public IActionResult Login(LoginPayload payload)
{
if (!_db.StudentExists(payload.IndexNumber))
{
return(Unauthorized("User not found"));
}
var SecurityData = _db.GetStudentSecurityData(payload.IndexNumber);
Console.WriteLine(SecurityData.PasswordHash);
if (String.IsNullOrEmpty(SecurityData.PasswordHash))
{
var Salt = HashingService.GenerateSalt();
_db.UpdatePassword(
payload.IndexNumber,
Salt,
HashingService.Hash(payload.PlainPassword, Salt)
);
}
else if (!HashingService.Check(
payload.PlainPassword,
SecurityData.Salt,
SecurityData.PasswordHash
))
{
return(Unauthorized("Wrong password"));
}
var RefreshToken = Guid.NewGuid();
_db.UpdateRefreshToken(payload.IndexNumber, RefreshToken.ToString());
return(Ok(new
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(_security.GenerateToken(
payload.IndexNumber,
SecurityData.Role
)),
RefreshToken = RefreshToken
}));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseMiddleware <LoggingMiddleware>();
app.Use(async(context, next) =>
{
if (!context.Request.Headers.ContainsKey("Index"))
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
await context.Response.WriteAsync("Brak indexu w nagłówku");
return;
}
string IndexNumber = context.Request.Headers["Index"].ToString();
SqlServerDbService db = (SqlServerDbService)app.ApplicationServices.GetService(typeof(SqlServerDbService));
if (!db.StudentExists(IndexNumber))
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
await context.Response.WriteAsync("Student o indexie podanym w nagłówku nie istnieje w bazie");
return;
}
await next();
});
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
}