示例#1
0
        public IActionResult Login(LoginRequest request)
        {
            if (!dbService.Check(request.Login))
            {
                return(BadRequest("Wrong password or login"));
            }

            var requestedPasswordsData = dbService.GetStudentPasswordData(request.Login);

            if (!passwordService.ValidatePassword(requestedPasswordsData.Password, request.Password, requestedPasswordsData.Salt))
            {
                return(BadRequest("Wrong password or login"));
            }

            var claims = new[]
            {
                new Claim(ClaimTypes.Name, request.Login),
                new Claim(ClaimTypes.Role, "employee")
            };

            var key         = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["SecretKey"]));
            var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
            var token       = new JwtSecurityToken(
                issuer: "admin",
                audience: "employee",
                claims: claims,
                expires: DateTime.Now.AddMinutes(10),
                signingCredentials: credentials
                );
            var TmpRefreshToken = Guid.NewGuid();

            dbService.SetRefreshToken(request.Login, TmpRefreshToken.ToString());
            return(Ok(new
            {
                token = new JwtSecurityTokenHandler().WriteToken(token),
                refershToken = TmpRefreshToken
            }));
        }