public IHttpActionResult Login(LoginRequest request)
{
try
{
User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault();
ValidationUtilities.ValidateUserForLogin(request, account);
if (account != null)
{
if (account.IsActiveUser == false)
{
return(BadRequest(ErrorCodes.USER_DEACTIVATED_BY_ADMIN.ToString()));
//var response = HttpUtilities.FrameHTTPResp(System.Net.HttpStatusCode.BadRequest, ErrorCodes.USER_DEACTIVATED_BY_ADMIN);
// throw new HttpResponseException(response);
}
if (account.IsActivated == false)
{
return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString()));
}
if (!account.IsLocked)
{
byte[] incoming = AuthorizationUtilities.hash(request.Password, account.Salt);
if (Utilities.Utilities.slowEquals(incoming, account.Password))
{
if (account.IsActivated)
{
//Audit Trial Entry.
//DbUtilities.AuditTrialEntry(account, AuditTrialStatus.SUCCESS, AuditTrialOpType.LOGIN, this.Request);
//Creating a Token
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(Constants.STR_FIRSTNAME, account.FirstName));
claimsIdentity.AddClaim(new Claim(Constants.STR_LASTNAME, account.LastName));
claimsIdentity.AddClaim(new Claim(ClaimTypes.Email, request.Email));
claimsIdentity.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, request.Email));
claimsIdentity.AddClaim(new Claim("UserId", account.Id));
List <Role> roles = (from userMaps in _context.UserRoleMaps.ToList()
join rol in _context.Roles.ToList() on userMaps.RoleId equals rol.Id
where userMaps.UserId == account.Id && userMaps.Deleted == false
select rol).ToList();
if (roles != null && roles.Count > 0)
{
foreach (var item in roles)
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName));
//claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, item.RoleName + "|" + item.Id));
}
}
// Update user details:
UpdateUserDetailsInLogin(account);
JwtSecurityToken token = AuthorizationUtilities.GetAuthenticationTokenForUser(request.Email, claimsIdentity.Claims.ToArray());
return(Ok(new
{
Token = token.RawData,
Username = request.Email,
UserId = account.Id
}));
}
else
{
return(BadRequest(ErrorCodes.USER_NOT_ACVTD.ToString()));
}
}
else
{
//Audit Trial Entry.
DbUtilities.AuditTrialEntry(account, AuditTrialStatus.FAILURE, AuditTrialOpType.LOGIN, this.Request);
// return Unauthorized();
return(BadRequest(ErrorCodes.PASSWORD_NOTMATCHED.ToString()));
}
}
else
{
return(BadRequest(ErrorCodes.ACCOUNT_LOCKED.ToString()));
}
}
return(Unauthorized());
}
catch (HttpResponseException ex)
{
throw ex;
}
catch (Exception ex)
{
LGSELogger.Error(ex);
return(InternalServerError(ex));
}
}