Basic re-auth framework in place

2025-12-22 17:28:43 +00:00 · 2018-04-22 14:05:55 +01:00
parent 33a780a734
commit 6da5c22904
63 changed files with 2772 additions and 517 deletions
--- a/server/Controllers/AuthController.cs
+++ b/server/Controllers/AuthController.cs
@@ -1,31 +1,60 @@
-using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using Newtonsoft.Json;
 using PodNoms.Api.Models;
-using PodNoms.Api.Persistence;
+using PodNoms.Api.Models.ViewModels;
+using PodNoms.Api.Services.Auth;
+using PodNoms.Api.Utils;

 namespace PodNoms.Api.Controllers {
-    [Authorize]
+    [Route("[controller]")]
    public class AuthController : Controller {
-        protected IUserRepository _userRepository { get; }
+        private readonly UserManager<ApplicationUser> _userManager;
+        private readonly IJwtFactory _jwtFactory;
+        private readonly JwtIssuerOptions _jwtOptions;

-        public AuthController(IUserRepository repository) {
-            this._userRepository = repository;
+        public AuthController(UserManager<ApplicationUser> userManager, IJwtFactory jwtFactory, IOptions<JwtIssuerOptions> jwtOptions) {
+            _userManager = userManager;
+            _jwtFactory = jwtFactory;
+            _jwtOptions = jwtOptions.Value;
        }
-        protected async Task<User> GetUserAsync() {
-            var identifier = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email)?.Value;
-            var user = await this._userRepository.GetAsync(identifier);
-            return user;
+
+        // POST api/auth/login
+        [HttpPost("login")]
+        public async Task<IActionResult> Post([FromBody]CredentialsViewModel credentials) {
+            if (!ModelState.IsValid) {
+                return BadRequest(ModelState);
+            }
+
+            var identity = await GetClaimsIdentity(credentials.UserName, credentials.Password);
+            if (identity == null) {
+                return BadRequest(Errors.AddErrorToModelState("login_failure", "Invalid username or password.", ModelState));
+            }
+
+            var jwt = await Tokens.GenerateJwt(identity, _jwtFactory, credentials.UserName, _jwtOptions, 
+                new JsonSerializerSettings { Formatting = Formatting.Indented });
+            return new OkObjectResult(jwt);
        }
-        protected async Task<string> GetUserUidAsync() {
-            var user = await GetUserAsync();
-            return user.Uid;
-        }
-        protected async Task<int> GetUserIdAsync() {
-            var user = await GetUserAsync();
-            return user.Id;
+
+        private async Task<ClaimsIdentity> GetClaimsIdentity(string userName, string password) {
+            if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password))
+                return await Task.FromResult<ClaimsIdentity>(null);
+
+            // get the user to verifty
+            var userToVerify = await _userManager.FindByNameAsync(userName);
+
+            if (userToVerify == null) return await Task.FromResult<ClaimsIdentity>(null);
+
+            // check the credentials
+            if (await _userManager.CheckPasswordAsync(userToVerify, password)) {
+                return await Task.FromResult(_jwtFactory.GenerateClaimsIdentity(userName, userToVerify.Id));
+            }
+
+            // Credentials are invalid, or account doesn't exist
+            return await Task.FromResult<ClaimsIdentity>(null);
        }
    }
-}
+}