public AuthService(IUserRepository userRepository, IConfiguration configuration, IOrganizationRepository organizationRepository, IRefreshTokenRepository refreshTokenRepository, IPasswordResetTokenRepository passwordResetTokenRepository, IEmailService emailService, IEmailTemplateService emailTemplateService, IOrganisationUserRepository organisationUserRepository)

Parameters

Type	Name	Description
IUserRepository	userRepository	Repository for user operations
IConfiguration	configuration	Application configuration access
IOrganizationRepository	organizationRepository	Repository for organization operations
IRefreshTokenRepository	refreshTokenRepository	Repository for refresh token operations
IPasswordResetTokenRepository	passwordResetTokenRepository
IEmailService	emailService
IEmailTemplateService	emailTemplateService
IOrganisationUserRepository	organisationUserRepository

Exceptions

Type	Condition
InvalidOperationException	Thrown when password pepper is not configured

Methods

ConfirmPasswordResetAsync(string, string)

Confirms a password reset and sets a new password

Declaration

public Task<AuthResultDto> ConfirmPasswordResetAsync(string token, string newPassword)

Parameters

Type	Name	Description
string	token	Password reset token
string	newPassword	New password to set

Returns

Type	Description
Task<AuthResultDto>	Authentication result indicating success or failure

ExtractDomainFromEmail(string)

Declaration

public string? ExtractDomainFromEmail(string email)

Parameters

Type	Name	Description
string	email

Returns

Type	Description
string

GenerateJwtToken(User, bool)

Generates a JWT token for a user with claims for ID, username, and email.

Declaration

public Task<string> GenerateJwtToken(User user, bool rememberMe = false)

Parameters

Type	Name	Description
User	user	The user for whom to generate the token
bool	rememberMe	Whether to create a long-lived token

Returns

Type	Description
Task<string>	JWT token string

GenerateJwtTokenForOrganization(User, OrganizationUser, bool)

Declaration

public string GenerateJwtTokenForOrganization(User user, OrganizationUser orgUser, bool rememberMe = false)

Parameters

Type	Name	Description
User	user
OrganizationUser	orgUser
bool	rememberMe

Returns

Type	Description
string

GenerateTokenForOrganizationAsync(Guid, Guid)

Declaration

public Task<AuthResultDto> GenerateTokenForOrganizationAsync(Guid userId, Guid organizationId)

Parameters

Type	Name	Description
Guid	userId
Guid	organizationId

Returns

Type	Description
Task<AuthResultDto>

HasAllowedDomain(string, List<string>)

Checks if an email address belongs to one of the allowed domains.

Declaration

public bool HasAllowedDomain(string email, List<string> allowedDomains)

Parameters

Type	Name	Description
string	email	The email address to check
List<string>	allowedDomains	List of allowed domain names

Returns

Type	Description
bool	True if the email domain is allowed, otherwise false

HashPassword(string)

Hashes a password using a secure SHA-256 algorithm with salt and pepper.

Declaration

public (string passwordHash, string salt) HashPassword(string password)

Parameters

Type	Name	Description
string	password	The plain text password to hash

Returns

Type	Description
(string passwordHash, string salt)	Tuple containing the password hash and salt

InitiatePasswordResetAsync(string, string?)

Initiates a password reset process by creating a token and sending an email

Declaration

public Task<bool> InitiatePasswordResetAsync(string email, string? requestIp = null)

Parameters

Type	Name	Description
string	email	Email address of the user requesting password reset
string	requestIp	IP address from which the request was made

Returns

Type	Description
Task<bool>	True if the reset email was sent, false otherwise

IsValidPassword(string)

Validates whether a password meets the security requirements.

Declaration

public bool IsValidPassword(string password)

Parameters

Type	Name	Description
string	password	The password to validate

Returns

Type	Description
bool	True if the password meets all requirements, otherwise false

Remarks

Password requirements:

Minimum 8 characters
Contains at least one uppercase letter
Contains at least one lowercase letter
Contains at least one digit
Contains at least one special character

LoginAsync(LoginRequestDto)

Authenticates a user based on username/email and password.

Declaration

public Task<AuthResultDto> LoginAsync(LoginRequestDto model)

Parameters

Type	Name	Description
LoginRequestDto	model	Login credentials containing username/email and password

Returns

Type	Description
Task<AuthResultDto>	Authentication result with JWT token and refresh token if successful, or error details if authentication fails

LogoutAsync(HttpContext)

Logs out a user by invalidating their tokens.

Declaration

public Task LogoutAsync(HttpContext httpContext)

Parameters

Type	Name	Description
HttpContext	httpContext	HTTP context for the current request

Returns

Type	Description
Task	Async task representing the logout operation

RefreshTokenAsync(User, string)

Refreshes an expired JWT token using a valid refresh token.

Declaration

public Task<AuthResultDto> RefreshTokenAsync(User user, string refreshToken)

Parameters

Type	Name	Description
User	user	The user requesting a token refresh
string	refreshToken	The refresh token to validate

Returns

Type	Description
Task<AuthResultDto>	New authentication result with updated JWT and refresh tokens if successful

RegisterUserAsync(RegisterRequestDto)

Registers a new user in the system with validation for email domain, username uniqueness, and password strength requirements.

Declaration

public Task<AuthResultDto> RegisterUserAsync(RegisterRequestDto model)

Parameters

Type	Name	Description
RegisterRequestDto	model	Registration details including username, email, and password

Returns

Type	Description
Task<AuthResultDto>	Authentication result containing JWT token and refresh token if successful, or error details if registration fails

ValidatePasswordResetTokenAsync(string)

Validates a password reset token

Declaration

public Task<bool> ValidatePasswordResetTokenAsync(string token)

Parameters

Type	Name	Description
string	token	Token to validate

Returns

Type	Description
Task<bool>	True if token is valid and not expired, false otherwise

ValidatePasswordResetTokenWithBrandingAsync(string)

Validates a password reset token and returns organization branding information

Declaration

public Task<PasswordResetValidationResult> ValidatePasswordResetTokenWithBrandingAsync(string token)

Parameters

Type	Name	Description
string	token	Token to validate

Returns

Type	Description
Task<PasswordResetValidationResult>	Validation result with organization branding data

ValidateTokenAsync(string)

Validates a JWT token for authenticity, expiration, and user status.

Declaration

public Task<bool> ValidateTokenAsync(string token)

Parameters

Type	Name	Description
string	token	The JWT token to validate

Returns

Type	Description
Task<bool>	True if the token is valid and the user is active, otherwise false

VerifyPassword(string, string, string)

Verifies a password against a stored hash and salt.

Declaration

public bool VerifyPassword(string password, string storedHash, string storedSalt)

Parameters

Type	Name	Description
string	password	The plain text password to verify
string	storedHash	The previously stored password hash
string	storedSalt	The previously stored salt used for hashing

Returns

Type	Description
bool	True if the password matches, otherwise false

Implements

IAuthService