// TODO: password hashing
public async Task <string> AuthenticateAsync(string email, string password)
{
var user = await _unitOfWork.Users.GetByEmailAsync(email);
if (user != null && email == user.Email && _passwordHash.ValidatePassword(password, user.Password))
{
var tokenHandler = new JwtSecurityTokenHandler();
var tokenKey = Encoding.ASCII.GetBytes(_key);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Name, user.Username),
new Claim(ClaimTypes.Email, user.Email)
}),
Expires = DateTime.UtcNow.AddMinutes(60),
SigningCredentials = new SigningCredentials(
new SymmetricSecurityKey(tokenKey),
SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return(tokenHandler.WriteToken(token));
}
return(null);
}
private bool ValidateUserPassword(string password, User user)
{
if (string.IsNullOrWhiteSpace(password))
{
return(false);
}
return(passwordHashService.ValidatePassword(password, user.Password, user.PasswordSalt));
}