public async Task<IActionResult> IssueToken([FromBody] BearerTokenRequest model) { if (!ValidModelState(out var error)) return error; TUser user; switch (model.IdentityType) { case IdentityType.Username: user = await _userManager.FindByNameAsync(model.Identity); break; case IdentityType.Email: user = await _userManager.FindByEmailAsync(model.Identity); if (!user.EmailConfirmed) return NotFound(); break; case IdentityType.PhoneNumber: user = await _userManager.FindByPhoneNumberAsync(model.Identity); if (!user.PhoneNumberConfirmed) return NotFound(); break; default: throw new ArgumentOutOfRangeException(); } if (user == null) return NotFound(); if (user.LockoutEnd.HasValue && user.LockoutEnd > _timestamps.GetCurrentTime()) return Forbid(); if (await _userManager.CheckPasswordAsync(user, model.Password)) { Debug.Assert(nameof(IUserIdProvider.Id) == nameof(IdentityUser.Id)); var claims = await _userManager.GetClaimsAsync(user); if (HttpContext.GetTenantContext<TTenant>() is TenantContext<TTenant> tenantContext) { if (tenantContext.Tenant != null) { claims.Add(new Claim(_securityOptions.Value.Claims.TenantIdClaim, tenantContext.Tenant.Id)); claims.Add(new Claim(_securityOptions.Value.Claims.TenantNameClaim, tenantContext.Tenant.Name)); } } var provider = user.ActLike<IUserIdProvider>(); var token = JwtSecurity.CreateToken(provider, claims, _securityOptions.Value, _apiOptions.Value); return Ok(new { AccessToken = token }); } return Unauthorized(); }
public async Task <IActionResult> Token(string username, string password) { if (string.IsNullOrWhiteSpace(username) || string.IsNullOrEmpty(password)) { return(Fail("Недопустимый логин или пароль.")); } var identity = await _accountService.GetIdentityAsync(username, password); if (identity == null) { return(Fail("Неверный логин или пароль.")); } var jwt = JwtSecurity.CreateToken(identity.Claims); var accessToken = new JwtSecurityTokenHandler().WriteToken(jwt); return(Success(new { accessToken, username })); }
public async Task <IActionResult> IssueToken([FromBody] BearerTokenRequest model) { if (!Debugger.IsAttached) { return(NotImplemented()); } #if DEBUG var superUser = _securityOptions.Value.SuperUser; if (!superUser.Enabled) { return(NotFound()); } if (!ValidModelState(out var error)) { return(error); } bool isSuperUser; switch (model.IdentityType) { case IdentityType.Username: isSuperUser = superUser.Username == model.Identity; if (!isSuperUser) { return(NotFound()); } break; case IdentityType.Email: isSuperUser = superUser.Email == model.Identity; if (!isSuperUser) { return(NotFound()); } break; case IdentityType.PhoneNumber: isSuperUser = superUser.PhoneNumber == model.Identity; if (!isSuperUser) { return(NotFound()); } break; default: throw new ArgumentOutOfRangeException(); } var encoding = Encoding.UTF8; if (Crypto.ConstantTimeEquals(encoding.GetBytes(model.Password), encoding.GetBytes(_securityOptions.Value.SuperUser.Password))) { Debug.Assert(nameof(IUserIdProvider.Id) == nameof(IObject.Id)); var claims = new List <Claim> { new Claim(ClaimTypes.Role, nameof(SecurityOptions.SuperUser)) }; var provider = new { Id = "87BA0A16-7253-4A6F-A8D4-82DFA1F723C1" }.ActLike <IUserIdProvider>(); var token = JwtSecurity.CreateToken(provider, claims, _securityOptions.Value, _apiOptions.Value); return(Ok(new { AccessToken = token })); } return(Unauthorized()); #endif return(NotImplemented()); }