/// <summary> /// Finds a user based on the login form object. If 'username or email' contains an '@' symbol, check email. Otherwise check username. /// Symbols are not allowed in the username. IdentityBasedHasher is used to verify. /// </summary> /// <param name="lfo">Form object from the login form</param> /// <param name="modelState">Current ModelState from the controller</param> /// <returns>User if email/username and password are verified.</returns> public async Task <User> GetUser(LoginFormObject lfo, ModelStateDictionary modelState) { User user; using (var db = _conn.Open()) { if (lfo.UsernameOrEmail.Contains("@")) { user = (await db.LoadSelectAsync <User>(u => u.Email == lfo.UsernameOrEmail)).FirstOrDefault(); } else { user = (await db.LoadSelectAsync <User>(u => u.UserName == lfo.UsernameOrEmail)).FirstOrDefault(); } if (user == null) { modelState.AddModelError("UsernameOrEmail", "User not found."); return(null); } var valid = IdentityBasedHasher.VerifyHashedPassword(user.Password, lfo.Password); if (!valid) { modelState.AddModelError("Password", "Password is incorrect"); return(null); } return(user); } }
/// <summary> /// Creates a new user from the registration form. Hashes the password and inserts into the database. /// </summary> /// <param name="rfo">Form object from the registration form</param> /// <returns>Returns created user</returns> public async Task <User> CreateUser(RegisterFormObject rfo) { rfo.Password = IdentityBasedHasher.HashPassword(rfo.Password).ToHashString(); var user = rfo.ToUser(); using (var db = _conn.Open()) { var userId = await db.InsertAsync(user); user.Id = (int)userId; } return(user); }