public IActionResult Login(LoginRequest request) { var student = new Student(); using var con = new SqlConnection(ConnectionString); using (var com = new SqlCommand()) { com.Connection = con; var salt = String.Empty; var password = String.Empty; com.CommandText = "Select IndexNumber, FirstName Password, Salt From Student Where IndexNumber = @login"; com.Parameters.AddWithValue("login", request.Login); con.Open(); var dr = com.ExecuteReader(); if (!dr.Read()) { return(NotFound("Student was not found.")); } student.IndexNumber = dr["IndexNumber"].ToString(); student.FirstName = dr["FirstName"].ToString(); password = dr["Password"].ToString(); salt = dr["Salt"].ToString(); var passToCompare = HashPasswordGenerator.HashPasswordGen(request.Password, salt); if (!password.Equals(passToCompare)) { return(BadRequest("Wrong login or password")); } dr.Close(); var userclaim = new[] { new Claim(ClaimTypes.NameIdentifier, student.IndexNumber), new Claim(ClaimTypes.Name, student.FirstName), new Claim(ClaimTypes.Role, "Student"), }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: "Gakko", audience: "Students", claims: userclaim, expires: DateTime.Now.AddMinutes(1), signingCredentials: creds ); student.RefreshToken = Guid.NewGuid().ToString(); student.RefreshTokenExpirationDate = DateTime.Now.AddDays(1); com.CommandText = "Update Student set RefreshToken = @RefreshToken and RefreshTokenExpirationDate = @ExpDate"; com.Parameters.AddWithValue("RefreshToken", student.RefreshToken); com.Parameters.AddWithValue("ExpDate", student.RefreshTokenExpirationDate); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), refreshToken = student.RefreshToken })); } }
public EnrollStudentResponse EnrollStudent(EnrollStudentRequest request) { var response = new EnrollStudentResponse(); using (var con = new SqlConnection(ConnectionString)) { using (var com = new SqlCommand()) { com.Connection = con; com.CommandText = "Select * From Studies Where Name = @Name"; com.Parameters.AddWithValue("Name", request.Studies); con.Open(); var trans = con.BeginTransaction(); com.Transaction = trans; var dr = com.ExecuteReader(); if (!dr.Read()) { dr.Close(); trans.Rollback(); return(null); } int idStudy = (int)dr["IdStudy"]; dr.Close(); com.CommandText = "Select * From Enrollment Where Semester = 1 And IdStudy = @idStudy"; int IdEnrollment = (int)dr["IdEnrollemnt"] + 1; com.Parameters.AddWithValue("IdStudy", idStudy); dr = com.ExecuteReader(); if (dr.Read()) { dr.Close(); com.CommandText = "Select MAX(idEnrollment) as 'idEnrollment' From Enrollment"; dr = com.ExecuteReader(); dr.Close(); DateTime StartDate = DateTime.Now; com.CommandText = "Insert Into Enrollment(IdEnrollment, Semester, IdStudy, StartDate, Password) Values (@IdEnrollemnt, 1, @IdStudy, @StartDate, @Password)"; com.Parameters.AddWithValue("IdEnrollemnt", IdEnrollment); com.Parameters.AddWithValue("StartDate", StartDate); com.ExecuteNonQuery(); } dr.Close(); com.CommandText = "Select * From Student Where IndexNumber=@IndexNumber"; com.Parameters.AddWithValue("IndexNumber", request.IndexNumber); dr = com.ExecuteReader(); if (!dr.Read()) { var salt = SaltGenerator.SaltGen(); dr.Close(); com.CommandText = "Insert Into Student(IndexNumber, FirstName, LastName, Birthdate, IdEnrollment, Password, Salt) Value (@IndexNumber, @FirstName, @LastName, @BirthDate, @IdEnrollment, @Password, @Salt)"; com.Parameters.AddWithValue("FirstName", request.FirstName); com.Parameters.AddWithValue("LastName", request.LastName); com.Parameters.AddWithValue("BirthDate", request.BirthDate); com.Parameters.AddWithValue("IdEnrollment", IdEnrollment); com.Parameters.AddWithValue("Password", HashPasswordGenerator.HashPasswordGen(request.Password, salt)); com.Parameters.AddWithValue("Salt", salt); com.ExecuteNonQuery(); dr.Close(); response.Semester = 1; } else { dr.Close(); trans.Rollback(); throw new Exception("Student with such index number already exists"); } trans.Commit(); } } return(response); }