private void CreateUserIfNotExists(string email, string password) { try { string insertQuery = @"INSERT INTO users(email, password) VALUES(LOWER(@email), @password)"; NpgsqlCommand cmd = new NpgsqlCommand(insertQuery, DB.connection); cmd.Parameters.AddWithValue("email", email); cmd.Parameters.AddWithValue("password", Hashing.Compute(password)); cmd.ExecuteNonQuery(); } catch (Exception) { throw new Exception(EmailAlreadyExists); } }
public async Task <IActionResult> Post([FromBody] Data data) { try { string email = data.email; string password = data.password; CreateUser.TestEmail(email); string fetchedEmail = ""; string fetchedPasswordHashed = ""; bool verified = false; string fetchQuery = "SELECT email, password, verified FROM users WHERE email = LOWER(@email);"; await using (var cmd = new NpgsqlCommand(fetchQuery, DB.connection)) { cmd.Parameters.AddWithValue("email", email); await using (var reader = await cmd.ExecuteReaderAsync()) { while (await reader.ReadAsync()) { fetchedEmail = (string)reader[0]; fetchedPasswordHashed = (string)reader[1]; verified = (bool)reader[2]; } } } if (fetchedEmail == "") { throw new Exception("The email could not be found"); } if (Hashing.Compute(password) != fetchedPasswordHashed) { throw new Exception("The password was not correct for the given account."); } if (!verified) { throw new Exception("The user has not been verified yet. Try to request a new verification link."); } string token = TokenService.CreateToken(email); return(Ok(new Response("You was succesfully authenticated", token))); } catch (Exception e) { return(BadRequest(new Response(e))); } }
public async Task <IActionResult> Post([FromBody] Data data) { try { await Views.ResetPassword.verifyUserAndCode(data.userId, data.verificationCode, "password_reset_request", "password-reset link"); string fetchedPasswordHashed = ""; string fetchQuery = "SELECT password FROM users WHERE id = @id;"; await using (var cmd = new NpgsqlCommand(fetchQuery, DB.connection)) { cmd.Parameters.AddWithValue("id", data.userId); await using (var reader = await cmd.ExecuteReaderAsync()) { while (await reader.ReadAsync()) { fetchedPasswordHashed = (string)reader[0]; } } } CreateUser.TestPassword2(data.password, data.password2); CreateUser.TestPassword(data.password); string updateVerifiedQuery = @" UPDATE users SET password = @password WHERE id = @userId; DELETE FROM password_reset_request WHERE ""user"" = ( SELECT email FROM users WHERE id = @userId ); "; NpgsqlCommand updateCmd = new NpgsqlCommand(updateVerifiedQuery, DB.connection); updateCmd.Parameters.AddWithValue("password", Hashing.Compute(data.password)); updateCmd.Parameters.AddWithValue("userId", data.userId); updateCmd.ExecuteNonQuery(); return(Ok("Your password was succesfully changed.")); } catch (Exception e) { return(BadRequest(e.Message)); } }