public async Task <User> Authenticate(AuthenticatingUser authUser, bool needsTokens = false, CancellationToken ct = default) { User user = await _context.Users .Include(u => u.UserAuthentication) .FirstOrDefaultAsync(u => u.UserName.ToLower() == authUser.AuthenticatorString.ToLower() || u.UserAuthentication.UserEmail.ToLower() == authUser.AuthenticatorString.ToLower()); if (user == null) { return(null); } if (!_hashingService.VerifyHash(user.UserAuthentication.UserPassHash, user.UserAuthentication.UserPassSalt, authUser.Password)) { return(null); } if (await _userService.GetFirstBanOfTypeIfAnyAsnc(user.UserUUID, 1, ct) is UserBan ub && ub != null) { throw new AuthenticationException($"User has received a global ban, ban expires: {ub.BanExpires:HH:mm:ss, dd/MM/yy}"); } user = await _userService.GetByIdAsync(user.UserUUID, ct); user.UserAuthTokens = needsTokens ? await _tokenService.GenerateInitialTokensForUserAsync(user.UserUUID) : null; return(user); }
[HttpPost("AuthenticateUser")] //Post request so we can upload a body public async Task <IActionResult> AuthenticateUser([FromBody] AuthenticatingUser usr) //expects authenticatinguser in body { User user = await new UserTasks().AuthenticateUser(usr); //Runs AuthenticateUser task if (user == null) { return(NotFound()); //returns not found (404) if the user is null } else { return(Ok(user)); //else, returns 200 with the user in json } }
public async Task <IActionResult> AuthenticateUser([FromBody] AuthenticatingUser authUser, bool needsTokens = true, CancellationToken ct = default) { //TODO: require email confirmation try { User user = await _authenticationService.Authenticate(authUser, needsTokens, ct); if (user == null) { return(NotFound("Invalid login attempt")); } return(Ok(user)); } catch (AuthenticationException ex) { return(BadRequest(ex.Message)); } }
public async Task <User> AuthenticateUser(AuthenticatingUser usr) { using (var conn = new MySqlConnection(connString)) { await conn.OpenAsync(); using (var cmd = new MySqlCommand($"SELECT UserId FROM user WHERE (UserName='******' AND UserPassHash='{usr.PassHash}')" + $" OR (UserEmail='{usr.Authenticator}' AND UserPassHash='{usr.PassHash}');", conn)) using (var reader = await cmd.ExecuteReaderAsync()) if (await reader.ReadAsync()) { return(await GetUserById(Convert.ToInt32(reader["userId"]))); } else { return(null); } } }