public IActionResult Login(LoginRequest request)
{
if (!dbService.Check(request.Login))
{
return(BadRequest("Wrong password or login"));
}
var requestedPasswordsData = dbService.GetStudentPasswordData(request.Login);
if (!passwordService.ValidatePassword(requestedPasswordsData.Password, request.Password, requestedPasswordsData.Salt))
{
return(BadRequest("Wrong password or login"));
}
var claims = new[]
{
new Claim(ClaimTypes.Name, request.Login),
new Claim(ClaimTypes.Role, "employee")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["SecretKey"]));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "admin",
audience: "employee",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: credentials
);
var TmpRefreshToken = Guid.NewGuid();
dbService.SetRefreshToken(request.Login, TmpRefreshToken.ToString());
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refershToken = TmpRefreshToken
}));
}