[AllowAnonymous]
[HttpPost]
public ActionResult Login(FormCollection formCollection)
{
if (IsSameBrowserLogIn())
{
AddToastMessage("", $"Already logged in with {Sessions.Name.UserName}, to login with other user please logout from current user.", ToastType.Error);
return View();
}
var userName = formCollection["UserName"];
var password = formCollection["Password"];
var keepLogin = formCollection["keepLogin"];
bool keepLoginSession;
keepLoginSession = keepLogin == "on";
if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password))
{
AddToastMessage("", "Please enter valid username and password", ToastType.Error);
return View();
}
var appUserInfo = _accountService.GetAppUserInfoByUserID(userName);
bool passwordMatch = BCrypt.Net.BCrypt.Verify(password, appUserInfo.password);
if (appUserInfo != null && passwordMatch)
{
// Jwt Authentication code
if (appUserInfo != null)
{
string encryptedPwd = password;
var userPassword = appUserInfo.password;
var username = appUserInfo.user_emp_code;
if (encryptedPwd.Equals(userPassword) && username.Equals(userName))
{
var role = appUserInfo.user_type_name;
var jwtToken = Authentication.GenerateJWTAuthetication(userName, role);
var validUserName = Authentication.ValidateToken(jwtToken);
if (string.IsNullOrEmpty(validUserName))
{
AddToastMessage("", "Unauthorized login attempt ", ToastType.Error);
return View();
}
}
}
if (appUserInfo != null && appUserInfo.is_active == true)
{
InitializeSession(appUserInfo, keepLoginSession);
ResetFailedAttempts(appUserInfo);
AddToastMessage("", "Login Successfully", ToastType.Success);
return RedirectToAction("Index", "DashBoard");
}
else if (appUserInfo != null && appUserInfo.is_active == false)
{
AddToastMessage("", "This user is currently inactive", ToastType.Warning);
return View();
}
else
{
var userInfo = _accountService.GetApplicationUserByEmpCode(userName);
if (userInfo != null)
{
IncrementFailedAttempts(userInfo);
if (userInfo.FailedAttempt >= 5)
{
LockUserAccount(userInfo);
AddToastMessage("",
"Your account has been locked due to too many failed login attempts. Please contact an administrator to reactivate your account.",
ToastType.Error);
return View();
}
}
AddToastMessage("", "Invalid User ID or Password", ToastType.Error);
return View();
}
}
else
{
AddToastMessage("", "Invalid User ID or Password", ToastType.Error);
return View();
}
}
private void InitializeSession(ApplicationUser appUserInfo, bool keepLoginSession)
{
var httpSession = Session;
if (Sessions.Name == null)
{
Sessions.Name = new SessionInfo();
}
Sessions.Name.UserId = appUserInfo.user_emp_code;
Sessions.Name.UserName = appUserInfo.user_emp_name;
Sessions.Name.UserTypeId = appUserInfo.user_type_id;
Sessions.Name.SessionStart = DateTime.Now;
Sessions.Name.KeepLogin = keepLoginSession;
Sessions.Name.SessionKey = httpSession.SessionID;
}
private void ResetFailedAttempts(ApplicationUser appUserInfo)
{
appUserInfo.FailedAttempt = 0;
_accountService.UpdateAppUser(appUserInfo);
_accountService.SaveAppUser();
}
private void IncrementFailedAttempts(ApplicationUser userInfo)
{
userInfo.FailedAttempt++;
_accountService.UpdateAppUser(userInfo);
}
private void LockUserAccount(ApplicationUser userInfo)
{
userInfo.is_active = false;
_accountService.UpdateAppUser(userInfo);
_accountService.SaveAppUser();
}
private bool IsSameBrowserLogIn()
{
var data = Session;
if (Session != null && Sessions.Name != null && data.SessionID == Sessions.Name.SessionKey)
{
return true;
}
else
{
return false;
}
}