public ActionResult <InterfaceUtilizador> Authenticate([Bind] UserAuthenticationDto userDto) { lock (_system) { InterfaceUtilizador user = null; int typeOfUser = _system.TypeUser(userDto.email); string token = CalculateHash.GetHashString(userDto.email + DateTime.Now); if (typeOfUser != -1) { switch (typeOfUser) { case 0: { user = (Cliente)_system.Authenticate(userDto.email, userDto.password, token); break; } case 1: { user = (Instrutor)_system.Authenticate(userDto.email, userDto.password, token); break; } case 2: { user = (Rececionista)_system.Authenticate(userDto.email, userDto.password, token); break; } } } if (user == null || typeOfUser == -1) { return(Unauthorized(new { message = "Credentials are wrong..." })); } StringBuilder a = new StringBuilder() .Append("{") .Append("\"token\":\"") .Append(token) .Append("\",\"user\":") .Append(JsonSerializer.Serialize(user, user.GetType())) .Append("}"); return(Ok(a.ToString())); } }
public InterfaceUtilizador LogIn(string email, string passInserida, string token) { DateTime today = DateTime.Now; DateTime time_to_expire = today.AddDays(5); int typeUser = TypeUser(email); // 0 - Cliente, 1 - Instrutor, 2 - Rececionista if (typeUser == -1) { return(null); } try { if (connection.State == ConnectionState.Closed) { connection.Open(); } string hashPass = CalculateHash.GetHashString(passInserida); MySqlCommand command; string sqlCommand; switch (typeUser) { // Cliente case 0: { sqlCommand = "select * from Cliente where email = @EMAIL"; command = new MySqlCommand(sqlCommand, connection); command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar)); command.Parameters["@EMAIL"].Value = email; MySqlDataReader reader = command.ExecuteReader(); reader.Read(); string hashUser = reader.GetString(3); if (hashUser.Equals(hashPass)) { Cliente user = new Cliente(email, reader.GetInt32(1), reader.GetString(2), reader.GetInt16(5), reader.GetDateTime(4), reader.GetString(7), reader.GetString(6)); // Adicionar o Cliente à tabela de utilizadores online... reader.Close(); sqlCommand = "insert into UtilizadoresOnline values (@EMAIL, @TIME_TO_EXPIRE, @TOKEN)"; command = new MySqlCommand(sqlCommand, connection); command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar)); command.Parameters["@EMAIL"].Value = email; command.Parameters.Add(new MySqlParameter("@TIME_TO_EXPIRE", MySqlDbType.DateTime)); command.Parameters["@TIME_TO_EXPIRE"].Value = time_to_expire; command.Parameters.Add(new MySqlParameter("@TOKEN", MySqlDbType.VarChar)); command.Parameters["@TOKEN"].Value = token; command.ExecuteScalar(); return(user); } reader.Close(); break; } // Instrutor case 1: { sqlCommand = "select * from Instrutor where email = @EMAIL"; command = new MySqlCommand(sqlCommand, connection); command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar)); command.Parameters["@EMAIL"].Value = email; MySqlDataReader reader = command.ExecuteReader(); reader.Read(); string hashUser = reader.GetString(3); if (hashUser.Equals(hashPass)) { Instrutor user = new Instrutor(email, reader.GetInt32(1), reader.GetString(2), reader.GetInt16(5), reader.GetDateTime(4), reader.GetString(6)); reader.Close(); // Adicionar o Cliente à tabela de utilizadores online... sqlCommand = "insert into UtilizadoresOnline values (@EMAIL, @TIME_TO_EXPIRE, @TOKEN)"; command = new MySqlCommand(sqlCommand, connection); command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar)); command.Parameters["@EMAIL"].Value = email; command.Parameters.Add(new MySqlParameter("@TIME_TO_EXPIRE", MySqlDbType.DateTime)); command.Parameters["@TIME_TO_EXPIRE"].Value = time_to_expire; command.Parameters.Add(new MySqlParameter("@TOKEN", MySqlDbType.VarChar)); command.Parameters["@TOKEN"].Value = token; command.ExecuteScalar(); return(user); } reader.Close(); break; } // Rececionista case 2: { sqlCommand = "select * from Rececionista where email = @EMAIL"; command = new MySqlCommand(sqlCommand, connection); command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar)); command.Parameters["@EMAIL"].Value = email; MySqlDataReader reader = command.ExecuteReader(); reader.Read(); string hashUser = reader.GetString(3); if (hashUser.Equals(hashPass)) { Rececionista user = new Rececionista(email, reader.GetInt32(1), reader.GetString(2), reader.GetInt16(5), reader.GetDateTime(4), reader.GetString(6)); reader.Close(); // Adicionar o Cliente à tabela de utilizadores online... sqlCommand = "insert into UtilizadoresOnline values (@EMAIL, @TIME_TO_EXPIRE, @TOKEN)"; command = new MySqlCommand(sqlCommand, connection); command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar)); command.Parameters["@EMAIL"].Value = email; command.Parameters.Add(new MySqlParameter("@TIME_TO_EXPIRE", MySqlDbType.DateTime)); command.Parameters["@TIME_TO_EXPIRE"].Value = time_to_expire; command.Parameters.Add(new MySqlParameter("@TOKEN", MySqlDbType.VarChar)); command.Parameters["@TOKEN"].Value = token; command.ExecuteScalar(); return(user); } reader.Close(); break; } } } catch (Exception e) { Console.WriteLine(e.ToString()); } finally { connection.Close(); } return(null); }