blob: 09e05b6d841f285fad93cc974f0fdca79b2efeca (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
namespace IOL.BookmarkThing.Server.Api.Internal.Account;
public class CreateSessionRoute : RouteBaseInternalAsync.WithRequest<CreateSessionRequest>.WithActionResult
{
private readonly AppDbContext _context;
public CreateSessionRoute(AppDbContext context) {
_context = context;
}
[AllowAnonymous]
[ApiVersionNeutral]
[ApiExplorerSettings(IgnoreApi = true)]
[HttpPost("~/v{version:apiVersion}/account/create-session")]
public override async Task<ActionResult> HandleAsync(CreateSessionRequest payload, CancellationToken cancellationToken = default) {
var user = _context.Users.SingleOrDefault(u => u.Username == payload.Username);
if (user == default || !user.VerifyPassword(payload.Password)) {
return BadRequest(new ErrorResult("Invalid username or password"));
}
var claims = user.DefaultClaims();
var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var authenticationProperties = new AuthenticationProperties {
AllowRefresh = true,
IssuedUtc = DateTimeOffset.UtcNow,
};
if (payload.Persist) {
authenticationProperties.ExpiresUtc = DateTimeOffset.UtcNow.AddYears(100);
authenticationProperties.IsPersistent = true;
}
await HttpContext.SignInAsync(principal, authenticationProperties);
// Return new LoggedInInternalUser here, because it is not materialised in AppControllerBase yet.
return Ok(new LoggedInInternalUser {
Id = user.Id,
Username = user.Username
});
}
}
|
