public IActionResult AddUser([FromBody] UserForCreationDto newUser)
        {
            if (newUser == null)
            {
                return(BadRequest("unserializable"));
            }

            var validator            = new UserForCreationDtoValidator();
            ValidationResult results = validator.Validate(newUser);

            if (!results.IsValid)
            {
                return(BadRequest(results));
            }

            if (_immersiveRepo.UsernameExists(newUser.Username))
            {
                return(BadRequest("this username already exists"));
            }

            newUser.Salt     = _passHasher.GenerateSalt();
            newUser.PassHash = _passHasher.HashPassword(newUser.Password, newUser.Salt);


            User toWriteUser = Mapper.Map <User>(newUser);

            _immersiveRepo.AddUser(toWriteUser);

            return(NoContent());
        }
Exemple #2
0
        public async Task <IActionResult> Login([FromBody] UserForLoginDto user)
        {
            if (user == null)
            {
                return(BadRequest("the data was unreadable"));
            }
            if (!_imersiveRepo.UsernameExists(user.Username))
            {
                return(BadRequest("this user does not exist in the database"));
            }
            var userFromDb = _imersiveRepo.GetUser(user.Username);
            var passHash   = _passHasher.HashPassword(user.Password, userFromDb.Salt);

            if (userFromDb.PassHash.Equals(passHash))
            {
                var claims = new List <Claim>
                {
                    new Claim(ClaimTypes.Name, user.Username)
                };

                var             userIdentity = new ClaimsIdentity(claims, "login");
                ClaimsPrincipal principal    = new ClaimsPrincipal(userIdentity);

                await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);

                return(Ok(Mapper.Map <UserDto>(userFromDb)));
            }
            return(Unauthorized());
        }