public IActionResult Login(Login login) { IActionResult result = Unauthorized(); if (!ModelState.IsValid) { result = BadRequest(); } else if (login == null) { result = BadRequest(); } else { login.Username = DbTools.SanitizeString(login.Username); if (login.Provider != null && socialAuth.getCheckAuth(login.Provider, login.Password, login.ID)) { if ((login.Username = userRepository.GetByEmail(login.Username)?.Nickname) != null) { result = Ok(new { Token = new TokenFactory(login, configProvider).GetTokenString() }); } else { result = BadRequest(); } } else if (login.Provider == null) { login.Password = DbTools.SanitizeString(login.Password); bool authValid = userRepository.CheckCredentials(login.Username, login.Password); //TODO: Add error: please verify your account if (authValid && (userRepository.CheckVerifyByNickname(login.Username) || userRepository.CheckVerifyByEmail(login.Username))) { result = Ok(new { Token = new TokenFactory(login, configProvider).GetTokenString() }); } } } return(result); }
public IActionResult Post(UserRegistration user) { IActionResult result = BadRequest(); // TODO: send the proper explanation for bad-request. user.Nickname = DbTools.SanitizeString(user.Nickname); user.Email = DbTools.SanitizeString(user.Email); if (ModelState.IsValid && !userRepository.IfNicknameExists(user.Nickname) && !userRepository.IfEmailExists(user.Email)) { user.Password = DbTools.SanitizeString(user.Password); if (user.Provider != null && socialAuth.getCheckAuth(user.Provider, user.Password, user.Nickname)) { if (user.Password.Length > 300) { user.Password = user.Password.Substring(0, 300); } result = Ok(userRepository.Create(user)); } else if (user.Provider == null) { var verify = new Verification(); verify.Email = user.Email; verify.Token = Guid.NewGuid().ToString(); user.Email = verify.Token; verify.EndVerifyDate = DateTime.Now.AddDays(3); userRepository.Create(verify); cleaner.TryToStart(); smtpClient.SendMail(verify.Email, "Register confirmation", "", verify.Token); result = Ok(userRepository.Create(user)); } } return(result); }