public IActionResult LoginSubmit(AllUserViewModels model)
{
if (ModelState.IsValid)
{
// If there are no errors upon form submit, check db for proper creds.
// The reason for the multiple try/catch statements is to return the proper validation error message to the user.
// There are better ways to do it (AJAX in the modal), but this is a simple, although crude, method that works for now.
// The User object is being instantiated out here in order to establish it as a global variable and accessible by all the different try/catch statments.
User LoggedUser;
try
{
LoggedUser = _context.Users.SingleOrDefault(u => u.Email == model.Log.Email);
}
// Catch will run if matching email is not found in DB.
catch
{
ViewBag.loginError = "Your email was incorrect.";
MostActiveStocksAPICall();
return(View("landing"));
}
// If email is correct, verify that password is correct.
try
{
var Hasher = new PasswordHasher <User>();
// Check hashed password. 0 = false password match.
if (Hasher.VerifyHashedPassword(LoggedUser, LoggedUser.Password, model.Log.Password) != 0)
{
// Set user id in session for use in identification, future db calls, and for greeting the user.
HttpContext.Session.SetInt32("LoggedUserId", LoggedUser.Id);
HttpContext.Session.SetString("LoggedUserName", LoggedUser.FirstName);
return(RedirectToAction("Portfolio", "Main"));
}
// If password does not match
else
{
ViewBag.loginError = "Your password was incorrect.";
MostActiveStocksAPICall();
return(View("landing"));
}
}
// Catch should only run if there was some unusual error, like a DB connection error. Logout will clear session. That might have an effect.
catch
{
ViewBag.loginError = "Sorry, there was a problem logging you in. Please try again.";
return(RedirectToAction("Logout"));
}
}
// If ModelState is not valid, return login and display model validation errors.
else
{
ViewBag.loginError = "Your email or password was incorrect.";
MostActiveStocksAPICall();
return(View("landing"));
}
}
public IActionResult NewUser(AllUserViewModels model)
{
// Check if models received any validation errors.
if (ModelState.IsValid)
{
try
{
// Check if email already exists in DB.
var EmailExists = _context.Users.Where(e => e.Email == model.Reg.Email).SingleOrDefault();
// If email is unique, perform registration.
if (EmailExists == null)
{
// Hash and store password in DB.
PasswordHasher <RegisterViewModel> Hasher = new PasswordHasher <RegisterViewModel>();
string HashedPassword = Hasher.HashPassword(model.Reg, model.Reg.Password);
User NewUser = new User
{
FirstName = model.Reg.FirstName,
LastName = model.Reg.LastName,
Email = model.Reg.Email,
Password = HashedPassword,
CreatedAt = DateTime.Now,
UpdatedAt = DateTime.Now,
};
Portfolio Portfolio = new Portfolio
{
User = NewUser,
CreatedAt = DateTime.Now,
UpdatedAt = DateTime.Now,
};
Watchlist Watchlist = new Watchlist
{
User = NewUser,
CreatedAt = DateTime.Now,
UpdatedAt = DateTime.Now,
};
_context.Add(NewUser);
_context.Add(Portfolio);
_context.Add(Watchlist);
_context.SaveChanges();
// Set user id in session for use in identification, future db calls, and for greeting the user.
HttpContext.Session.SetInt32("LoggedUserId", NewUser.Id);
// Redirect to Profile method.
return(RedirectToAction("Profile"));
}
// Redirect w/ error if email already exists in db.
else
{
ViewBag.email = "That email is already in use. Please try again using a different one.";
MostActiveStocksAPICall();
return(View("landing"));
}
}
// Catch should only run if there was an error with the password hashing or storing on the new user in the DB.
catch
{
MostActiveStocksAPICall();
return(View("landing"));
}
}
// Else statement will run if the ModelState is invalid.
else
{
MostActiveStocksAPICall();
return(View("landing"));
}
}
