public User TryLogin([FromBody] LoginCredentials cred)
{
//User is trying to log in
try {
DBConnect databaseObj = new DBConnect();
SqlCommand commandObj = new SqlCommand();
commandObj.Parameters.Clear();
commandObj.CommandType = CommandType.StoredProcedure;
commandObj.CommandText = "TP_LookupUserRecord";
SqlParameter inputUsername = new SqlParameter("@username", cred.username)
{
Direction = ParameterDirection.Input,
SqlDbType = SqlDbType.VarChar
};
commandObj.Parameters.Add(inputUsername);
DataSet dsUser = databaseObj.GetDataSetUsingCmdObj(commandObj);
if (dsUser.Tables[0].Rows.Count > 0)
{
//
//We grab the record from the given username
//
//And compare the passwords using the CryptoUtilities class
//
DataRow drUserRecord = dsUser.Tables[0].Rows[0];
byte[] salt = (byte[])drUserRecord["salt"];
byte[] hashedPassword = (byte[])drUserRecord["password"];
if (CryptoUtilities.comparePassword(hashedPassword, salt, cred.password))
{
//
//If the password matches, we send the account back to the codebehind for storing in the session
//
User foundUser = new User();
foundUser.userID = drUserRecord["userID"].ToString();
foundUser.firstName = drUserRecord["firstName"].ToString();
foundUser.lastName = drUserRecord["lastName"].ToString();
foundUser.emailAddress = drUserRecord["emailAddress"].ToString();
if ((dsUser.Tables[1].Rows.Count > 0))
{
foundUser.seekingGender = dsUser.Tables[1].Rows[0]["seekingGender"].ToString();
}
foundUser.isVerified = drUserRecord["isVerified"].ToString();
foundUser.finishedRegistration = drUserRecord["finishedRegistration"].ToString();
//
//Here the token is generated and appended to the user account
//
foundUser.token = GenerateJSONWebToken();
return(foundUser);
}
else
{
return(null);
}
}
else
{
return(null);
}
}
catch
{
return(null);
}
}
