334 lines
16 KiB
C#
334 lines
16 KiB
C#
using Asp.Versioning;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Options;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using OnlineSalesAutoCrop.CoreAPI;
|
|
using OnlineSalesAutoCrop.CoreAPI.Models;
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Global;
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Objects.Systems;
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Requests.Common;
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Requests.Integrations;
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Requests.MobileApp;
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Responses.Integrations;
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Responses.MobileApp;
|
|
using OnlineSalesAutoCrop.CoreAPI.Models.Responses.Systems;
|
|
using OnlineSalesAutoCrop.CoreAPI.Services.Contracts.Auth;
|
|
using OnlineSalesAutoCrop.CoreAPI.Services.Contracts.Systems;
|
|
using System;
|
|
using System.DirectoryServices;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Runtime.Versioning;
|
|
using System.Security.Claims;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace OnlineSalesAutoCrop.CoreAPI.Controllers
|
|
{
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
/// <remarks>
|
|
///
|
|
/// </remarks>
|
|
/// <param name="service"></param>
|
|
/// <param name="appSettings"></param>
|
|
/// <param name="cache"></param>
|
|
/// <param name="logger"></param>
|
|
/// <param name="refreshTokenService"></param>
|
|
[Authorize]
|
|
[ApiController]
|
|
[ApiVersion("1.0")]
|
|
[ValidateAntiForgeryToken]
|
|
[Route("api/mobile/v{version:apiVersion}/auth")]
|
|
public class MobileAuthController(IUserService service, IOptions<AppSettings> appSettings, IEaseCache cache, ILogger<IntegrationAuthController> logger,
|
|
IRefreshTokenService refreshTokenService) : ControllerBase
|
|
{
|
|
private readonly ILogger _logger = logger;
|
|
private readonly IEaseCache _cache = cache;
|
|
private readonly IUserService _service = service;
|
|
private readonly IRefreshTokenService _refreshTokenService = refreshTokenService;
|
|
private readonly AppSettings _appSettings = appSettings?.Value;
|
|
private readonly DateTimeOffset _options = Helper.CreateEaseCacheOptions();
|
|
|
|
|
|
/// <summary>
|
|
/// Login using your credential data retrieve from SqlServer
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// </remarks>
|
|
/// <param name="request"></param>
|
|
/// <returns>If login successful ValidUser: true</returns>
|
|
/// <response code="200">If login successful Return ValidUser: true and UserName: not empty</response>
|
|
[HttpPost("Login")]
|
|
[AllowAnonymous]
|
|
[IgnoreAntiforgeryToken]
|
|
[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(MobileAppAuthRequest))]
|
|
public async Task<IActionResult> Login([FromBody] MobileAppAuthRequest request)
|
|
{
|
|
ArgumentNullException.ThrowIfNull(request);
|
|
|
|
AppAuthUserResponse loginReponse = new();
|
|
|
|
if (string.IsNullOrEmpty(request.LoginId))
|
|
{
|
|
loginReponse.ReturnStatus = StatusCodes.Status417ExpectationFailed;
|
|
loginReponse.ReturnMessage.Add("Login ID is required.");
|
|
return StatusCode(StatusCodes.Status417ExpectationFailed, loginReponse);
|
|
}
|
|
|
|
if (string.IsNullOrEmpty(request.Password))
|
|
{
|
|
loginReponse.ReturnStatus = StatusCodes.Status417ExpectationFailed;
|
|
loginReponse.ReturnMessage.Add("Password is required.");
|
|
return StatusCode(StatusCodes.Status417ExpectationFailed, loginReponse);
|
|
}
|
|
|
|
|
|
string ipAddress = string.Empty;
|
|
try
|
|
{
|
|
#region Decrypt LoginID
|
|
|
|
string cipherSecretKey = GlobalFunctions.ConvertFromBase64String(_appSettings.CipherSecretKey);
|
|
|
|
|
|
#endregion
|
|
|
|
bool checkPwd = true;
|
|
|
|
ipAddress = Request.HttpContext.GetIpAddress();
|
|
loginReponse = await _service.LoginAsync(request: request, ipAddress: ipAddress);
|
|
|
|
if (loginReponse == null || loginReponse.UserId == 0)
|
|
{
|
|
loginReponse.LoginStatus = EnumLoginStatus.Error;
|
|
loginReponse.ReturnStatus = StatusCodes.Status403Forbidden;
|
|
loginReponse.ReturnMessage.Add(checkPwd ? "Login ID/Password is invalid." : "You are not Authorized to login into the System");
|
|
return StatusCode(StatusCodes.Status417ExpectationFailed, loginReponse);
|
|
}
|
|
|
|
if (loginReponse.LoginStatus == EnumLoginStatus.Unsuccessful)
|
|
{
|
|
loginReponse.LoginStatus = loginReponse.LoginStatus;
|
|
loginReponse.ReturnStatus = StatusCodes.Status403Forbidden;
|
|
loginReponse.ReturnMessage.Add(checkPwd ? $"Login ID/Password is invalid for {request.LoginId}." : "You are not Authorized to login into the System");
|
|
return StatusCode(StatusCodes.Status417ExpectationFailed, loginReponse);
|
|
}
|
|
|
|
|
|
if (loginReponse.IsLocked)
|
|
{
|
|
loginReponse.LoginStatus = loginReponse.LoginStatus;
|
|
loginReponse.ReturnStatus = StatusCodes.Status403Forbidden;
|
|
loginReponse.ReturnMessage.Add($"Your Account is locked . Please try again after few minutes");
|
|
return StatusCode(StatusCodes.Status417ExpectationFailed, loginReponse);
|
|
}
|
|
|
|
if (!loginReponse.IsAuthorized )
|
|
{
|
|
loginReponse.LoginStatus = loginReponse.LoginStatus;
|
|
loginReponse.ReturnStatus = StatusCodes.Status403Forbidden;
|
|
loginReponse.ReturnMessage.Add("You are not Authorized to Login into the System, Please contact with System Administrator.");
|
|
return StatusCode(StatusCodes.Status417ExpectationFailed, loginReponse);
|
|
}
|
|
|
|
loginReponse.ReturnStatus = StatusCodes.Status200OK;
|
|
string pwdSecretKey = GlobalFunctions.ConvertFromBase64String(_appSettings.PwdSecretKey);
|
|
string userPwd = Ease.NetCore.Utility.Global.CipherFunctions.EncryptByAES(privateKey: pwdSecretKey, publicKey: pwdSecretKey, data: request.Password);
|
|
byte[] key = Encoding.ASCII.GetBytes(_appSettings.JwtCryptoKey);
|
|
JwtSecurityTokenHandler tokenHandler = new();
|
|
var tokenDescriptor = new SecurityTokenDescriptor
|
|
{
|
|
Subject = new ClaimsIdentity(
|
|
[
|
|
Helper.CreateClaim("LoginId", loginReponse.LoginId),
|
|
Helper.CreateClaim("Email", loginReponse.Email),
|
|
Helper.CreateClaim("Mobile", $"{loginReponse.MobileNumber}"),
|
|
Helper.CreateClaim("HashKey", Guid.NewGuid().ToString())
|
|
]),
|
|
Expires = DateTime.UtcNow.AddHours(12),
|
|
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature)
|
|
};
|
|
|
|
SecurityToken token = tokenHandler.CreateToken(tokenDescriptor);
|
|
string userToken = tokenHandler.WriteToken(token);
|
|
GenerateRefreshTokenRequest refreshTokenRequest = new GenerateRefreshTokenRequest()
|
|
{
|
|
UserId = loginReponse.UserId,
|
|
IpAddress = ipAddress,
|
|
RawRefreshToken = string.Empty
|
|
};
|
|
|
|
var refreshToken = await _refreshTokenService.GenerateRefreshTokenByUserAsync(refreshTokenRequest);
|
|
|
|
//If token length is greater than or equal to 4096 (4KB) then return error
|
|
//because cookie can not store more than 4KB data and we are storing this token in cookie for authentication
|
|
if (userToken.Length >= 4096) //4Kb
|
|
{
|
|
loginReponse.LoginStatus = loginReponse.LoginStatus;
|
|
loginReponse.ReturnStatus = StatusCodes.Status431RequestHeaderFieldsTooLarge;
|
|
loginReponse.ReturnMessage.Add("Authentication Token is too large for cookie.");
|
|
return StatusCode(StatusCodes.Status431RequestHeaderFieldsTooLarge, loginReponse);
|
|
}
|
|
|
|
loginReponse.ReturnStatus = loginReponse.ReturnStatus;
|
|
loginReponse.ReturnMessage = loginReponse.ReturnMessage;
|
|
loginReponse.LoginId = loginReponse.LoginId;
|
|
loginReponse.AccessToken = userToken;
|
|
loginReponse.RefreshToken = refreshToken.RefreshToken;
|
|
loginReponse.AccessTokenExpiryTime = DateTime.UtcNow.AddHours(12);
|
|
loginReponse.RefreshTokenExpiryTime = refreshToken.ExpireTime;
|
|
return StatusCode(StatusCodes.Status200OK, loginReponse);
|
|
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
string msg = $"{request?.LoginId}~{ipAddress}";
|
|
_logger.LogError(exception: ex, message: msg);
|
|
loginReponse.ReturnStatus = StatusCodes.Status500InternalServerError;
|
|
loginReponse.ReturnMessage.Add(ex.InnerException != null ? ex.InnerException.Message : ex.Message);
|
|
return StatusCode(StatusCodes.Status500InternalServerError, loginReponse);
|
|
}
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Login using your credential data retrieve from SqlServer
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// </remarks>
|
|
/// <param name="request"></param>
|
|
/// <returns>If login successful ValidUser: true</returns>
|
|
/// <response code="200">If login successful Return ValidUser: true and UserName: not empty</response>
|
|
[HttpPost("RefreshToken")]
|
|
[AllowAnonymous]
|
|
[IgnoreAntiforgeryToken]
|
|
[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(IntegrationLoginResponse))]
|
|
public async Task<IActionResult> GetRefreshToken([FromBody] IntegrationRefreshTokenRequest request)
|
|
{
|
|
IntegrationRrefreshTokenResponse response = new();
|
|
try
|
|
{
|
|
var userRefreshToken = await _refreshTokenService.GetUserByRefreshTokenAsync(request.RefreshToken);
|
|
if (!userRefreshToken.IsActive)
|
|
{
|
|
string msg = $"Refresh Token is not active: {request?.RefreshToken}";
|
|
_logger.LogError(message: msg);
|
|
response.ReturnStatus = StatusCodes.Status401Unauthorized;
|
|
response.ReturnMessage.Add(msg);
|
|
return StatusCode(StatusCodes.Status401Unauthorized, response);
|
|
}
|
|
|
|
byte[] key = Encoding.ASCII.GetBytes(_appSettings.JwtCryptoKey);
|
|
JwtSecurityTokenHandler tokenHandler = new();
|
|
var tokenDescriptor = new SecurityTokenDescriptor
|
|
{
|
|
Subject = new ClaimsIdentity(
|
|
[
|
|
Helper.CreateClaim("LoginId", userRefreshToken.LoginId),
|
|
Helper.CreateClaim("Email", userRefreshToken.EmailAddress),
|
|
Helper.CreateClaim("AuthKey", $"{userRefreshToken.AuthKey}"),
|
|
Helper.CreateClaim("HashKey", Guid.NewGuid().ToString())
|
|
]),
|
|
Expires = DateTime.UtcNow.AddHours(12),
|
|
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature)
|
|
};
|
|
|
|
SecurityToken token = tokenHandler.CreateToken(tokenDescriptor);
|
|
string userToken = tokenHandler.WriteToken(token);
|
|
|
|
string ipAddress = Request.HttpContext.GetIpAddress();
|
|
var refreshToken = await _refreshTokenService.GenerateRefreshTokenAsync(request.RefreshToken, ipAddress);
|
|
|
|
response.AccessToken = userToken;
|
|
response.RefreshToken = refreshToken;
|
|
|
|
return StatusCode(StatusCodes.Status200OK, response);
|
|
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
string msg = $"{request?.RefreshToken}";
|
|
_logger.LogError(exception: ex, message: msg);
|
|
response.ReturnStatus = StatusCodes.Status500InternalServerError;
|
|
response.ReturnMessage.Add(ex.InnerException != null ? ex.InnerException.Message : ex.Message);
|
|
return StatusCode(StatusCodes.Status500InternalServerError, response);
|
|
}
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Login using your credential data retrieve from SqlServer
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// </remarks>
|
|
/// <param name="request"></param>
|
|
/// <returns>If login successful ValidUser: true</returns>
|
|
/// <response code="200">If login successful Return ValidUser: true and UserName: not empty</response>
|
|
[HttpPost("Logout")]
|
|
[Authorize]
|
|
[IgnoreAntiforgeryToken]
|
|
[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(AuthLogoutResponse))]
|
|
public async Task<IActionResult> Logout([FromBody] AuthLogoutRequest request)
|
|
{
|
|
AuthLogoutResponse response = new();
|
|
try
|
|
{
|
|
string ipAddress = Request.HttpContext.GetIpAddress();
|
|
response = await _service.LogoutAsync(request, ipAddress);
|
|
|
|
response.ReturnStatus = StatusCodes.Status200OK;
|
|
response.ReturnMessage.Add("Successfully Logout");
|
|
return StatusCode(StatusCodes.Status200OK, response);
|
|
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
string msg = $"Exception occur on logout {request?.LoginId}";
|
|
_logger.LogError(exception: ex, message: msg);
|
|
response.ReturnStatus = StatusCodes.Status500InternalServerError;
|
|
response.ReturnMessage.Add(ex.InnerException != null ? ex.InnerException.Message : ex.Message);
|
|
return StatusCode(StatusCodes.Status500InternalServerError, response);
|
|
}
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Login using your credential data retrieve from SqlServer
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// </remarks>
|
|
/// <param name="request"></param>
|
|
/// <returns>If login successful ValidUser: true</returns>
|
|
/// <response code="200">If login successful Return ValidUser: true and UserName: not empty</response>
|
|
[HttpPost("ChangePassword")]
|
|
[Authorize]
|
|
[IgnoreAntiforgeryToken]
|
|
[ProducesResponseType(StatusCodes.Status200OK, Type = typeof(AppChangePasswordResponse))]
|
|
public async Task<IActionResult> ChangePassword([FromBody] AppUserChangePasswordRequest request)
|
|
{
|
|
AppChangePasswordResponse response = new();
|
|
try
|
|
{
|
|
string ipAddress = Request.HttpContext.GetIpAddress();
|
|
response = await _service.ChangePasswordAsync(request, ipAddress);
|
|
|
|
response.ReturnStatus = StatusCodes.Status200OK;
|
|
response.ReturnMessage.Add("Successfully Changed the Password");
|
|
return StatusCode(StatusCodes.Status200OK, response);
|
|
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
string msg = $"Exception occur on logout {request?.LoginId}";
|
|
_logger.LogError(exception: ex, message: msg);
|
|
response.ReturnStatus = StatusCodes.Status500InternalServerError;
|
|
response.ReturnMessage.Add(ex.InnerException != null ? ex.InnerException.Message : ex.Message);
|
|
return StatusCode(StatusCodes.Status500InternalServerError, response);
|
|
}
|
|
}
|
|
}
|
|
} |