public ActionResult <LoginResponse> Login(LoginRequest request)
{
if (request == null)
{
return(BadRequest(new LoginResponse()));
}
var lehrer = _context.Lehrer.FirstOrDefault(l => l.Email.ToLower() == request.email.ToLower());
if (lehrer == null)
{
return(NotFound());
}
if (HttpContext.Session.GetInt32("fails") >= 3)
{
lehrer.Blocked = true;
lehrer.Token = null;
_context.Lehrer.Update(lehrer);
HttpContext.Session.Clear();
return(BadRequest(LoginResponse.FromTeacher(lehrer)));
}
using (var sha = SHA256.Create())
{
var hash = Convert.ToBase64String(sha.ComputeHash(Encoding.UTF8.GetBytes(request.password + SALT)));
if (lehrer.Password == hash)
{
if (lehrer.Blocked)
{
lehrer.Token = null;
_context.Lehrer.Update(lehrer);
return(BadRequest(LoginResponse.FromTeacher(lehrer)));
}
lehrer.Token = TokenProvider.GetToken(lehrer);
_context.Lehrer.Update(lehrer);
HttpContext.Session.Clear();
return(Ok(LoginResponse.FromTeacher(lehrer)));
}
HttpContext.Session.SetInt32("fails", (HttpContext.Session.GetInt32("fails") ?? 0) + 1);
return(Unauthorized());
}
}
public ActionResult <LoginResponse> ChangePassword(PasswordChangeRequest request)
{
if (request == null)
{
return(BadRequest());
}
var id = long.Parse(User.HasClaim(c => c.Type == "id")
? User.Claims.First(c => c.Type == "id").Value
: "-1");
var lehrer = _context.Lehrer.Find(id);
if (lehrer == null)
{
return(NotFound());
}
using (var sha = SHA256.Create())
{
var hash = Convert.ToBase64String(sha.ComputeHash(Encoding.UTF8.GetBytes(request.oldPassword + SALT)));
if (lehrer.Password == hash)
{
lehrer.Password =
Convert.ToBase64String(sha.ComputeHash(Encoding.UTF8.GetBytes(request.newPassword + SALT)));
lehrer.PasswordGeaendert = true;
_context.Lehrer.Update(lehrer);
return(Ok(LoginResponse.FromTeacher(lehrer)));
}
return(Unauthorized());
}
}