// Encrypted password, encrypted AES key, and aesIV are all in hex string format. public async Task <Result <AuthenticationResult> > LogInAsync(string username, string ipAddress, string password, int currentNumExceptions) { bool authenticationSuccessful = false; bool userExist = false; try { // If the username doesn't exist. if (!await _userManagementService.CheckUserExistenceAsync(username).ConfigureAwait(false)) { // Log the action. _ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString), Constants.LogInOperation, Constants.AnonymousUserIdentifier, ipAddress, Constants.UsernameDNELogMessage).ConfigureAwait(false); // Return the result of the login failure. AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist); return(SystemUtilityService.CreateResult(Constants.InvalidLogInUserMessage, authenResult, false)); } userExist = true; // Get the information of the usernmae. UserObject user = await _userManagementService.GetUserInfoAsync(username).ConfigureAwait(false); // If the username is disabled. if (user.Disabled == 1) { // Log the action. _ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString), Constants.LogInOperation, Constants.AnonymousUserIdentifier, ipAddress, Constants.UserDisableLogMessage).ConfigureAwait(false); // Return the result of the disabled username's login try. AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist); return(SystemUtilityService.CreateResult(Constants.UserDisableUserMessage, authenResult, false)); } AuthenticationDTO existing = new AuthenticationDTO(username, user.Password); AuthenticationDTO credentials = new AuthenticationDTO(username, password); // If the username's stored password matches the hashed password. if (_authenticationService.Authenticate(existing, credentials)) { authenticationSuccessful = true; // Create a token for the username. string token = await _sessionService.CreateTokenAsync(username).ConfigureAwait(false); // Get user type. string userType = await _userManagementService.GetUserTypeAsync(username).ConfigureAwait(false); Console.WriteLine(userType); // Get the path to store the token. string path = Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory); path = path + $"{path.Substring(0, 1)}" + Constants.TokenFile; // Save the token the the path. using (StreamWriter sw = File.CreateText(path)) { sw.WriteLine(token); } // Log the action. _ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString), Constants.LogInOperation, username, ipAddress).ConfigureAwait(false); // Return the result of the successful login. AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist, token, userType); return(SystemUtilityService.CreateResult(Constants.LogInSuccessUserMessage, authenResult, false)); } // If the password doesn't match. else { // Increment the number of login failure. await _userManagementService.IncrementLoginFailuresAsync(username, Constants.LogInTriesResetTime, Constants.MaxLogInAttempts).ConfigureAwait(false); // Log the action. _ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString), Constants.LogInOperation, Constants.AnonymousUserIdentifier, ipAddress, Constants.InvalidPasswordLogMessage).ConfigureAwait(false); // Return the result of the unsuccessful login. AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist); return(SystemUtilityService.CreateResult(Constants.InvalidLogInUserMessage, authenResult, false)); } } // Catch exceptions. catch (Exception e) { // Log the exception. _ = _loggingManager.LogAsync(DateTime.UtcNow.ToString(Constants.LoggingFormatString), Constants.LogInOperation, Constants.AnonymousUserIdentifier, ipAddress, e.Message).ConfigureAwait(false); // If the current number of consecutive exceptions has reached the maximum number of retries. if (currentNumExceptions + 1 >= Constants.MaximumOperationRetries) { // Notify the system admin. await SystemUtilityService.NotifySystemAdminAsync($"{Constants.LogInOperation} failed a maximum number of times for {username}.", Constants.SystemAdminEmailAddress).ConfigureAwait(false); } // Return the result of the exception occured. AuthenticationResult authenResult = new AuthenticationResult(authenticationSuccessful, userExist); return(SystemUtilityService.CreateResult(Constants.SystemErrorUserMessage, authenResult, true)); } }