;
try { json = JObject.Parse(credentials); } catch (Exception ex) {
Response.StatusCode = 400;
ErrorMessage error = new ErrorMessage("Invalid Json", credentials, ex.Message);
return(JObject.FromObject(error).ToString());
}
try {
// get users saved password hash and salt
User user = _context.Users.Single(a => a.Email == json["email"].ToString());
// successful login.. compare user hash to the hash generated from the inputted password and salt
if (ValidatePassword(json["password"].ToString(), user.Password))
{
string tokenString = HelperMethods.GenerateJWTAccessToken(user.Role, user.Email, _configuration.GetValue <string>("JwtTokenKey"));
RefreshToken refToken = HelperMethods.GenerateRefreshToken(user, _context);
string ret = HelperMethods.GenerateLoginResponse(tokenString, refToken, user.ID);
_context.SaveChanges(); // always last on db to make sure nothing breaks and db has new info
// append cookies to response after login
HelperMethods.SetCookies(Response, tokenString, refToken);
return(ret);
}
else
{
Response.StatusCode = 401;
ErrorMessage error = new ErrorMessage("Invalid Credentials", credentials, Unauthorized().ToString());
return(JObject.FromObject(error).ToString());
}
} catch (Exception ex) {
Response.StatusCode = 500; // later we will add logic to see if the error comes from users not giving all json arguments
ErrorMessage error = new ErrorMessage("Error validating credentials", credentials, ex.Message);
return(JObject.FromObject(error).ToString());
}
}
