public async Task <IActionResult> AuthenticateAsync([FromBody] AuthenticateApiModel authenticate)
{
var user = await _userService.AuthenticateAsync(authenticate.Username, authenticate.Password);
// return null if user not found
if (user == null)
{
return(null);
}
// authentication successful so generate jwt token
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_configuration.GetSection("AppSettings:Secret").Value);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
return(new OkObjectResult(user));
}
public async Task <IActionResult> Authenticate([FromBody] AuthenticateApiModel model)
{
var pinLookup = Pin.GeneratePinLookup(model.EmailAddress, config.SecretEmailSalt);
var validPin = await loginService.VerifyPin(model.EmailAddress, pinLookup, model.PinCode);
if (!validPin)
{
return(BadRequest("Pin provided is invalid"));
}
var accessToken = await loginService.UpsertUser(model.Name, model.EmailAddress, model.CountryCode);
return(Ok(accessToken));
}
public async Task <IActionResult> Authenticate([FromBody] AuthenticateApiModel model)
{
var user = _context.Users.FirstOrDefault(u => u.Name.Equals(model.Name));
if (user != null && user.Identifier.Equals(SecurityService.Hash(model.Identifier, user.Salt)))
{
var identity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, user.Name),
new Claim(ClaimTypes.Email, user.Name)
}, CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
// Return encrypted key store
return(Json(new { result = true, keyStore = user.KeyStore }));
}
return(Json(new { result = false }));
}
