public IActionResult VerifyPassword([FromQuery] string password, [FromQuery] string hashedPassword) { return(Ok(AuthenticationHelpers.IsPasswordValid(password, hashedPassword))); }
public async Task <IActionResult> Login([FromQuery] string username, [FromQuery] string password) { User user = await _userService.GetByUsername(username); if (user == null) { return(NotFound("username does not exist")); } if (!AuthenticationHelpers.IsPasswordValid(password, user.Password)) { return(Unauthorized("incorrect password")); } // Check if user has access to login List <Role> userRoles = new List <Role>(); foreach (string roleId in user.Roles) { userRoles.Add(await _roleService.Get(roleId)); } if (!AuthenticationHelpers.IsPermissionGranted(user, userRoles, Startup.StaticConfiguration.GetSection("PermissionIds")["login"])) { return(Unauthorized("not authorized for login")); } string authToken = AuthenticationHelpers.GenerateAuthToken(user, await _roleService.Get(), await _permissionService.Get()); await _tokenService.Create(new Token( null, user.Id, "auth", authToken, DateTime.UtcNow, new List <TokenAction>(), false, true )); var createdAuthToken = await _tokenService.GetByToken(authToken); string refreshToken = AuthenticationHelpers.GenerateRefreshToken(user, createdAuthToken.Id); await _tokenService.Create(new Token( null, user.Id, "refresh", refreshToken, DateTime.UtcNow, new List <TokenAction>(), false, true )); return(Ok( new Dictionary <string, string> { { "authToken", authToken }, { "refreshToken", refreshToken } } )); }