public async Task <IActionResult> Signup([FromBody] UserResource userRsc)
{
if (userRsc == null)
{
return(BadRequest("Invalid request"));
}
var suValidation = await suValidator.IsValidAsync(userRsc);
if (!suValidation.Success)
{
return(BadRequest(suValidation.ErrorMessage));
}
User newUser = this.mapper.Map <UserResource, User>(userRsc);
var salt = HashGenerator.GenerateSaltBytes();
var hash = HashGenerator.GenerateSaltedHash(HashGenerator.EncodedStringToByteArray(userRsc.Password), salt);
newUser.Salt = HashGenerator.ByteArrayToString(salt);
newUser.Password = HashGenerator.ByteArrayToString(hash);
userRepo.Create(newUser);
uow.Complete();
return(Ok());
}
public async Task <IActionResult> Login([FromBody] UserResource userRsc)
{
if (userRsc == null)
{
return(BadRequest("Invalid client request"));
}
var dbUser = (await this.userRepo.GetAll()).FirstOrDefault(a => a.Name == userRsc.Name);
if (dbUser == null)
{
return(BadRequest("Username not found:" + userRsc.Name));
}
var userSalt = HashGenerator.StringToByteArray(dbUser.Salt);
var hashPwd = HashGenerator.GenerateSaltedHash(HashGenerator.EncodedStringToByteArray(userRsc.Password), userSalt);
if (HashGenerator.Compare(hashPwd, HashGenerator.StringToByteArray(dbUser.Password)))
{
return(Ok(new { Token = this.tokenGenetator.Generate(dbUser) }));
}
else
{
return(Unauthorized());
}
}
public async Task <TokenResponse> RegisterAsync(RegistrationRequest registrationRequest)
{
if (await AccountRepository.ExistsWithEmailAsync(registrationRequest.Email))
{
return(TokenResponse.Unauthorized());
}
var passwordHash = await HashGenerator.GenerateSaltedHash(registrationRequest.Password);
var account = new Account
{
Id = Guid.NewGuid(),
Email = registrationRequest.Email,
FullName = registrationRequest.FullName,
RoleId = (int)UserRole.User,
PasswordHash = passwordHash
};
await AccountRepository.CreateAsync(account);
await AccountRepository.SaveChangesAsync();
var token = JwtGenerator.GenerateToken(account.Id);
return(TokenResponse.Success(token));
}
public async Task <TokenResponse> LogInAsync(AuthenticationRequest authenticationRequest)
{
var account = await AccountRepository.GetWithEmailAsync(authenticationRequest.Email);
if (account != null)
{
var passwordHash = await HashGenerator.GenerateSaltedHash(authenticationRequest.Password);
if (passwordHash.SequenceEqual(account.PasswordHash))
{
var role = (UserRole)account.RoleId;
var token = JwtGenerator.GenerateToken(account.Id, role);
return(TokenResponse.Success(token));
}
}
return(TokenResponse.Unauthorized());
}
