public async Task <IActionResult> Register(RegisterViewModel model)
{
if (ModelState.IsValid)
{
//check password with confirmpassword
//check user name already!!!!!
var saltPassword = Guid.NewGuid().ToString();
var hashPassword = EncyrptionUtility.GenerateHashWithSalt(model.Password, saltPassword); //EncyrptionUtility.HashSHA256($"{saltPassword}{model.Password}");
var user = new Users
{
CreateDate = DateTime.Now,
Id = Guid.NewGuid(),
IsActive = true,
UserName = model.UserName,
PasswordSalt = saltPassword,
Password = hashPassword
};
await _context.AddAsync(user);
await _context.SaveChangesAsync();
return(RedirectToAction("Login"));
}
return(View(model));
}
public async Task <IActionResult> Login(string userName, string password)
{
var user = _context.Users.SingleOrDefault(q => q.UserName == userName);
if (user == null)
{
return(BadRequest("invalid username & password"));
}
var hashPassword = EncyrptionUtility.GenerateHashWithSalt(password, user.PasswordSalt);
if (user.Password != hashPassword)
{
return(BadRequest("invalid username & password"));
}
var refreshToken = GenerateNewRefreshToken();
//step 1 : invalid user refresh token
//step 2 : insert new refreshtoken in db
var userToken = new UserTokens
{
CreateDate = DateTime.Now,
ExpireDate = DateTime.Now.AddMinutes(_tokenTimeOut),
IsValid = true,
RefreshToken = refreshToken,
UserId = user.Id
};
await _context.AddAsync(userToken);
await _context.SaveChangesAsync();
var model = new LoginViewModel
{
FirstName = user.UserName,
LastName = "Rezaei",
Token = GenerateNewToken(user.Id.ToString()),
RefreshToken = refreshToken
};
return(Ok(model));
}