public async Task <ActionResult> Post(string email, string password)
{
using var db = new DutyingContext();
if (!db.Users.Any(user => user.Email == email))
{
return(NotFound("No user found!"));
}
var user = db.Users
.Include(user => user.UserRoles)
.ThenInclude(userRole => userRole.Role)
.Where(user => user.Email == email)
.First();
var salt = Convert.FromBase64String(user.Salt);
var hashedPassword = RegisterController.HashPasswordPbkdf2(password, salt);
if (user.Password != hashedPassword)
{
return(BadRequest("Wrong password!"));
}
var token = await CreateTokenAsync(user);
return(Ok(token));
}
public ActionResult <User> Put([FromBody] User user)
{
using var db = new DutyingContext();
if (!db.Users.Any(u => u.Id == user.Id))
{
return(NotFound());
}
var dbUser = db.Users
.Include(user => user.UserRoles)
.ThenInclude(uRoles => uRoles.Role)
.FirstOrDefault(u => u.Id == user.Id);
if (dbUser.FirstName != user.FirstName)
{
dbUser.FirstName = user.FirstName;
}
if (dbUser.LastName != user.LastName)
{
dbUser.LastName = user.LastName;
}
if (dbUser.Email != user.Email)
{
dbUser.Email = user.Email;
}
if (dbUser.WardId != user.WardId)
{
dbUser.WardId = user.WardId;
}
dbUser.UserRoles.RemoveAll(dbUr => !user.UserRoles.Any(ur => dbUr.RoleId == ur.RoleId));
user.UserRoles.RemoveAll(ur => dbUser.UserRoles.Any(dbUr => dbUr.RoleId == ur.RoleId));
if (user.UserRoles.Count > 0)
{
dbUser.UserRoles.AddRange(user.UserRoles);
}
if (!string.IsNullOrEmpty(user.Password) && dbUser.Password !=
RegisterController.HashPasswordPbkdf2(user.Password, Convert.FromBase64String(dbUser.Salt)))
{
var salt = RegisterController.GenerateSalt();
var hashedPassword = RegisterController.HashPasswordPbkdf2(user.Password, salt);
dbUser.Password = hashedPassword;
dbUser.Salt = Convert.ToBase64String(salt);
}
db.Users.Update(dbUser);
db.SaveChanges();
return(Ok(dbUser));
}
