admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Merge pull request 'Implement an API to Generate MPIN' (#84) from Ashutosh_Task#471_Create_MPIN into Issue_Jun_1W_2

Browse Source 
Reviewed-on: #84
This commit is contained in:
Vikas Nale 2025-06-06 07:07:38 +00:00
commit 863a154ec6
3 changed files with 188 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Marco.Pms.Model/Dtos/Authentication/GenerateMPINDto.cs Normal file
View File

@ -0,0 +1,8 @@
namespace Marco.Pms.Model.Dtos.Authentication
{
public class GenerateMPINDto
{
public Guid EmployeeId { get; set; }
public string? MPIN { get; set; }
}
}

144
Marco.Pms.Services/Controllers/AuthController.cs
View File

@ -1,4 +1,6 @@
using System.Net;
using System.Security.Cryptography;
using System.Text;
using Marco.Pms.DataAccess.Data;
using Marco.Pms.Model.Authentication;
using Marco.Pms.Model.Dtos.Authentication;
@ -12,7 +14,6 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using NuGet.Common;
namespace MarcoBMS.Services.Controllers
{
@ -28,9 +29,10 @@ namespace MarcoBMS.Services.Controllers
private readonly IEmailSender _emailSender;
private readonly IConfiguration _configuration;
private readonly EmployeeHelper _employeeHelper;
private readonly ILoggingService _logger;
//string tenentId = "1";
public AuthController(UserManager<ApplicationUser> userManager, ApplicationDbContext context, JwtSettings jwtSettings, RefreshTokenService refreshTokenService,
IEmailSender emailSender, IConfiguration configuration, EmployeeHelper employeeHelper, UserHelper userHelper)
IEmailSender emailSender, IConfiguration configuration, EmployeeHelper employeeHelper, UserHelper userHelper, ILoggingService logger)
{
_userManager = userManager;
_jwtSettings = jwtSettings;
@ -40,6 +42,7 @@ namespace MarcoBMS.Services.Controllers
_employeeHelper = employeeHelper;
_context = context;
_userHelper = userHelper;
_logger = logger;
}
[HttpPost("login")]
@ -133,7 +136,7 @@ namespace MarcoBMS.Services.Controllers
var refreshToken = await _refreshTokenService.CreateRefreshToken(user.Id, emp.TenantId.ToString(), _jwtSettings);
// Generate MPIN Token (custom short-term token)
var mpinToken = await _refreshTokenService.CreateMPINToken(user.Id, emp.TenantId.ToString(), _jwtSettings);
var mpinToken = await _context.MPINDetails.FirstOrDefaultAsync(p => p.UserId == Guid.Parse(user.Id) && p.TenantId == emp.TenantId);
// Combine all tokens in response
var responseData = new
@ -147,7 +150,6 @@ namespace MarcoBMS.Services.Controllers
return Ok(ApiResponse<object>.SuccessResponse(responseData, "User logged in successfully.", 200));
}
[HttpPost("logout")]
public async Task<IActionResult> Logout([FromBody] LogoutDto logoutDto)
{
@ -318,50 +320,148 @@ namespace MarcoBMS.Services.Controllers
return Ok(ApiResponse<object>.SuccessResponse(new { }, "Password reset link sent.", 200));
}
[Authorize]
[HttpPost("change-password")]
public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordDto changePassword)
{
try
{
// Get the currently logged-in user
var loggedUser = await _userHelper.GetCurrentUserAsync();
if (changePassword.Email == null)
// Validate email
if (string.IsNullOrWhiteSpace(changePassword.Email))
{
_logger.LogWarning("Change password attempt failed - Email is missing");
return BadRequest(ApiResponse<object>.ErrorResponse("Email is missing", "Email is missing", 400));
}
ApplicationUser? requestedUser = await _userManager.FindByEmailAsync(changePassword.Email);
bool IsOldPassword = await _userManager.CheckPasswordAsync(requestedUser ?? new ApplicationUser(), changePassword.OldPassword ?? string.Empty);
if (requestedUser != null && loggedUser?.Email == requestedUser?.Email && IsOldPassword)
// Find the user by email
var requestedUser = await _userManager.FindByEmailAsync(changePassword.Email);
if (requestedUser == null)
{
var token = await _userManager.GeneratePasswordResetTokenAsync(requestedUser ?? new ApplicationUser());
_logger.LogWarning("Change password attempt failed - Email not found: {Email}", changePassword.Email);
return BadRequest(ApiResponse<object>.ErrorResponse("Invalid email", "User not found.", 400));
}
var result = await _userManager.ResetPasswordAsync(requestedUser ?? new ApplicationUser(), token, changePassword.NewPassword ?? string.Empty);
// Validate the old password
bool isOldPasswordCorrect = await _userManager.CheckPasswordAsync(requestedUser, changePassword.OldPassword ?? string.Empty);
// Ensure user identity and old password match
if (loggedUser?.Email != requestedUser.Email || !isOldPasswordCorrect)
{
_logger.LogWarning("Change password denied - User {Email} provided incorrect credentials", changePassword.Email);
return BadRequest(ApiResponse<object>.ErrorResponse("Incorrect credentials", "Invalid request.", 400));
}
// Generate reset token and change password
var resetToken = await _userManager.GeneratePasswordResetTokenAsync(requestedUser);
var result = await _userManager.ResetPasswordAsync(requestedUser, resetToken, changePassword.NewPassword ?? string.Empty);
if (!result.Succeeded)
{
var errors = result.Errors.Select(e => e.Description).ToList();
return BadRequest(ApiResponse<object>.ErrorResponse("Failed to Change password", errors, 400));
_logger.LogError("Password reset failed for user {Email}. Errors: {Errors}", changePassword.Email, string.Join("; ", errors));
return BadRequest(ApiResponse<object>.ErrorResponse("Failed to change password", errors, 400));
}
// Send confirmation email
var emp = await _employeeHelper.GetEmployeeByApplicationUserID(requestedUser.Id);
await _emailSender.SendResetPasswordSuccessEmail(requestedUser.Email ?? string.Empty, $"{emp.FirstName} {emp.LastName}");
Employee emp = await _employeeHelper.GetEmployeeByApplicationUserID(loggedUser?.Id ?? string.Empty);
await _emailSender.SendResetPasswordSuccessEmail(loggedUser?.Email ?? string.Empty, emp.FirstName + " " + emp.LastName);
return Ok(ApiResponse<object>.SuccessResponse(result.Succeeded, "Password Changed successfully.", 200));
}
return BadRequest(ApiResponse<object>.ErrorResponse("Incorrect Password and Email", "Invalid request.", 400));
_logger.LogInfo("Password changed successfully for user {Email}", requestedUser.Email ?? string.Empty);
return Ok(ApiResponse<object>.SuccessResponse(true, "Password changed successfully.", 200));
}
catch (Exception exp)
{
_logger.LogError("An unexpected error occurred while changing password : {Error}", exp.Message);
return StatusCode(500, ApiResponse<object>.ErrorResponse("An unexpected error occurred.", exp.Message, 500));
}
}
[Authorize]
[HttpPost("generate-mpin")]
public async Task<IActionResult> GenerateMPIN([FromBody] GenerateMPINDto generateMPINDto)
{
Guid tenantId = _userHelper.GetTenantId();
Employee loggedInEmployee = await _userHelper.GetCurrentEmployeeAsync();
// Get the employee for whom MPIN is being generated
var requestEmployee = await _context.Employees
.Include(e => e.ApplicationUser)
.FirstOrDefaultAsync(e => e.Id == generateMPINDto.EmployeeId && e.TenantId == tenantId);
// Validate employee and MPIN input
if (requestEmployee == null || string.IsNullOrWhiteSpace(generateMPINDto.MPIN))
{
_logger.LogError("Employee {EmployeeId} provided invalid information to generate MPIN", loggedInEmployee.Id);
return BadRequest(ApiResponse<object>.ErrorResponse("Provided invalid information", "Provided invalid information", 400));
}
// Ensure the logged-in user is only generating their own MPIN
if (requestEmployee.Id != loggedInEmployee.Id)
{
_logger.LogWarning("Employee {EmployeeId} tried to set MPIN for a different employee", loggedInEmployee.Id);
return BadRequest(ApiResponse<object>.ErrorResponse("You can't create MPIN for another employee", "Unauthorized MPIN creation", 400));
}
// Generate hash and token
string mpinHash = ComputeSha256Hash(generateMPINDto.MPIN);
string mpinToken = _refreshTokenService.CreateMPINToken(
requestEmployee.ApplicationUserId,
requestEmployee.TenantId.ToString(),
_jwtSettings
);
// Prepare MPIN entity
Guid userId = Guid.Parse(requestEmployee.ApplicationUserId ?? string.Empty);
var existingMPIN = await _context.MPINDetails.FirstOrDefaultAsync(p => p.UserId == userId && p.TenantId == tenantId);
if (existingMPIN == null)
{
// Add new MPIN record
var mPINDetails = new MPINDetails
{
UserId = userId,
MPIN = mpinHash,
MPINToken = mpinToken,
TimeStamp = DateTime.UtcNow,
TenantId = tenantId
};
_context.MPINDetails.Add(mPINDetails);
await _context.SaveChangesAsync();
_logger.LogInfo("MPIN generated successfully for employee {EmployeeId}", requestEmployee.Id);
return Ok(ApiResponse<object>.SuccessResponse(mpinToken, "MPIN generated successfully", 200));
}
else
{
// Update existing MPIN record
existingMPIN.MPIN = mpinHash;
existingMPIN.MPINToken = mpinToken;
existingMPIN.TimeStamp = DateTime.UtcNow;
await _context.SaveChangesAsync();
_logger.LogInfo("MPIN updated successfully for employee {EmployeeId}", requestEmployee.Id);
return Ok(ApiResponse<object>.SuccessResponse(mpinToken, "MPIN updated successfully", 200));
}
}
private static string ComputeSha256Hash(string rawData)
{
using (SHA256 sha256 = SHA256.Create())
{
// Convert the input string to bytes and compute the hash
byte[] bytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(rawData));
// Convert byte array to a readable hex string
StringBuilder builder = new StringBuilder();
foreach (var b in bytes)
builder.Append(b.ToString("x2"));
return builder.ToString();
}
}
}

44
Marco.Pms.Services/Service/RefreshTokenService.cs
View File

@ -98,13 +98,11 @@ namespace MarcoBMS.Services.Service
throw;
}
}
public async Task<string> CreateMPINToken(string userId, string tenantId, JwtSettings jwtSettings)
public string CreateMPINToken(string userId, string tenantId, JwtSettings jwtSettings)
{
try
{
var existingMPIN = await _context.MPINDetails.FirstOrDefaultAsync(p => p.UserId == Guid.Parse(userId) && p.TenantId == Guid.Parse(tenantId));
if (existingMPIN != null)
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, userId),
@ -126,14 +124,8 @@ namespace MarcoBMS.Services.Service
var tokenHandler = new JwtSecurityTokenHandler();
var MPINToken = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor));
existingMPIN.MPINToken = MPINToken;
await _context.SaveChangesAsync();
return MPINToken;
}
return null;
@ -201,5 +193,35 @@ namespace MarcoBMS.Services.Service
return jwtToken?.ValidTo;
}
public ClaimsPrincipal ValidateToken(string token, JwtSettings jwtSettings)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = System.Text.Encoding.ASCII.GetBytes(jwtSettings.Key);
var validationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = true,
ValidIssuer = jwtSettings.Issuer,
ValidateAudience = true,
ValidAudience = jwtSettings.Audience,
ValidateLifetime = false, // Disable lifetime validation (ignores expiration)
ClockSkew = TimeSpan.Zero // Optional: Remove time skew buffer
};
try
{
var principal = tokenHandler.ValidateToken(token, validationParameters, out SecurityToken validatedToken);
return principal;
}
catch (Exception ex)
{
// Token is invalid
Console.WriteLine($"Token validation failed: {ex.Message}");
return null;
}
}
}
}