public IActionResult Login(LoginPayload payload) { if (!_db.StudentExists(payload.IndexNumber)) { return(Unauthorized("User not found")); } var SecurityData = _db.GetStudentSecurityData(payload.IndexNumber); Console.WriteLine(SecurityData.PasswordHash); if (String.IsNullOrEmpty(SecurityData.PasswordHash)) { var Salt = HashingService.GenerateSalt(); _db.UpdatePassword( payload.IndexNumber, Salt, HashingService.Hash(payload.PlainPassword, Salt) ); } else if (!HashingService.Check( payload.PlainPassword, SecurityData.Salt, SecurityData.PasswordHash )) { return(Unauthorized("Wrong password")); } var RefreshToken = Guid.NewGuid(); _db.UpdateRefreshToken(payload.IndexNumber, RefreshToken.ToString()); return(Ok(new { AccessToken = new JwtSecurityTokenHandler().WriteToken(_security.GenerateToken( payload.IndexNumber, SecurityData.Role )), RefreshToken = RefreshToken })); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseMiddleware <LoggingMiddleware>(); app.Use(async(context, next) => { if (!context.Request.Headers.ContainsKey("Index")) { context.Response.StatusCode = StatusCodes.Status401Unauthorized; await context.Response.WriteAsync("Brak indexu w nagłówku"); return; } string IndexNumber = context.Request.Headers["Index"].ToString(); SqlServerDbService db = (SqlServerDbService)app.ApplicationServices.GetService(typeof(SqlServerDbService)); if (!db.StudentExists(IndexNumber)) { context.Response.StatusCode = StatusCodes.Status401Unauthorized; await context.Response.WriteAsync("Student o indexie podanym w nagłówku nie istnieje w bazie"); return; } await next(); }); app.UseHttpsRedirection(); app.UseRouting(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); }