public async Task <User> Authenticate(AuthenticatingUser authUser, bool needsTokens = false, CancellationToken ct = default)
{
User user = await _context.Users
.Include(u => u.UserAuthentication)
.FirstOrDefaultAsync(u => u.UserName.ToLower() == authUser.AuthenticatorString.ToLower() || u.UserAuthentication.UserEmail.ToLower() == authUser.AuthenticatorString.ToLower());
if (user == null)
{
return(null);
}
if (!_hashingService.VerifyHash(user.UserAuthentication.UserPassHash, user.UserAuthentication.UserPassSalt, authUser.Password))
{
return(null);
}
if (await _userService.GetFirstBanOfTypeIfAnyAsnc(user.UserUUID, 1, ct) is UserBan ub && ub != null)
{
throw new AuthenticationException($"User has received a global ban, ban expires: {ub.BanExpires:HH:mm:ss, dd/MM/yy}");
}
user = await _userService.GetByIdAsync(user.UserUUID, ct);
user.UserAuthTokens = needsTokens ? await _tokenService.GenerateInitialTokensForUserAsync(user.UserUUID) : null;
return(user);
}
[HttpPost("AuthenticateUser")] //Post request so we can upload a body
public async Task <IActionResult> AuthenticateUser([FromBody] AuthenticatingUser usr) //expects authenticatinguser in body
{
User user = await new UserTasks().AuthenticateUser(usr); //Runs AuthenticateUser task
if (user == null)
{
return(NotFound()); //returns not found (404) if the user is null
}
else
{
return(Ok(user)); //else, returns 200 with the user in json
}
}
public async Task <IActionResult> AuthenticateUser([FromBody] AuthenticatingUser authUser, bool needsTokens = true, CancellationToken ct = default)
{
//TODO: require email confirmation
try
{
User user = await _authenticationService.Authenticate(authUser, needsTokens, ct);
if (user == null)
{
return(NotFound("Invalid login attempt"));
}
return(Ok(user));
}
catch (AuthenticationException ex) {
return(BadRequest(ex.Message));
}
}
public async Task <User> AuthenticateUser(AuthenticatingUser usr)
{
using (var conn = new MySqlConnection(connString))
{
await conn.OpenAsync();
using (var cmd = new MySqlCommand($"SELECT UserId FROM user WHERE (UserName='******' AND UserPassHash='{usr.PassHash}')" +
$" OR (UserEmail='{usr.Authenticator}' AND UserPassHash='{usr.PassHash}');", conn))
using (var reader = await cmd.ExecuteReaderAsync())
if (await reader.ReadAsync())
{
return(await GetUserById(Convert.ToInt32(reader["userId"])));
}
else
{
return(null);
}
}
}
