private void CreateUserIfNotExists(string email, string password)
{
try {
string insertQuery = @"INSERT INTO users(email, password) VALUES(LOWER(@email), @password)";
NpgsqlCommand cmd = new NpgsqlCommand(insertQuery, DB.connection);
cmd.Parameters.AddWithValue("email", email);
cmd.Parameters.AddWithValue("password", Hashing.Compute(password));
cmd.ExecuteNonQuery();
} catch (Exception) {
throw new Exception(EmailAlreadyExists);
}
}
public async Task <IActionResult> Post([FromBody] Data data)
{
try {
string email = data.email;
string password = data.password;
CreateUser.TestEmail(email);
string fetchedEmail = "";
string fetchedPasswordHashed = "";
bool verified = false;
string fetchQuery = "SELECT email, password, verified FROM users WHERE email = LOWER(@email);";
await using (var cmd = new NpgsqlCommand(fetchQuery, DB.connection)) {
cmd.Parameters.AddWithValue("email", email);
await using (var reader = await cmd.ExecuteReaderAsync()) {
while (await reader.ReadAsync())
{
fetchedEmail = (string)reader[0];
fetchedPasswordHashed = (string)reader[1];
verified = (bool)reader[2];
}
}
}
if (fetchedEmail == "")
{
throw new Exception("The email could not be found");
}
if (Hashing.Compute(password) != fetchedPasswordHashed)
{
throw new Exception("The password was not correct for the given account.");
}
if (!verified)
{
throw new Exception("The user has not been verified yet. Try to request a new verification link.");
}
string token = TokenService.CreateToken(email);
return(Ok(new Response("You was succesfully authenticated", token)));
} catch (Exception e) {
return(BadRequest(new Response(e)));
}
}
public async Task <IActionResult> Post([FromBody] Data data)
{
try {
await Views.ResetPassword.verifyUserAndCode(data.userId, data.verificationCode, "password_reset_request", "password-reset link");
string fetchedPasswordHashed = "";
string fetchQuery = "SELECT password FROM users WHERE id = @id;";
await using (var cmd = new NpgsqlCommand(fetchQuery, DB.connection)) {
cmd.Parameters.AddWithValue("id", data.userId);
await using (var reader = await cmd.ExecuteReaderAsync()) {
while (await reader.ReadAsync())
{
fetchedPasswordHashed = (string)reader[0];
}
}
}
CreateUser.TestPassword2(data.password, data.password2);
CreateUser.TestPassword(data.password);
string updateVerifiedQuery = @"
UPDATE users SET password = @password WHERE id = @userId;
DELETE FROM password_reset_request WHERE ""user"" = (
SELECT email FROM users WHERE id = @userId
);
";
NpgsqlCommand updateCmd = new NpgsqlCommand(updateVerifiedQuery, DB.connection);
updateCmd.Parameters.AddWithValue("password", Hashing.Compute(data.password));
updateCmd.Parameters.AddWithValue("userId", data.userId);
updateCmd.ExecuteNonQuery();
return(Ok("Your password was succesfully changed."));
} catch (Exception e) {
return(BadRequest(e.Message));
}
}
