public ActionResult <InterfaceUtilizador> Authenticate([Bind] UserAuthenticationDto userDto)
{
lock (_system)
{
InterfaceUtilizador user = null;
int typeOfUser = _system.TypeUser(userDto.email);
string token = CalculateHash.GetHashString(userDto.email + DateTime.Now);
if (typeOfUser != -1)
{
switch (typeOfUser)
{
case 0:
{
user = (Cliente)_system.Authenticate(userDto.email, userDto.password, token);
break;
}
case 1:
{
user = (Instrutor)_system.Authenticate(userDto.email, userDto.password, token);
break;
}
case 2:
{
user = (Rececionista)_system.Authenticate(userDto.email, userDto.password, token);
break;
}
}
}
if (user == null || typeOfUser == -1)
{
return(Unauthorized(new
{
message = "Credentials are wrong..."
}));
}
StringBuilder a = new StringBuilder()
.Append("{")
.Append("\"token\":\"")
.Append(token)
.Append("\",\"user\":")
.Append(JsonSerializer.Serialize(user, user.GetType()))
.Append("}");
return(Ok(a.ToString()));
}
}
public InterfaceUtilizador LogIn(string email, string passInserida, string token)
{
DateTime today = DateTime.Now;
DateTime time_to_expire = today.AddDays(5);
int typeUser = TypeUser(email); // 0 - Cliente, 1 - Instrutor, 2 - Rececionista
if (typeUser == -1)
{
return(null);
}
try
{
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
string hashPass = CalculateHash.GetHashString(passInserida);
MySqlCommand command;
string sqlCommand;
switch (typeUser)
{
// Cliente
case 0:
{
sqlCommand = "select * from Cliente where email = @EMAIL";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
MySqlDataReader reader = command.ExecuteReader();
reader.Read();
string hashUser = reader.GetString(3);
if (hashUser.Equals(hashPass))
{
Cliente user = new Cliente(email, reader.GetInt32(1), reader.GetString(2),
reader.GetInt16(5),
reader.GetDateTime(4), reader.GetString(7), reader.GetString(6));
// Adicionar o Cliente à tabela de utilizadores online...
reader.Close();
sqlCommand = "insert into UtilizadoresOnline values (@EMAIL, @TIME_TO_EXPIRE, @TOKEN)";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
command.Parameters.Add(new MySqlParameter("@TIME_TO_EXPIRE", MySqlDbType.DateTime));
command.Parameters["@TIME_TO_EXPIRE"].Value = time_to_expire;
command.Parameters.Add(new MySqlParameter("@TOKEN", MySqlDbType.VarChar));
command.Parameters["@TOKEN"].Value = token;
command.ExecuteScalar();
return(user);
}
reader.Close();
break;
}
// Instrutor
case 1:
{
sqlCommand = "select * from Instrutor where email = @EMAIL";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
MySqlDataReader reader = command.ExecuteReader();
reader.Read();
string hashUser = reader.GetString(3);
if (hashUser.Equals(hashPass))
{
Instrutor user = new Instrutor(email, reader.GetInt32(1), reader.GetString(2),
reader.GetInt16(5), reader.GetDateTime(4), reader.GetString(6));
reader.Close();
// Adicionar o Cliente à tabela de utilizadores online...
sqlCommand = "insert into UtilizadoresOnline values (@EMAIL, @TIME_TO_EXPIRE, @TOKEN)";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
command.Parameters.Add(new MySqlParameter("@TIME_TO_EXPIRE", MySqlDbType.DateTime));
command.Parameters["@TIME_TO_EXPIRE"].Value = time_to_expire;
command.Parameters.Add(new MySqlParameter("@TOKEN", MySqlDbType.VarChar));
command.Parameters["@TOKEN"].Value = token;
command.ExecuteScalar();
return(user);
}
reader.Close();
break;
}
// Rececionista
case 2:
{
sqlCommand = "select * from Rececionista where email = @EMAIL";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
MySqlDataReader reader = command.ExecuteReader();
reader.Read();
string hashUser = reader.GetString(3);
if (hashUser.Equals(hashPass))
{
Rececionista user = new Rececionista(email, reader.GetInt32(1), reader.GetString(2),
reader.GetInt16(5), reader.GetDateTime(4), reader.GetString(6));
reader.Close();
// Adicionar o Cliente à tabela de utilizadores online...
sqlCommand = "insert into UtilizadoresOnline values (@EMAIL, @TIME_TO_EXPIRE, @TOKEN)";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
command.Parameters.Add(new MySqlParameter("@TIME_TO_EXPIRE", MySqlDbType.DateTime));
command.Parameters["@TIME_TO_EXPIRE"].Value = time_to_expire;
command.Parameters.Add(new MySqlParameter("@TOKEN", MySqlDbType.VarChar));
command.Parameters["@TOKEN"].Value = token;
command.ExecuteScalar();
return(user);
}
reader.Close();
break;
}
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
finally
{
connection.Close();
}
return(null);
}