public IActionResult /*UserViewData*/ Login([FromBody] LoginData login_data)
{
var item = _context.User.FirstOrDefault(t => t.Username == login_data.Username || t.Email == login_data.Email);
if (item != null)
{
var last_login_attempt = item.LastLoginAttempt;
item.LastLoginAttempt = DateTime.Now;
_context.Update(item);
_context.SaveChanges();
if (login_data.Password != null && (last_login_attempt != null || (DateTime.Now - last_login_attempt).TotalSeconds > 3))
{
if (PasswordHasher.CheckHash(login_data.Password, new PasswordAndSalt()
{
PasswordHash = item.PasswordHash, PasswordSalt = item.PasswordSalt
}))
{
HttpContext.Login <LoggableEntities, User>(env, _context, "User", item, new LoggableEntities()
{
User = item
});
return(Ok(UserViewData.FromUser(item)));
}
}
}
return(Unauthorized());
}
public IActionResult Update([FromBody] American item)
{
var session = HttpContext.Get <LoggableEntities>(_context);
var current_User = session == null ? null : session.User;
var current_Admin = session == null ? null : session.Admin;
var allowed_items = ApiTokenValid ? _context.American : _context.American;
if (!allowed_items.Any(i => i.Id == item.Id))
{
return(Unauthorized());
}
var new_item = item;
var can_edit_by_token = ApiTokenValid || true;
if (item == null || !can_edit_by_token)
{
return(Unauthorized());
}
// throw new Exception("Unauthorized edit attempt");
_context.Update(new_item);
_context.Entry(new_item).Property(x => x.CreatedDate).IsModified = false;
_context.SaveChanges();
return(Ok());
}