src/Api/Controllers/AuthController.cs

using System;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Bit.Core.Identity;
using Bit.Core.Models.Api;
using Microsoft.AspNetCore.Authorization;
using Bit.Core.Exceptions;
using Bit.Core.Services;

namespace Bit.Api.Controllers
{
    [Obsolete]
    [Route("auth")]
    public class AuthController : Controller
    {
        private readonly JwtBearerSignInManager _signInManager;
        private readonly IUserService _userService;

        public AuthController(
            JwtBearerSignInManager signInManager,
            IUserService userService)
        {
            _signInManager = signInManager;
            _userService = userService;
        }

        [HttpPost("token")]
        [AllowAnonymous]
        public async Task<AuthTokenResponseModel> PostToken([FromBody]AuthTokenRequestModel model)
        {
            var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash, 
                model.Device?.ToDevice());
            if(result == JwtBearerSignInResult.Success)
            {
                return new AuthTokenResponseModel(result.Token, result.User);
            }
            else if(result == JwtBearerSignInResult.TwoFactorRequired)
            {
                return new AuthTokenResponseModel(result.Token, null);
            }

            await Task.Delay(2000);
            throw new BadRequestException("Username or password is incorrect. Try again.");
        }

        [HttpPost("token/two-factor")]
        [Authorize("TwoFactor")]
        public async Task<AuthTokenResponseModel> PostTokenTwoFactor([FromBody]AuthTokenTwoFactorRequestModel model)
        {
            var user = await _userService.GetUserByPrincipalAsync(User);
            if(user == null)
            {
                throw new UnauthorizedAccessException();
            }

            var result = await _signInManager.TwoFactorSignInAsync(user, model.Provider, model.Code, model.Device?.ToDevice());
            if(result == JwtBearerSignInResult.Success)
            {
                return new AuthTokenResponseModel(result.Token, result.User);
            }

            await Task.Delay(2000);
            throw new BadRequestException("Code is not correct. Try again.");
        }
    }
}
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								using System;
 								using System.Threading.Tasks;
-												Upgrade to ASP.NET Core RC2 release.

											
										
										
											2016-05-19 19:10:24 -04:00
+								using Microsoft.AspNetCore.Mvc;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								using Bit.Core.Identity;
-												move all models into core

											
										
										
											2017-03-08 21:55:08 -05:00
+								using Bit.Core.Models.Api;
-												Upgrade to ASP.NET Core RC2 release.

											
										
										
											2016-05-19 19:10:24 -04:00
+								using Microsoft.AspNetCore.Authorization;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								using Bit.Core.Exceptions;
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								using Bit.Core.Services;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
 								namespace Bit.Api.Controllers
 								{
-												deprecate authcontroller in favor of identity server

											
										
										
											2017-01-20 22:33:55 -05:00
+								    [Obsolete]
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								    [Route("auth")]
 								    public class AuthController : Controller
 								    {
 								        private readonly JwtBearerSignInManager _signInManager;
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								        private readonly IUserService _userService;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
 								        public AuthController(
 								            JwtBearerSignInManager signInManager,
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								            IUserService userService)
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        {
 								            _signInManager = signInManager;
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								            _userService = userService;
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								        }
 								        [HttpPost("token")]
 								        [AllowAnonymous]
 								        public async Task<AuthTokenResponseModel> PostToken([FromBody]AuthTokenRequestModel model)
 								        {
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								            var result = await _signInManager.PasswordSignInAsync(model.Email.ToLower(), model.MasterPasswordHash,
 								                model.Device?.ToDevice());
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            if(result == JwtBearerSignInResult.Success)
 								            {
 								                return new AuthTokenResponseModel(result.Token, result.User);
 								            }
 								            else if(result == JwtBearerSignInResult.TwoFactorRequired)
 								            {
 								                return new AuthTokenResponseModel(result.Token, null);
 								            }
 								            await Task.Delay(2000);
 								            throw new BadRequestException("Username or password is incorrect. Try again.");
 								        }
 								        [HttpPost("token/two-factor")]
 								        [Authorize("TwoFactor")]
 								        public async Task<AuthTokenResponseModel> PostTokenTwoFactor([FromBody]AuthTokenTwoFactorRequestModel model)
 								        {
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								            var user = await _userService.GetUserByPrincipalAsync(User);
-												user null checks for unauthorized

											
										
										
											2017-06-02 13:17:46 -04:00
+								            if(user == null)
 								            {
 								                throw new UnauthorizedAccessException();
 								            }
-												react to contact changes not being set from identity

											
										
										
											2017-01-24 22:46:54 -05:00
+								            var result = await _signInManager.TwoFactorSignInAsync(user, model.Provider, model.Code, model.Device?.ToDevice());
-												initial commit of source

											
										
										
											2015-12-08 22:57:38 -05:00
+								            if(result == JwtBearerSignInResult.Success)
 								            {
 								                return new AuthTokenResponseModel(result.Token, result.User);
 								            }
 								            await Task.Delay(2000);
 								            throw new BadRequestException("Code is not correct. Try again.");
 								        }
 								    }
 								}