public ActionResult <AuthenticateResponseDTO> Authenticate([FromBody] AuthenticateRequestDTO model)
{
var dbUser = _userService.Get(u => u.Name == model.Name).FirstOrDefault();
if (null == dbUser)
{
return(BadRequest(new { error = "User does not exist" }));
}
else if (PasswordManager.GeneratePasshash(dbUser.Salt, model.Password) != dbUser.Passhash)
{
return(BadRequest(new { error = "Email or password is incorrect" }));
}
var userToken = TokenProvider.GenerateToken(dbUser);
return(Ok(new AuthenticateResponseDTO(dbUser, userToken)));
}
public ActionResult <UserDTO> PutUpdatePass(int id, [FromBody] AuthenticateRequestDTO user)
{
var updatedUser = _userService.Get(u => u.Id == id).FirstOrDefault();
if (null == updatedUser)
{
return(NotFound(new { error = "User not found" }));
}
if (updatedUser.Name != User.FindFirst(ClaimTypes.Name).Value)
{
return(BadRequest(new { error = "Cannot update password from another user" }));
}
updatedUser.Salt = PasswordManager.GenerateSalt(updatedUser.Name);
updatedUser.Passhash = PasswordManager.GeneratePasshash(updatedUser.Salt, user.Password);
return(Ok(_mapper.Map <UserDTO>(_userService.Update(updatedUser))));
}
public ActionResult <UserDTO> Post([FromBody] UserFormDTO userForm)
{
if (null != _userService.Get(u => u.Name == userForm.Name).FirstOrDefault())
{
return(Conflict(new { error = "User alredy exist!" }));
}
var role = _roleService.Get(r => r.Name == userForm.Role.ToLower()).FirstOrDefault();
if (null == role)
{
return(BadRequest(new { error = "Role does not exist" }));
}
UserModel user = new UserModel()
{
Name = userForm.Name,
RoleId = role.Id,
CreatedAt = DateTime.UtcNow,
Salt = PasswordManager.GenerateSalt(userForm.Name)
};
user.Passhash = PasswordManager.GeneratePasshash(user.Salt, userForm.Password);
return(Created("", _mapper.Map <UserDTO>(_userService.Create(user))));
}
