private async Task <UserModel> Authenticate(LoginModel login) { // TODO this should probably be removed in favor of using the entity class instead for a User UserModel user = new UserModel { Name = "Test", Email = login.Email, IsAuthenticated = false }; var matchingEmailUser = await _context .Users .Where(_ => _.Email == login.Email) .FirstOrDefaultAsync(); if (matchingEmailUser != null) { if (PasswordSecurity.CompareHashedPasswords(login.Password, matchingEmailUser.PasswordHash)) { user.IsAuthenticated = true; user.Id = matchingEmailUser.UserId; } } return(user); }
private async Task <UserModel> Authenticate(LoginModel login) { UserModel user = new UserModel { Name = "Test", Email = login.Email, IsAuthenticated = false, Roles = new List <string>() }; // we query the database for the following "claims", which just means // that we are querying to see what kind of user the email pertains to // which is important for distuinguishing their role and what kind of // table relationships can exist for them. var studentClaim = await _context .Students .Where(_ => _.Email == login.Email) .FirstOrDefaultAsync(); var instructorClaim = await _context .Instructors .Where(_ => _.Email == login.Email) .FirstOrDefaultAsync(); var adminClaim = await _context .Administrators .Where(_ => _.Email == login.Email) .FirstOrDefaultAsync(); if (studentClaim != null) { if (PasswordSecurity.CompareHashedPasswords(login.Password, studentClaim.Password) && studentClaim.EmailConfirmed) { user.Roles.Add("Student"); user.IsAuthenticated = true; user.Id = studentClaim.StudentId; } } else if (instructorClaim != null) { if (PasswordSecurity.CompareHashedPasswords(login.Password, instructorClaim.Password) && instructorClaim.EmailConfirmed) { user.Roles.Add("Instructor"); user.IsAuthenticated = true; user.Id = instructorClaim.InstructorId; } } else if (adminClaim != null) { if (PasswordSecurity.CompareHashedPasswords(login.Password, adminClaim.Password)) { user.Roles.Add("Admin"); user.IsAuthenticated = true; user.Id = adminClaim.AdministratorId; } } return(user); }