Beispiel #1
0
    public IActionResult /*UserViewData*/ Login([FromBody] LoginData login_data)
    {
        var item = _context.User.FirstOrDefault(t => t.Username == login_data.Username || t.Email == login_data.Email);

        if (item != null)
        {
            var last_login_attempt = item.LastLoginAttempt;
            item.LastLoginAttempt = DateTime.Now;
            _context.Update(item);
            _context.SaveChanges();
            if (login_data.Password != null && (last_login_attempt != null || (DateTime.Now - last_login_attempt).TotalSeconds > 3))
            {
                if (PasswordHasher.CheckHash(login_data.Password, new PasswordAndSalt()
                {
                    PasswordHash = item.PasswordHash, PasswordSalt = item.PasswordSalt
                }))
                {
                    HttpContext.Login <LoggableEntities, User>(env, _context, "User", item, new LoggableEntities()
                    {
                        User = item
                    });

                    return(Ok(UserViewData.FromUser(item)));
                }
            }
        }
        return(Unauthorized());
    }
    public IActionResult Update([FromBody] American item)
    {
        var session       = HttpContext.Get <LoggableEntities>(_context);
        var current_User  = session == null ? null : session.User;
        var current_Admin = session == null ? null : session.Admin;
        var allowed_items = ApiTokenValid ? _context.American : _context.American;

        if (!allowed_items.Any(i => i.Id == item.Id))
        {
            return(Unauthorized());
        }
        var new_item = item;

        var can_edit_by_token = ApiTokenValid || true;

        if (item == null || !can_edit_by_token)
        {
            return(Unauthorized());
        }
        // throw new Exception("Unauthorized edit attempt");
        _context.Update(new_item);
        _context.Entry(new_item).Property(x => x.CreatedDate).IsModified = false;
        _context.SaveChanges();
        return(Ok());
    }