public async Task <IActionResult> LoginUser([FromBody] Login body)
{
// email should always be lower case
var lowerEmail = body.Email.ToLower();
// Establish database connection
await Db.Connection.OpenAsync();
UserQuerry loginUser = new UserQuerry(Db);
User user = await loginUser.GetUserByEmail(lowerEmail);
LoginsessionQuerry sessions = new LoginsessionQuerry(Db);
if (user != null)
{
if (user.Verified == "true")
{
if (BCryptHelper.CheckPassword(body.Password, user.Password)) //body.Password has to be hashed with
{
// generate authentication token (create global unique identifier and base64 encode it)
string generatedToken = Helpers.SecureRandomNumber();
// check if there is a session
// delete rows with that user_id
// insert new one
Loginsession session = await sessions.FindOneByUserId(user.Id);
if (session != null)
{
await session.DeleteAsync();
}
sessions.InsertLoginTable(user.Id, generatedToken);
Db.Dispose();
return(new OkObjectResult(generatedToken));
}
else
{
Db.Dispose();
return(new UnauthorizedObjectResult("Login incorrect"));
}
}
else
{
Db.Dispose();
return(new StatusCodeResult(412));
}
}
// return error code if above fails
Db.Dispose();
return(new BadRequestObjectResult("User not found"));
}
public async Task <User> CheckAuth(string token)
{
LoginsessionQuerry logins = new LoginsessionQuerry(Db);
Loginsession login = await logins.GetUserIdByToken(token);
if (login != null)
{
UserQuerry users = new UserQuerry(Db);
User user = await users.FindOneAsync(login.user_id);
return(user);
}
return(null);
}
public async Task <IActionResult> LogoutGet([FromHeader][Required()] string token)
{
// check if user is logged in
await Db.Connection.OpenAsync();
AuthenticationHandler auth = new AuthenticationHandler(Db);
var authToken = auth.CheckAuth(token);
if (authToken.Result != null)
{
// if user is logged in
// End that session
LoginsessionQuerry sessions = new LoginsessionQuerry(Db);
Loginsession session = await sessions.FindOneByUserId(authToken.Result.Id);
await session.DeleteAsync();
Db.Dispose();
return(StatusCode(200));
}
Db.Dispose();
return(StatusCode(500));
}
