public async Task <IActionResult> OnPost(Business.Models.LoginModel model, string return_url = Routing.DASHBOARD) { SetPageInfo(); //this is auto handled by anti-forgery: return 400 bad request if (User.Identity.IsAuthenticated) { Message = "Bạn chỉ được đăng nhập cùng lúc 1 tài khoản"; MessageTitle = "Đã đăng nhập"; return(this.MessageView()); } var entity = await identityService.AuthenticateAsync(model.username, model.password); if (entity != null) { #region Custom Signin for extra claims store var principal = await identityService.GetApplicationPrincipalAsync(entity); var utcNow = DateTime.UtcNow; var cookieProps = new AuthenticationProperties() { IssuedUtc = utcNow, }; if (model.remember_me) { cookieProps.IsPersistent = true; cookieProps.ExpiresUtc = utcNow.AddHours(Settings.Instance.CookiePersistentHours); } await HttpContext.SignInAsync(principal.Identity.AuthenticationType, principal, cookieProps); #endregion _logger.CustomProperties(entity).Info("Login user"); #region Generate token var identity = await identityService.GetIdentityAsync(entity, JwtBearerDefaults.AuthenticationScheme); principal = new ClaimsPrincipal(identity); var props = new AuthenticationProperties() { IssuedUtc = utcNow, ExpiresUtc = utcNow.AddHours(WebAdmin.Settings.Instance.TokenValidHours) }; props.Parameters["refresh_expires"] = utcNow.AddHours( WebAdmin.Settings.Instance.RefreshTokenValidHours); var resp = identityService.GenerateTokenResponse(principal, props); #endregion return(LocalRedirect($"{Routing.INDEX}?access_token=" + $"{resp.access_token}" + $"&refresh_token={resp.refresh_token}" + $"&expires_utc={resp.expires_utc}" + $"&issued_utc={resp.issued_utc}" + $"&token_type={resp.token_type}&" + $"&return_url={return_url}")); } Message = "Tài khoản hoặc mật khẩu không hợp lệ"; return(Page()); }
/// <summary> /// Authenticates the credentials provided in <see cref="AuthenticationRequest"/> with the OpenStack Identity /// Service V2. /// </summary> /// <remarks> /// <para>This method caches the authentication result, and returns the cached result of a previous /// authentication request when possible to avoid unnecessary calls to the Identity API. If a cached /// authentication result is available but has either expired or will expire soon (see /// <see cref="ExpirationOverlap"/>), the cached result is discarded and the credentials are re-authenticated /// with the Identity Service.</para> /// </remarks> /// <param name="cancellationToken">The <see cref="CancellationToken"/> that the task will observe.</param> /// <returns> /// A <see cref="Task"/> representing the asynchronous operation. When the task completes successfully, the /// <see cref="Task{TResult}.Result"/> property will contain an <see cref="Access"/> instance providing the /// authentication result. /// </returns> /// <exception cref="HttpWebException"> /// If an error occurs during an HTTP request as part of authenticating with the Identity API. /// </exception> protected virtual Task <Access> AuthenticateAsync(CancellationToken cancellationToken) { Access access = Access; if (access != null && access.Token != null) { Token token = access.Token; // Note: this code uses lifting to null to cover the case where token.ExpiresAt is null DateTimeOffset?effectiveExpiration = token.ExpiresAt - ExpirationOverlap; if (effectiveExpiration > DateTimeOffset.Now) { return(CompletedTask.FromResult(access)); } } return (IdentityService.AuthenticateAsync(AuthenticationRequest, cancellationToken) .Select( task => { _access = task.Result; return task.Result; })); }
public async Task <IActionResult> LogIn(AuthorizationGrantModel model) { var validationData = _service.ValidateLogin(User, model); if (!validationData.IsValid) { return(BadRequest(AppResult.FailValidation(data: validationData))); } AppUser entity; switch (model.grant_type) { case "password": case null: { entity = await _service.AuthenticateAsync(model.username, model.password); if (entity == null) { return(Unauthorized(AppResult .Unauthorized(mess: "Invalid username or password"))); } } break; case "refresh_token": { var validResult = _service.ValidateRefreshToken(model.refresh_token); if (validResult == null) { return(Unauthorized(AppResult .Unauthorized(mess: "Invalid refresh token"))); } entity = await _service.GetUserByIdAsync(validResult.Identity.Name); if (entity == null) { return(Unauthorized(AppResult .Unauthorized(mess: "Invalid user identity"))); } } break; case "firebase_token": { FirebaseToken validResult = await _service.ValidateFirebaseToken(model.firebase_token); if (validResult == null) { return(Unauthorized(AppResult .Unauthorized(mess: "Invalid Firebase token"))); } UserRecord userRecord = await FirebaseAuth.DefaultInstance.GetUserAsync(validResult.Uid); bool checkEmailDomain = _service.ValidateEmailDomain(userRecord.Email); if (!checkEmailDomain) { return(Unauthorized(AppResult.InvalidEmailDomain())); } entity = await _service.GetUserByEmailAsync(userRecord.Email); var userExisted = entity != null; if (!userExisted || !entity.LoggedIn) { using (var transaction = context.Database.BeginTransaction()) { Member memberEntity; if (!userExisted) { var emailInfo = userRecord.Email.GetEmailInfo(); entity = _service.ConvertToUser(userRecord, emailInfo.Item3); var result = await _service .CreateUserWithoutPassAsync(entity); if (!result.Succeeded) { foreach (var err in result.Errors) { ModelState.AddModelError(err.Code, err.Description); } var builder = ResultHelper.MakeInvalidAccountRegistrationResults(ModelState); return(BadRequest(builder)); } _logger.CustomProperties(entity).Info("Register new user"); memberEntity = _memberService.ConvertToMember(entity, entity.MemberCode); memberEntity = _memberService.CreateMember(memberEntity); } else { entity = _service.UpdateUser(entity, userRecord); var result = await _service.UpdateUserAsync(entity); if (!result.Succeeded) { foreach (var err in result.Errors) { ModelState.AddModelError(err.Code, err.Description); } var builder = ResultHelper.MakeInvalidAccountRegistrationResults(ModelState); return(BadRequest(builder)); } memberEntity = _memberService.Members.Id(entity.Id).FirstOrDefault(); memberEntity = _memberService.UpdateMember(memberEntity, entity); } //log event var ev = _sysService.GetEventForNewUser( $"{memberEntity.Email} has logged into system for the first time", memberEntity.UserId); _sysService.CreateAppEvent(ev); //end log event context.SaveChanges(); transaction.Commit(); } } } break; default: return(BadRequest(AppResult.Unsupported("Unsupported grant type"))); } var identity = await _service.GetIdentityAsync(entity, JwtBearerDefaults.AuthenticationScheme); var principal = new ClaimsPrincipal(identity); var utcNow = DateTime.UtcNow; var props = new AuthenticationProperties() { IssuedUtc = utcNow, ExpiresUtc = utcNow.AddHours(WebApi.Settings.Instance.TokenValidHours) }; props.Parameters["refresh_expires"] = utcNow.AddHours( WebApi.Settings.Instance.RefreshTokenValidHours); var resp = _service.GenerateTokenResponse(principal, props, model.scope ?? AppOAuthScope.ROLES); _logger.CustomProperties(entity).Info("Login user"); return(Ok(resp)); }
public async Task <IActionResult> LogIn([FromForm] AuthorizationGrantModel model) { var validationResult = _service.ValidateLogin(User, model); if (!validationResult.Valid) { return(BadRequest(validationResult.Result)); } AppUser entity = null; switch (model.grant_type) { case "password": case null: { entity = await _service.AuthenticateAsync(model.username, model.password); if (entity == null) { return(Unauthorized(new AppResultBuilder() .Unauthorized(mess: "Invalid username or password"))); } } break; case "refresh_token": { var validResult = _service.ValidateRefreshToken(model.refresh_token); if (validResult == null) { return(Unauthorized(new AppResultBuilder() .Unauthorized(mess: "Invalid refresh token"))); } entity = await _service.GetUserByIdAsync(validResult.Identity.Name); if (entity == null) { return(Unauthorized(new AppResultBuilder() .Unauthorized(mess: "Invalid user identity"))); } } break; default: return(BadRequest(new AppResultBuilder() .Unsupported("Unsupported grant type"))); } var identity = await _service.GetIdentityAsync(entity, JwtBearerDefaults.AuthenticationScheme); var principal = new ClaimsPrincipal(identity); var utcNow = DateTime.UtcNow; var props = new AuthenticationProperties() { IssuedUtc = utcNow, ExpiresUtc = utcNow.AddHours(WebApi.Settings.Instance.TokenValidHours) }; props.Parameters["refresh_expires"] = utcNow.AddHours( WebApi.Settings.Instance.RefreshTokenValidHours); var resp = _service.GenerateTokenResponse(principal, props, model.scope); _logger.CustomProperties(entity).Info("Login user"); if (principal.IsInRole(RoleName.Device)) { if (model.fcm_token == null) { return(BadRequest(new AppResultBuilder() .FailValidation(mess: "FCM Token is required for device login"))); } using (var trans = context.Database.BeginTransaction()) { var device = _deviceService.Devices.Id(entity.Id).FirstOrDefault(); var oldFcmToken = device.CurrentFcmToken; _deviceService.ChangeDeviceToken(device, model.fcm_token, resp.access_token); context.SaveChanges(); _service.LoginDevice(device, oldFcmToken, model.fcm_token); trans.Commit(); } } return(Ok(resp)); }