public async Task <IHttpActionResult> Login([FromBody] LoginViewModel model) { if (model == null) { model = new LoginViewModel(); Validate(model); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // Verify the capcha first. var bIsCaptchaValid = await _captchaService.IsCaptchaValidAsync(model.ClientCaptchaCode, null, CancellationToken.None); if (!bIsCaptchaValid) { return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, HttpMessages.CaptchaInvalid))); } // Get profile from system. var profile = await _userService.LoginAsync(model, CancellationToken.None); ; // User is not found. if (profile == null) { return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, HttpMessages.UserNotFound))); } // Initialize access token. var token = new TokenViewModel(); token.LifeTime = 3600; token.Type = "Bearer"; if (string.IsNullOrWhiteSpace(profile.AccessToken)) { // Add expired time. var expiredAt = DateTime.UtcNow.AddSeconds(token.LifeTime); var payload = new Dictionary <string, string>(); payload.Add(ClaimTypes.Email, profile.Email); payload.Add(ClaimTypes.Name, $"{profile.FirstName} {profile.LastName}"); payload.Add(ClaimTypes.Expired, expiredAt.ToString("yyyy/MM/dd")); profile.AccessToken = token.AccessToken = _tokenService.Encode(payload); _profileCacheService.Add(profile.Email, profile, token.LifeTime); } else { token.AccessToken = profile.AccessToken; } return(Ok(token)); }
public IHttpActionResult Login([FromBody] LoginViewModel info) { #region Parameters validation if (info == null) { info = new LoginViewModel(); Validate(info); } #endregion if (!ModelState.IsValid) { return(BadRequest(ModelState)); } #region Find account information in database // Hash the password first. var hashedPassword = _encryptionService.InitMd5(info.Password).ToLower(); // Find accounts from db var accounts = UnitOfWork.RepositoryStudent.Search(); accounts = accounts.Where(x => x.Username.Equals(info.Username, StringComparison.InvariantCultureIgnoreCase) && x.Status == MasterItemStatus.Active); // // Find account availability. // var account = await accounts.FirstOrDefaultAsync(); // if (account == null) // return ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, // HttpMessages.AccountNotFound)); // Find roles related to user. var userRoles = UnitOfWork.RepositoryUserRole.Search(); var userRolesPairs = (from user in accounts from userRole in userRoles where userRole.StudentId == user.Id select new { User = user, UserRole = userRole }).ToList(); var profile = new LoginModel { User = userRolesPairs.Select(x => x.User).FirstOrDefault(), Roles = userRolesPairs.Select(x => x.UserRole.RoleId).ToList() }; // User is not found in database. if (profile.User == null) { return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, HttpMessages.AccountNotFound))); } // Check user role if (profile.Roles == null || profile.Roles.Count < 1) { return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, HttpMessages.NoRoleAssignedToUser))); } // Check Password if (!hashedPassword.Equals(profile.User.Password, StringComparison.InvariantCultureIgnoreCase)) { return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, HttpMessages.AccountNotFound))); } #region Token initialization // Initiate claim. //var generic = new Generic(account); var claims = new Dictionary <string, string> { { nameof(profile.User.Id), profile.User.Id.ToString() }, { nameof(profile.User.Username), profile.User.Username }, { nameof(profile.User.Fullname), profile.User.Fullname } }; var token = new TokenViewModel(); token.Code = IdentityService.EncodeJwt(claims, IdentityService.JwtSecret); token.Expiration = SystemTimeService.DateTimeUtcToUnix(DateTime.Now.AddSeconds(IdentityService.JwtLifeTime)); token.LifeTime = IdentityService.JwtLifeTime; // Convert user information to profile. var cachedProfile = AutoMapper.Mapper.Map <Database.Models.Entities.Student, ProfileViewModel>(profile.User); cachedProfile.Roles = profile.Roles; // Push information back to cache. _profileCacheService.Add(cachedProfile.Id, cachedProfile); #endregion return(Ok(token)); #endregion }