allReady/AllReadyApp/Web-App/AllReady/Controllers/MeApiController.cs at aae843f8d6e349f200cec032df445990cd321647 · HTBox/allReady · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
using System.Threading.Tasks;
using AllReady.Features.Login;
using AllReady.Models;
using AllReady.Security;
using AllReady.ViewModels.Account;
using MediatR;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using UserType = AllReady.Models.UserType;
using AllReady.Attributes;

namespace AllReady.Controllers
{
    //[Authorize]
    [Route("api/me")]
    public class MeApiController : Controller
    {
        private const string INVALID_LOGIN = "Unable to validate login information";
        private const string TWO_FACTOR_NOT_SUPPORTED = "2 factor not supported yet!";
        private const string ACCOUNT_LOCKED_OUT = "Account is locked out. Please try again later";

        private readonly UserManager<ApplicationUser> _userManager;
        private readonly SignInManager<ApplicationUser> _signInManager;
        private readonly IMediator _mediator;

        public MeApiController(UserManager<ApplicationUser> userManager,
            SignInManager<ApplicationUser> signInManager,
            IMediator mediator)
        {
            _userManager = userManager;
            _signInManager = signInManager;
            _mediator = mediator;
        }

        [ExternalEndpoint]
        [HttpPost]
        [Route("login")]
        public async Task<IActionResult> Login([FromBody] LoginViewModel model)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(INVALID_LOGIN);
            }

            // Require admin users to have a confirmed email before they can log on.
            var user = await _mediator.SendAsync(new ApplicationUserQuery { UserName = model.Email });
            if (user != null)
            {
                var isAdminUser = user.IsUserType(UserType.OrgAdmin) || user.IsUserType(UserType.SiteAdmin);
                if (isAdminUser && !await _userManager.IsEmailConfirmedAsync(user))
                {
                    //TODO: Showing the error page here makes for a bad experience for the user.
                    //It would be better if we redirected to a specific page prompting the user to check their email for a confirmation email and providing an option to resend the confirmation email.
                    return Unauthorized();
                }
            }

            // This doesn't count login failures towards account lockout
            // To enable password failures to trigger account lockout, set lockoutOnFailure: true
            var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
            if (result.Succeeded)
            {
                return Content(Request.Cookies[".AspNet.ApplicationCookie"]);
            }

            if (result.RequiresTwoFactor)
            {
                return BadRequest(TWO_FACTOR_NOT_SUPPORTED);

            }

            if (result.IsLockedOut)
            {
                //return View("Lockout");
                return BadRequest(ACCOUNT_LOCKED_OUT);
            }

            return Unauthorized();
        }
    }
}