public IActionResult Login(LoginModel user)
{
try
{
UserModel dbUser = _db.GetUser(user.EmailAddress);
PasswordHashModel passwordHash = new();
passwordHash.FromDbString(dbUser.PasswordHash);
(bool IsPasswordCorrect, _) = HashAndSalter.PasswordEqualsHash(user.Password, passwordHash);
if (IsPasswordCorrect)
{
LogInUser(dbUser);
return(RedirectToAction(nameof(Home)));
}
else
{
return(View());
}
}
catch
{
return(View());
}
}
public IActionResult Register(RegisterViewModel newUser)
{
if (ModelState.IsValid == false)
{
ViewData["RegisterMessage"] = "Invalid Inputs";
return(View(newUser));
}
List <UserModel> allUsers = _db.GetAllUsers();
if (allUsers.Any(x => x.EmailAddress == newUser.EmailAddress))
{
ViewData["RegisterMessage"] = "That email address is taken";
return(View());
}
UserModel newDbUser = new()
{
FirstName = newUser.FirstName,
LastName = newUser.LastName,
EmailAddress = newUser.EmailAddress,
PasswordHash = HashAndSalter.HashAndSalt(newUser.Password).ToDbString()
};
_db.CreateUser(newDbUser);
LogInUser(newDbUser);
return(RedirectToAction(nameof(OrganizationController.OrganizationHome), "Organization"));
}
public IActionResult EditAccount(EditUserViewModel updatedUser)
{
// 1) Make sure email isn't taken
List <UserModel> allUsers = _db.GetAllUsers();
UserModel loggedInUser = this.GetLoggedInUserByEmail(_db);
if (IsValidEmailAddress(updatedUser.EmailAddress) == false ||
allUsers.Any(x => x.EmailAddress == updatedUser.EmailAddress && updatedUser.EmailAddress != loggedInUser.EmailAddress))
{
ViewData["EditMessage"] = "That email address is taken"; // todo: refactor this viewdata message system
return(View(loggedInUser.DbUserToEditView()));
}
if (string.IsNullOrWhiteSpace(updatedUser.NewPassword) == false)
{
// 2) Make sure old password is correct
PasswordHashModel passwordHash = new();
passwordHash.FromDbString(loggedInUser.PasswordHash);
(bool IsPasswordCorrect, _) = HashAndSalter.PasswordEqualsHash(updatedUser.OldPassword, passwordHash);
if (IsPasswordCorrect)
{
loggedInUser.FirstName = updatedUser.FirstName;
loggedInUser.LastName = updatedUser.LastName;
loggedInUser.EmailAddress = updatedUser.EmailAddress;
loggedInUser.PasswordHash = HashAndSalter.HashAndSalt(updatedUser.NewPassword).ToDbString();
_db.UpdateUser(loggedInUser);
LogInUser(loggedInUser);
loggedInUser.EmailAddress = "";
loggedInUser.PasswordHash = "";
return(RedirectToAction(nameof(OrganizationController.OrganizationHome), "Organization"));
}
else
{
return(View(loggedInUser.DbUserToEditView()));
}
}
else
{
// No password change
loggedInUser.FirstName = updatedUser.FirstName;
loggedInUser.LastName = updatedUser.LastName;
loggedInUser.EmailAddress = updatedUser.EmailAddress;
_db.UpdateUser(loggedInUser);
LogInUser(loggedInUser);
return(RedirectToAction(nameof(OrganizationController.OrganizationHome), "Organization"));
}
}
private static void CreateUserModel(MongoDBDataAccessor mongodb)
{
UserModel user = new()
{
EmailAddress = "*****@*****.**",
FirstName = "Jane",
LastName = "Doe",
PhoneNumber = "123-456-7890",
PasswordHash = HashAndSalter.HashAndSalt("Anonymous").ToDbString()
};
mongodb.CreateUser(user);
}
}
public UserModel GetUser(string emailAddress, string password)
{
UserModel user = GetUser(emailAddress);
PasswordHashModel passwordHash = new();
passwordHash.FromDbString(user.PasswordHash);
(bool IsPasswordCorrect, _) = HashAndSalter.PasswordEqualsHash(password, passwordHash);
if (user == null || IsPasswordCorrect == false)
{
return(null);
}
return(user);
}