/// <summary>
/// Finds a user based on the login form object. If 'username or email' contains an '@' symbol, check email. Otherwise check username.
/// Symbols are not allowed in the username. IdentityBasedHasher is used to verify.
/// </summary>
/// <param name="lfo">Form object from the login form</param>
/// <param name="modelState">Current ModelState from the controller</param>
/// <returns>User if email/username and password are verified.</returns>
public async Task <User> GetUser(LoginFormObject lfo, ModelStateDictionary modelState)
{
User user;
using (var db = _conn.Open())
{
if (lfo.UsernameOrEmail.Contains("@"))
{
user = (await db.LoadSelectAsync <User>(u => u.Email == lfo.UsernameOrEmail)).FirstOrDefault();
}
else
{
user = (await db.LoadSelectAsync <User>(u => u.UserName == lfo.UsernameOrEmail)).FirstOrDefault();
}
if (user == null)
{
modelState.AddModelError("UsernameOrEmail", "User not found.");
return(null);
}
var valid = IdentityBasedHasher.VerifyHashedPassword(user.Password, lfo.Password);
if (!valid)
{
modelState.AddModelError("Password", "Password is incorrect");
return(null);
}
return(user);
}
}
/// <summary>
/// Creates a new user from the registration form. Hashes the password and inserts into the database.
/// </summary>
/// <param name="rfo">Form object from the registration form</param>
/// <returns>Returns created user</returns>
public async Task <User> CreateUser(RegisterFormObject rfo)
{
rfo.Password = IdentityBasedHasher.HashPassword(rfo.Password).ToHashString();
var user = rfo.ToUser();
using (var db = _conn.Open())
{
var userId = await db.InsertAsync(user);
user.Id = (int)userId;
}
return(user);
}
