public IActionResult Login(LoginRequest request)
{
var student = new Student();
using var con = new SqlConnection(ConnectionString);
using (var com = new SqlCommand())
{
com.Connection = con;
var salt = String.Empty;
var password = String.Empty;
com.CommandText = "Select IndexNumber, FirstName Password, Salt From Student Where IndexNumber = @login";
com.Parameters.AddWithValue("login", request.Login);
con.Open();
var dr = com.ExecuteReader();
if (!dr.Read())
{
return(NotFound("Student was not found."));
}
student.IndexNumber = dr["IndexNumber"].ToString();
student.FirstName = dr["FirstName"].ToString();
password = dr["Password"].ToString();
salt = dr["Salt"].ToString();
var passToCompare = HashPasswordGenerator.HashPasswordGen(request.Password, salt);
if (!password.Equals(passToCompare))
{
return(BadRequest("Wrong login or password"));
}
dr.Close();
var userclaim = new[]
{
new Claim(ClaimTypes.NameIdentifier, student.IndexNumber),
new Claim(ClaimTypes.Name, student.FirstName),
new Claim(ClaimTypes.Role, "Student"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "Gakko",
audience: "Students",
claims: userclaim,
expires: DateTime.Now.AddMinutes(1),
signingCredentials: creds
);
student.RefreshToken = Guid.NewGuid().ToString();
student.RefreshTokenExpirationDate = DateTime.Now.AddDays(1);
com.CommandText = "Update Student set RefreshToken = @RefreshToken and RefreshTokenExpirationDate = @ExpDate";
com.Parameters.AddWithValue("RefreshToken", student.RefreshToken);
com.Parameters.AddWithValue("ExpDate", student.RefreshTokenExpirationDate);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = student.RefreshToken
}));
}
}
public EnrollStudentResponse EnrollStudent(EnrollStudentRequest request)
{
var response = new EnrollStudentResponse();
using (var con = new SqlConnection(ConnectionString))
{
using (var com = new SqlCommand())
{
com.Connection = con;
com.CommandText = "Select * From Studies Where Name = @Name";
com.Parameters.AddWithValue("Name", request.Studies);
con.Open();
var trans = con.BeginTransaction();
com.Transaction = trans;
var dr = com.ExecuteReader();
if (!dr.Read())
{
dr.Close();
trans.Rollback();
return(null);
}
int idStudy = (int)dr["IdStudy"];
dr.Close();
com.CommandText = "Select * From Enrollment Where Semester = 1 And IdStudy = @idStudy";
int IdEnrollment = (int)dr["IdEnrollemnt"] + 1;
com.Parameters.AddWithValue("IdStudy", idStudy);
dr = com.ExecuteReader();
if (dr.Read())
{
dr.Close();
com.CommandText = "Select MAX(idEnrollment) as 'idEnrollment' From Enrollment";
dr = com.ExecuteReader();
dr.Close();
DateTime StartDate = DateTime.Now;
com.CommandText = "Insert Into Enrollment(IdEnrollment, Semester, IdStudy, StartDate, Password) Values (@IdEnrollemnt, 1, @IdStudy, @StartDate, @Password)";
com.Parameters.AddWithValue("IdEnrollemnt", IdEnrollment);
com.Parameters.AddWithValue("StartDate", StartDate);
com.ExecuteNonQuery();
}
dr.Close();
com.CommandText = "Select * From Student Where IndexNumber=@IndexNumber";
com.Parameters.AddWithValue("IndexNumber", request.IndexNumber);
dr = com.ExecuteReader();
if (!dr.Read())
{
var salt = SaltGenerator.SaltGen();
dr.Close();
com.CommandText = "Insert Into Student(IndexNumber, FirstName, LastName, Birthdate, IdEnrollment, Password, Salt) Value (@IndexNumber, @FirstName, @LastName, @BirthDate, @IdEnrollment, @Password, @Salt)";
com.Parameters.AddWithValue("FirstName", request.FirstName);
com.Parameters.AddWithValue("LastName", request.LastName);
com.Parameters.AddWithValue("BirthDate", request.BirthDate);
com.Parameters.AddWithValue("IdEnrollment", IdEnrollment);
com.Parameters.AddWithValue("Password", HashPasswordGenerator.HashPasswordGen(request.Password, salt));
com.Parameters.AddWithValue("Salt", salt);
com.ExecuteNonQuery();
dr.Close();
response.Semester = 1;
}
else
{
dr.Close();
trans.Rollback();
throw new Exception("Student with such index number already exists");
}
trans.Commit();
}
}
return(response);
}
