public async Task <ActionResult <LoginBackDto> > Login(LoginDto loginDto)
{
var login = await _userManager.FindByNameAsync(loginDto.Username);
if (login == null)
{
return(Unauthorized("Wrong Username of Password")); // we don't want to indicate the user if the password or username are wrong bc' security
}
var loginAtempt =
(await _signInManager.CheckPasswordSignInAsync(login, loginDto.Password,
false)).Succeeded; // todo: added lock after few atempts?
if (!loginAtempt)
{
return(Unauthorized("Wrong Username of Password"));
}
var userDto = new LoginBackDto
{
Token = await _tokenService.CreateToken(login),
};
return(Ok(userDto));
}
public async Task <IActionResult> Register(RegisterDto registerDto)
{
var isUserExists = await _userManager.Users.Where(x => x.NormalizedUserName == registerDto.Username.ToUpper())
.Select(x => 1)
.FirstOrDefaultAsync(); // defualot of int is 0 , not null
if (isUserExists != 0)
{
return(BadRequest("This user already exists"));
}
var user = _mapper.Map <AppUser>(registerDto);
var userCreation = await _userManager.CreateAsync(user, registerDto.Password);
if (!userCreation.Succeeded)
{
return(BadRequest(userCreation.Errors));
}
var userDto = new LoginBackDto
{
Token = await _tokenService.CreateToken(user),
};
return(Ok(userDto));
}
