public AuthenticateResponse Authenticate(AuthenticateRequest model, string ipAddress)
{
var Users = _userBs.GetAll();
var user = Users.SingleOrDefault(x => x.Username == model.Username && x.Password == model.Password);
// return null if user not found
if (user == null)
{
return(null);
}
var Usermodal = new WebApi.Models.User()
{
Username = user.Username,
Id = user.Id,
Password = user.Password,
FirstName = user.FirstName,
LastName = user.LastName
};
// authentication successful so generate jwt token
var token = GenerateJwtToken(Usermodal);
var refreshToken = refreshTokenGenerator.generateRefreshToken(ipAddress);
user.RefreshTokens.Add(new DAL.Models.RefreshToken()
{
Token = refreshToken.Token,
Expires = refreshToken.Expires,
IsExpired = refreshToken.IsExpired,
Created = refreshToken.Created,
CreatedByIp = refreshToken.CreatedByIp,
Revoked = refreshToken.Revoked,
RevokedByIp = refreshToken.RevokedByIp,
ReplacedByToken = refreshToken.ReplacedByToken,
IsActive = refreshToken.IsActive,
UserId = user.Id
});
var success = _userBs.Update(user);
//System.Threading.Thread.Sleep(2000);
var xxx = _session?.GetString(user?.Username);
// first tokens
//_session.SetString(user.Username, refreshToken.Token);
//if (UsersRefreshTokens.ContainsKey(user.Username))
//{
// UsersRefreshTokens[user.Username] = refreshToken.Token;
//}
//else
//{
// UsersRefreshTokens.Add(user.Username, refreshToken.Token);
//}
return(new AuthenticateResponse(Usermodal, token, refreshToken.Token));
}
public UserReturnModel Create(User appUser)
{
return new UserReturnModel
{
Url = _urlHelper.Link("GetUserById", new {id = appUser.Id}),
Id = appUser.Id,
UserName = appUser.UserName,
FullName = string.Format("{0} {1}", appUser.FirstName, appUser.LastName),
Email = appUser.Email,
EmailConfirmed = appUser.EmailConfirmed,
Level = appUser.Level,
JoinDate = appUser.JoinDate,
Roles = _appUserManager.GetRolesAsync(appUser.Id).Result,
Claims = _appUserManager.GetClaimsAsync(appUser.Id).Result
};
}
public static IEnumerable<Claim> GetClaims(User user)
{
var claims = new List<Claim>();
var daysInWork = (DateTime.Now.Date - user.JoinDate).TotalDays;
if (daysInWork > 90)
{
claims.Add(CreateClaim("FTE", "1"));
}
else
{
claims.Add(CreateClaim("FTE", "0"));
}
return claims;
}
// overload method
public AuthenticateResponse Authenticate(string userName, Claim[] claims, string ipAddress, RefreshCred refreshCred)
{
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var jwtSecurityToken = new JwtSecurityToken(
claims: claims,
expires: DateTime.UtcNow.AddMinutes(5),
signingCredentials: new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
);
var Users = _userBs.GetAll();
var user = Users.SingleOrDefault(x => x.Username == userName);
// return null if user not found
if (user == null)
{
return(null);
}
var Usermodal = new WebApi.Models.User()
{
Username = user.Username,
Id = user.Id,
Password = user.Password,
FirstName = user.FirstName,
LastName = user.LastName
};
var token = GenerateJwtToken(Usermodal, claims);
// var token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
var refreshToken = user.RefreshTokens.Single(x => x.Token.Trim().Equals(refreshCred.RefreshToken.Trim()));
// this is to change the expired and active conditions
// pending using automapper
var refrshtokenMod = new Models.RefreshToken()
{
Revoked = DateTime.UtcNow,
Expires = (DateTime)refreshToken.Expires,
};
var newrefreshToken = refreshTokenGenerator.generateRefreshToken(ipAddress);
// subsequesnt tokens
_session.SetString(user.Username, newrefreshToken.Token);
refreshToken.Expires = refrshtokenMod.Expires;
refreshToken.Revoked = DateTime.UtcNow;
refreshToken.RevokedByIp = ipAddress;
refreshToken.ReplacedByToken = newrefreshToken.Token;
refreshToken.IsActive = refrshtokenMod.IsActive;
user.RefreshTokens.Add(new DAL.Models.RefreshToken()
{
Token = newrefreshToken.Token,
Expires = newrefreshToken.Expires,
IsExpired = newrefreshToken.IsExpired,
Created = newrefreshToken.Created,
CreatedByIp = newrefreshToken.CreatedByIp,
Revoked = newrefreshToken.Revoked,
RevokedByIp = newrefreshToken.RevokedByIp,
ReplacedByToken = newrefreshToken.ReplacedByToken,
IsActive = newrefreshToken.IsActive,
UserId = user.Id
});
var success = _userBs.Update(user);
return(new AuthenticateResponse(Usermodal, token, newrefreshToken.Token));
}
