[HttpPost("[action]")] // Login Method public async Task <IActionResult> Login([FromBody] LoginInfo loginInfo) { try { /// If email parameter is empty /// return "unauthorized" response (stop code execution) if (string.IsNullOrWhiteSpace(loginInfo.Email)) { /// in the case any exceptions return the following error AppFunc.Error(ref ErrorsList, "Email is required!"); return(BadRequest(ErrorsList)); } /// Find the user with the provided email address User user = await _UserManager.Users.Include(u => u.RegistrationMethod) .SingleOrDefaultAsync(u => u.Email.EqualCurrentCultureIgnoreCase(loginInfo.Email)) .ConfigureAwait(false); /// if no user is found on the database // return "unauthorized" response (stop code execution) if (user == null) { /// in the case any exceptions return the following error AppFunc.Error(ref ErrorsList, "Email not registered"); return(BadRequest(ErrorsList)); } /// Check if user's account is locked if (user.LockoutEnabled) { /// get the current lockout end dateTime var currentLockoutDate = await _UserManager.GetLockoutEndDateAsync(user).ConfigureAwait(false); /// if the user's lockout is not expired (stop code execution) if (user.LockoutEnd > DateTimeOffset.UtcNow) { /// in the case any exceptions return the following error AppFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}" , AppFunc.CompareWithCurrentTime(user.LockoutEnd))); return(BadRequest(ErrorsList)); } /// else lockout time has expired // disable user lockout await _UserManager.SetLockoutEnabledAsync(user, false).ConfigureAwait(false); await _UserManager.ResetAccessFailedCountAsync(user).ConfigureAwait(false); } /// else user account is not locked // Attempt to sign in the user var SignInResult = await _AuthManager .PasswordSignInAsync(user, loginInfo.Password, loginInfo.RememberMe, false).ConfigureAwait(false); /// If password sign-in succeeds // responded ok 200 status code with //the user's role attached (stop code execution) if (!SignInResult.Succeeded) { switch (user.RegistrationMethod.Type) { case CoreConst.RegistrationTypes.Google: AppFunc.Error(ref ErrorsList, "Password not set or incorrect. Please Use Google login."); return(Unauthorized(ErrorsList)); case CoreConst.RegistrationTypes.Facebook: AppFunc.Error(ref ErrorsList, "Password not set or incorrect. Please Use Facebook login."); return(Unauthorized(ErrorsList)); case CoreConst.RegistrationTypes.Github: AppFunc.Error(ref ErrorsList, "Password not set or incorrect. Please Use Github login."); return(Unauthorized(ErrorsList)); } /// else login attempt failed /// increase and update the user's failed login attempt by 1 await _UserManager.AccessFailedAsync(user).ConfigureAwait(false); /// if failed login attempt is less than/ equal to 5 (stop code execution) if (user.AccessFailedCount <= 5) { /// in the case any exceptions return the following error AppFunc.Error(ref ErrorsList, "Incorrect Password!"); return(Unauthorized(ErrorsList)); } /// else user has tried their password more than 15 times // lock the user and ask them to reset their password user.LockoutEnabled = true; user.LockoutEnd = DateTimeOffset.UtcNow.AddMinutes(user.AccessFailedCount); /// in the case any exceptions return the following error AppFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}" , AppFunc.CompareWithCurrentTime(user.LockoutEnd))); return(Unauthorized(ErrorsList)); } user.Role = (await _DbContext.Users .Include(u => u.Role) .FirstOrDefaultAsync(u => u.Id == user.Id) .ConfigureAwait(false)) ?.Role; return(Ok(user)); } catch (Exception ee) { /// Add the error below to the error list and return bad request AppFunc.Error(ref ErrorsList, AppConst.CommonErrors.ServerError); return(StatusCode(417, ErrorsList)); } }
public async Task <IActionResult> LoginAsync([FromBody] LoginInfo loginInfo) { try { ///// If email parameter is empty ///// return "unauthorized" response (stop code execution) //if (string.IsNullOrWhiteSpace(loginInfo.UserName)) // /// in the case any exceptions return the following error // AppFunc.Error(ref ErrorsList, "UserName is required!", "UserName"); //if (string.IsNullOrWhiteSpace(loginInfo.Password)) // AppFunc.Error(ref ErrorsList, "Password is required!", "Password"); //if (ErrorsList.Count > 0) // return BadRequest(ErrorsList); /// if model validation failed if (!TryValidateModel(loginInfo)) { AppFunc.ExtractErrors(ModelState, ref ErrorsList); /// return Unprocessable Entity with all the errors return(UnprocessableEntity(ErrorsList)); } /// Find the user with the provided email address User user = await _UserManager .FindByNameAsync(loginInfo.UserName).ConfigureAwait(false); /// if no user is found on the database // return "unauthorized" response (stop code execution) if (user == null) { /// in the case any exceptions return the following error AppFunc.Error(ref ErrorsList, "UserName not registered", "UserName"); return(BadRequest(ErrorsList)); } /// Check if user's account is locked if (user.LockoutEnabled) { /// get the current lockout end dateTime var currentLockoutDate = await _UserManager.GetLockoutEndDateAsync(user).ConfigureAwait(false); /// if the user's lockout is not expired (stop code execution) if (user.LockoutEnd > DateTimeOffset.UtcNow) { /// in the case any exceptions return the following error AppFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}" , AppFunc.CompareWithCurrentTime(user.LockoutEnd))); return(BadRequest(ErrorsList)); } /// else lockout time has expired // disable user lockout await _UserManager.SetLockoutEnabledAsync(user, false).ConfigureAwait(false); await _UserManager.ResetAccessFailedCountAsync(user).ConfigureAwait(false); } /// else user account is not locked // Attempt to sign in the user var SignInResult = await _SignInManager .PasswordSignInAsync(user, loginInfo.Password, loginInfo.RememberMe, false).ConfigureAwait(false); /// If password sign-in succeeds // responded ok 200 status code with //the user's role attached (stop code execution) if (!SignInResult.Succeeded) { /// else login attempt failed /// increase and update the user's failed login attempt by 1 await _UserManager.AccessFailedAsync(user).ConfigureAwait(false); /// if failed login attempt is less than/ equal to 5 (stop code execution) if (user.AccessFailedCount <= 5) { /// in the case any exceptions return the following error AppFunc.Error(ref ErrorsList, "Incorrect Password!", "password"); return(Unauthorized(ErrorsList)); } /// else user has tried their password more than 15 times // lock the user and ask them to reset their password user.LockoutEnabled = true; user.LockoutEnd = DateTimeOffset.UtcNow.AddMinutes(user.AccessFailedCount); /// in the case any exceptions return the following error AppFunc.Error(ref ErrorsList, string.Format("Account Locked for {0}" , AppFunc.CompareWithCurrentTime(user.LockoutEnd))); return(Unauthorized(ErrorsList)); } user.Role = (await AppDbContext.Users.Include(u => u.Role) .FirstOrDefaultAsync(u => u.Id == user.Id) .ConfigureAwait(false)) ?.Role; return(Ok(user)); } catch (Exception) { /// Add the error below to the error list and return bad request AppFunc.Error(ref ErrorsList, AppConst.CommonErrors.ServerError); return(StatusCode(417, ErrorsList)); } }