public async Task <IActionResult> Login([FromBody] ApiV1LoginRequestModel model)
{
if (model != null && ModelState.IsValid)
{
logger.LogDebug($"Attempting to login user with email {model.EMail}.");
try {
var error = new ApiV1ErrorResponseModel("The combination of password an username is wrong or the user does not exist at all.");
// Throw bad request if a user is logged-in already
if (loginService.IsLoggedIn())
{
return(BadRequest(new ApiV1ErrorResponseModel("Cannot login twice. Please logout first.")));
}
// Try to get user from database
var user = await userService.GetByEMailAsync(model.EMail);
// Check if user exists.
// If the user does not exist, we return 403 to not reveal that it does not exist
if (user == null)
{
logger.LogWarning($"Error while logging in user with email {model.EMail}. The user does not exist.");
return(StatusCode(403, error));
}
// Check if password is correct
if (passwordService.CheckPassword(model.Password, user.Password))
{
loginService.Login(user.Id);
logger.LogInformation($"Successfully logged in user with email {model.EMail}.");
return(Ok(new {
user.Id,
user.FirstName,
user.LastName,
user.Email,
user.IsAdmin
}));
}
else
{
logger.LogWarning($"Error while logging in user with email {model.EMail}: The password is incorrect.");
return(StatusCode(403, error));
}
} catch (Exception ex) {
logger.LogError(ex, $"Error while logging in: {ex.Message}");
return(StatusCode(500, new ApiV1ErrorResponseModel("Error while handling request.")));
}
}
else
{
logger.LogWarning($"Error while logging in. Validation failed.");
return(BadRequest(ModelState.ToApiV1ErrorResponseModel()));
}
}
public override async Task OnExceptionAsync(ExceptionContext context)
{
if (env.IsDevelopment())
{
await base.OnExceptionAsync(context);
}
else
{
var error = new ApiV1ErrorResponseModel("An error occurred, please try again later.");
context.HttpContext.Response.StatusCode = 500;
context.Result = new JsonResult(error);
await base.OnExceptionAsync(context);
}
}
