public Customers Login([FromBody] Customers customer) { Customers returnCust = null; PasswordHasher.PasswordHasher hasher = new PasswordHasher.PasswordHasher(); using (SqlConnection conn = new SqlConnection(_dbOptions.Value.ConnectionString)) { try { conn.Open(); string sql = "SELECT Password, PasswordSalt FROM Customers WHERE Email = @Email AND IsActive = 1;"; var result = conn.Query(sql, new { customer.Email }).FirstOrDefault(); if (result != null) { if (hasher.VerifyPassword(customer.Password, result.PasswordSalt, result.Password)) { string getSql = "SELECT * FROM Customers WHERE Email = @Email AND IsActive = 1;"; returnCust = conn.Query <Customers>(getSql, new { customer.Email }).FirstOrDefault(); } } } catch (SqlException exc) { Console.WriteLine(exc.Message); } } return(returnCust); }
public Customers NewUser([FromBody] Customers customer) { Customers newCustomer = customer; Customers returnCustomer = null; PasswordHasher.PasswordHasher hasher = new PasswordHasher.PasswordHasher(); newCustomer.PasswordSalt = hasher.RandomSalt; newCustomer.Password = hasher.GenerateSaltedHash(newCustomer.Password); using (SqlConnection conn = new SqlConnection(_dbOptions.Value.ConnectionString)) { try { conn.Open(); string sql = "INSERT INTO Customers (LoginName, Email, PhoneNumber, Password, PasswordSalt, RegisteredDate)" + "VALUES(@loginName, @email, @phoneNumber, @password, @passwordSalt, @registeredDate)"; conn.Execute(sql, new { loginName = newCustomer.LoginName, email = newCustomer.Email, phoneNumber = newCustomer.PhoneNumber, password = newCustomer.Password, passwordSalt = newCustomer.PasswordSalt, registeredDate = DateTime.Now }); } catch (SqlException exc) { Console.WriteLine(exc.Message); } string getCustomer = "SELECT * FROM Customers WHERE LoginName = @LoginName AND Email = @Email;"; returnCustomer = conn.Query <Customers>(getCustomer, new { newCustomer.LoginName, newCustomer.Email }).FirstOrDefault(); } _client.IndexDocument <Customers>(returnCustomer); return(returnCustomer); }