public async Task <PostAuthenticateResponseModel> Authenticate(PostAuthenticateRequestModel postAuthenticateRequestModel) { var postAuthenticateRequestModelJson = new StringContent( JsonSerializer.Serialize(postAuthenticateRequestModel), Encoding.UTF8, "application/json"); using var httpResponse = await _httpClient.PostAsync("users/authenticate", postAuthenticateRequestModelJson); using var httpResponseStream = await httpResponse.Content.ReadAsStreamAsync(); if (httpResponse.IsSuccessStatusCode) { // Get the Refresh Token details out of the response and save them in the model string refreshToken = httpResponse.Headers.GetValues("Set-Cookie").SingleOrDefault(); PostAuthenticateResponseModel postAuthenticateResponseModel = await JsonSerializer.DeserializeAsync <PostAuthenticateResponseModel>(httpResponseStream); postAuthenticateResponseModel.RefreshToken = refreshToken; return(postAuthenticateResponseModel); } throw await JsonSerializer.DeserializeAsync <MovieMindException>(httpResponseStream); }
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks public async Task <IActionResult> Index(PostUserModel postUserModel, string rememberMe) { if (postUserModel.Password != postUserModel.ConfirmPassword) { ModelState.AddModelError("ConfirmPassword", _localizer["Passwords are not the same"]); } if (ModelState.IsValid) { try { if (postUserModel.Roles == null) { postUserModel.Roles = new List <String> { "Guest" }; } else if (postUserModel.Roles.Count == 0) { postUserModel.Roles.Add("Guest"); } // Send an API request to create the new user GetUserModel getUserModel = await _moviemindAPIService.PostModel <PostUserModel, GetUserModel>(postUserModel, "users"); // When the user was successfully created send an API request to authenticate the new user PostAuthenticateRequestModel postAuthenticateRequestModel = new PostAuthenticateRequestModel { UserName = postUserModel.UserName, Password = postUserModel.Password, }; PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.Authenticate(postAuthenticateRequestModel); _stateManagementService.SetState(postAuthenticateResponseModel); // Redirect to the home page return(RedirectToRoute(new { action = "Index", controller = "Home" })); } catch (MovieMindException e) { TempData["ApiError"] = e.Message; } } return(View(postUserModel)); }
// JWT Methods // =========== public async Task <PostAuthenticateResponseModel> Authenticate(PostAuthenticateRequestModel postAuthenticateRequestModel, string ipAddress) { User user = await _userManager.Users .Include(x => x.RefreshTokens) .FirstOrDefaultAsync(x => x.UserName == postAuthenticateRequestModel.UserName); if (user == null) { throw new UserNameException("Invalid username", this.GetType().Name, "Authenticate", "401"); } // Verify password when user was found by UserName SignInResult signInResult = await _signInManager.CheckPasswordSignInAsync(user, postAuthenticateRequestModel.Password, lockoutOnFailure : false); if (!signInResult.Succeeded) { throw new PasswordException("Invalid password", this.GetType().Name, "Authenticate", "401"); } // Authentication was successful so generate JWT and refresh tokens string jwtToken = await GenerateJwtToken(user); RefreshToken refreshToken = GenerateRefreshToken(ipAddress); // save refresh token user.RefreshTokens.Add(refreshToken); await _userManager.UpdateAsync(user); return(new PostAuthenticateResponseModel { Id = user.Id, FirstName = user.FirstName, LastName = user.LastName, UserName = user.UserName, JwtToken = jwtToken, RefreshToken = refreshToken.Token, Roles = await _userManager.GetRolesAsync(user) }); }
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks public async Task <IActionResult> Index(PostAuthenticateRequestModel postAuthenticateRequestModel) { if (ModelState.IsValid) { try { // Send an API request to authenticate the new user PostAuthenticateResponseModel postAuthenticateResponseModel = await _moviemindAPIService.Authenticate(postAuthenticateRequestModel); _stateManagementService.SetState(postAuthenticateResponseModel); // Redirect to the home page return(RedirectToRoute(new { action = "Index", controller = "Home" })); } catch (MovieMindException e) { TempData["ApiError"] = e.Message; } } return(View(postAuthenticateRequestModel)); }
public async Task <ActionResult <PostAuthenticateResponseModel> > Authenticate(PostAuthenticateRequestModel postAuthenticateRequestModel) { try { PostAuthenticateResponseModel postAuthenticateResponseModel = await _userRepository.Authenticate(postAuthenticateRequestModel, IpAddress()); SetTokenCookie(postAuthenticateResponseModel.RefreshToken); return(postAuthenticateResponseModel); } catch (MovieMindException e) { return(Unauthorized(e.MovieMindError)); } }