public async Task <ActionResult <LoginBackDto> > Login(LoginDto loginDto) { var login = await _userManager.FindByNameAsync(loginDto.Username); if (login == null) { return(Unauthorized("Wrong Username of Password")); // we don't want to indicate the user if the password or username are wrong bc' security } var loginAtempt = (await _signInManager.CheckPasswordSignInAsync(login, loginDto.Password, false)).Succeeded; // todo: added lock after few atempts? if (!loginAtempt) { return(Unauthorized("Wrong Username of Password")); } var userDto = new LoginBackDto { Token = await _tokenService.CreateToken(login), }; return(Ok(userDto)); }
public async Task <IActionResult> Register(RegisterDto registerDto) { var isUserExists = await _userManager.Users.Where(x => x.NormalizedUserName == registerDto.Username.ToUpper()) .Select(x => 1) .FirstOrDefaultAsync(); // defualot of int is 0 , not null if (isUserExists != 0) { return(BadRequest("This user already exists")); } var user = _mapper.Map <AppUser>(registerDto); var userCreation = await _userManager.CreateAsync(user, registerDto.Password); if (!userCreation.Succeeded) { return(BadRequest(userCreation.Errors)); } var userDto = new LoginBackDto { Token = await _tokenService.CreateToken(user), }; return(Ok(userDto)); }