public IActionResult Login(LoginModel user)
        {
            try
            {
                UserModel dbUser = _db.GetUser(user.EmailAddress);

                PasswordHashModel passwordHash = new();
                passwordHash.FromDbString(dbUser.PasswordHash);

                (bool IsPasswordCorrect, _) = HashAndSalter.PasswordEqualsHash(user.Password, passwordHash);

                if (IsPasswordCorrect)
                {
                    LogInUser(dbUser);

                    return(RedirectToAction(nameof(Home)));
                }
                else
                {
                    return(View());
                }
            }
            catch
            {
                return(View());
            }
        }
        public IActionResult EditAccount(EditUserViewModel updatedUser)
        {
            // 1) Make sure email isn't taken
            List <UserModel> allUsers     = _db.GetAllUsers();
            UserModel        loggedInUser = this.GetLoggedInUserByEmail(_db);

            if (IsValidEmailAddress(updatedUser.EmailAddress) == false ||
                allUsers.Any(x => x.EmailAddress == updatedUser.EmailAddress && updatedUser.EmailAddress != loggedInUser.EmailAddress))
            {
                ViewData["EditMessage"] = "That email address is taken"; // todo: refactor this viewdata message system
                return(View(loggedInUser.DbUserToEditView()));
            }

            if (string.IsNullOrWhiteSpace(updatedUser.NewPassword) == false)
            {
                // 2) Make sure old password is correct
                PasswordHashModel passwordHash = new();
                passwordHash.FromDbString(loggedInUser.PasswordHash);

                (bool IsPasswordCorrect, _) = HashAndSalter.PasswordEqualsHash(updatedUser.OldPassword, passwordHash);

                if (IsPasswordCorrect)
                {
                    loggedInUser.FirstName    = updatedUser.FirstName;
                    loggedInUser.LastName     = updatedUser.LastName;
                    loggedInUser.EmailAddress = updatedUser.EmailAddress;
                    loggedInUser.PasswordHash = HashAndSalter.HashAndSalt(updatedUser.NewPassword).ToDbString();
                    _db.UpdateUser(loggedInUser);

                    LogInUser(loggedInUser);

                    loggedInUser.EmailAddress = "";
                    loggedInUser.PasswordHash = "";
                    return(RedirectToAction(nameof(OrganizationController.OrganizationHome), "Organization"));
                }
                else
                {
                    return(View(loggedInUser.DbUserToEditView()));
                }
            }
            else
            {
                // No password change
                loggedInUser.FirstName    = updatedUser.FirstName;
                loggedInUser.LastName     = updatedUser.LastName;
                loggedInUser.EmailAddress = updatedUser.EmailAddress;
                _db.UpdateUser(loggedInUser);

                LogInUser(loggedInUser);

                return(RedirectToAction(nameof(OrganizationController.OrganizationHome), "Organization"));
            }
        }
        public UserModel GetUser(string emailAddress, string password)
        {
            UserModel user = GetUser(emailAddress);

            PasswordHashModel passwordHash = new();

            passwordHash.FromDbString(user.PasswordHash);
            (bool IsPasswordCorrect, _) = HashAndSalter.PasswordEqualsHash(password, passwordHash);

            if (user == null || IsPasswordCorrect == false)
            {
                return(null);
            }
            return(user);
        }