public async Task <ActionResult> Post(string email, string password) { using var db = new DutyingContext(); if (!db.Users.Any(user => user.Email == email)) { return(NotFound("No user found!")); } var user = db.Users .Include(user => user.UserRoles) .ThenInclude(userRole => userRole.Role) .Where(user => user.Email == email) .First(); var salt = Convert.FromBase64String(user.Salt); var hashedPassword = RegisterController.HashPasswordPbkdf2(password, salt); if (user.Password != hashedPassword) { return(BadRequest("Wrong password!")); } var token = await CreateTokenAsync(user); return(Ok(token)); }
public ActionResult <User> Put([FromBody] User user) { using var db = new DutyingContext(); if (!db.Users.Any(u => u.Id == user.Id)) { return(NotFound()); } var dbUser = db.Users .Include(user => user.UserRoles) .ThenInclude(uRoles => uRoles.Role) .FirstOrDefault(u => u.Id == user.Id); if (dbUser.FirstName != user.FirstName) { dbUser.FirstName = user.FirstName; } if (dbUser.LastName != user.LastName) { dbUser.LastName = user.LastName; } if (dbUser.Email != user.Email) { dbUser.Email = user.Email; } if (dbUser.WardId != user.WardId) { dbUser.WardId = user.WardId; } dbUser.UserRoles.RemoveAll(dbUr => !user.UserRoles.Any(ur => dbUr.RoleId == ur.RoleId)); user.UserRoles.RemoveAll(ur => dbUser.UserRoles.Any(dbUr => dbUr.RoleId == ur.RoleId)); if (user.UserRoles.Count > 0) { dbUser.UserRoles.AddRange(user.UserRoles); } if (!string.IsNullOrEmpty(user.Password) && dbUser.Password != RegisterController.HashPasswordPbkdf2(user.Password, Convert.FromBase64String(dbUser.Salt))) { var salt = RegisterController.GenerateSalt(); var hashedPassword = RegisterController.HashPasswordPbkdf2(user.Password, salt); dbUser.Password = hashedPassword; dbUser.Salt = Convert.ToBase64String(salt); } db.Users.Update(dbUser); db.SaveChanges(); return(Ok(dbUser)); }