private bool CheckCredentials(AttemptLoginUserDTO userDTO, AppUser userFromDB)
{
using HMACSHA512 hmac = new HMACSHA512(userFromDB.PasswordSalt);
byte[] hashedPassword = hmac.ComputeHash(Encoding.ASCII.GetBytes(userDTO.Password));
if (hashedPassword.SequenceEqual(userFromDB.PasswordHash))
{
return(true);
}
return(false);
}
public async Task <ActionResult <SuccessLoginUser> > LoginUser([FromBody] AttemptLoginUserDTO user)
{
AppUser userFromDB;
if ((userFromDB = await GetUserByUserName(user)) != null)
{
string token = TokenService.GenerateToken(userFromDB);
if (CheckCredentials(user, userFromDB))
{
return(new SuccessLoginUser()
{
UserName = userFromDB.UserName,
Token = token
});
}
return(BadRequest("WRONG PASSWORD"));
}
return(BadRequest("No user with this username exist"));
}
private async Task <AppUser> GetUserByUserName(AttemptLoginUserDTO credentials)
{
AppUser user = await Context.Users.FirstOrDefaultAsync(u => u.UserName.Equals(credentials.UserName));
return(user);
}
