public async Task <IActionResult> Login([FromBody] ApiV1LoginRequestModel model) { if (model != null && ModelState.IsValid) { logger.LogDebug($"Attempting to login user with email {model.EMail}."); try { var error = new ApiV1ErrorResponseModel("The combination of password an username is wrong or the user does not exist at all."); // Throw bad request if a user is logged-in already if (loginService.IsLoggedIn()) { return(BadRequest(new ApiV1ErrorResponseModel("Cannot login twice. Please logout first."))); } // Try to get user from database var user = await userService.GetByEMailAsync(model.EMail); // Check if user exists. // If the user does not exist, we return 403 to not reveal that it does not exist if (user == null) { logger.LogWarning($"Error while logging in user with email {model.EMail}. The user does not exist."); return(StatusCode(403, error)); } // Check if password is correct if (passwordService.CheckPassword(model.Password, user.Password)) { loginService.Login(user.Id); logger.LogInformation($"Successfully logged in user with email {model.EMail}."); return(Ok(new { user.Id, user.FirstName, user.LastName, user.Email, user.IsAdmin })); } else { logger.LogWarning($"Error while logging in user with email {model.EMail}: The password is incorrect."); return(StatusCode(403, error)); } } catch (Exception ex) { logger.LogError(ex, $"Error while logging in: {ex.Message}"); return(StatusCode(500, new ApiV1ErrorResponseModel("Error while handling request."))); } } else { logger.LogWarning($"Error while logging in. Validation failed."); return(BadRequest(ModelState.ToApiV1ErrorResponseModel())); } }
public override async Task OnExceptionAsync(ExceptionContext context) { if (env.IsDevelopment()) { await base.OnExceptionAsync(context); } else { var error = new ApiV1ErrorResponseModel("An error occurred, please try again later."); context.HttpContext.Response.StatusCode = 500; context.Result = new JsonResult(error); await base.OnExceptionAsync(context); } }