public object GetToken([FromQuery] SessionCodeQueryModel parameters) { var sessionHandler = AuthSessionStorage.GetHandler(parameters.SessionCode); if (sessionHandler == null) { throw new AuthenticationException("Session handler not found."); } else if (sessionHandler.UserUuid == null) { throw new AuthenticationException("Authentication not finished."); } else if (sessionHandler.IsExpired) { throw new AuthenticationException("Session handler has expired."); } try { var token = tokenRepository.CreateToken(sessionHandler.UserUuid.Value, new TimeSpan(TokenDurationDays, 0, 0, 0)); return(TokenModel.Create(token)); } finally { AuthSessionStorage.RemoveHandler(sessionHandler.Code); } }
public async Task <TokenModel> GenerateToken(AuthorizationModel authorization) { var token = TokenModel.Create(authorization); var content = JsonConvert.SerializeObject(token); await _database.HashSetAsync(GetHashId() + authorization.UserName, authorization.UserName, content); return(token); }
public object AuthorizeWithLoginAndPassword([FromQuery] AuthorizationQueryModel authData) { var user = userRepository.SelectWithEmail(authData.Login); var password = System.Text.Encoding.UTF8.GetBytes(authData.Password); using (var pbkdf2 = new Rfc2898DeriveBytes(password, user.Salt, PasswordHashIterations, HashAlgorithmName.SHA256)) { var hash = pbkdf2.GetBytes(32); if (Toolbox.UnsafeCompare(hash, user.PasswordHash)) { var token = tokenRepository.CreateToken(user.Uuid, new TimeSpan(TokenDurationDays, 0, 0, 0)); return(TokenModel.Create(token)); } } throw new AuthenticationException("invalid login or password"); }