public IActionResult Login(LoginRegFormModel userVM)
{
if (TryValidateModel(userVM.loginVM))
{
try
{
// Entity PostGres Code First command
// retrieve user by submitted username
User logging_user = _context.Users.SingleOrDefault(user => user.Email == userVM.loginVM.Email);
// salt the submitted password and hash
string SaltedPasswd = userVM.loginVM.Password + logging_user.Salt;
var Hasher = new PasswordHasher <User>();
if (0 != Hasher.VerifyHashedPassword(logging_user, logging_user.Password, SaltedPasswd))
{
// the passwords match!
HttpContext.Session.SetInt32(LOGGED_IN_ID, logging_user.UserId);
HttpContext.Session.SetString(LOGGED_IN_USERNAME, userVM.loginVM.Email);
HttpContext.Session.SetString(LOGGED_IN_FIRSTNAME, logging_user.FirstName);
return(RedirectToAction("Index"));
}
// else (password failed) -- place error in ModelState below
AddLoginError();
}
catch (Exception ex)
{
// the username and password combination were not found
AddLoginError();
}
}
// if login was not successful, return to index with errors exported in modelstate
TempData["login_errors"] = true;
return(RedirectToAction("Index"));
}
public IActionResult Register(LoginRegFormModel userVM)
{
if (TryValidateModel(userVM.registerVM))
{
// model validated correctly --> success
// confirm that a user does not exist with the selected username
try
{
// Dapper connection commands
// User testUser = userFactory.FindByUsername(userVM.registerVM.Username);
// Entity PostGres Code First command
User testUser = _context.Users.SingleOrDefault(user => user.Email == userVM.registerVM.Email);
if (testUser != null)
{
// the username currently exists in the database
string key = "Username";
string errorMessage = "This username already exists. Please select another or login.";
ModelState.AddModelError(key, errorMessage);
TempData["errors"] = true;
return(RedirectToAction("LandingPage"));
}
}
catch
{
// if username was not found - do nothing and proceed
}
// confirm that a user does not exist with the selected email
try
{
// Dapper connection commands
// User testUser = userFactory.FindByEmail(userVM.registerVM.Email);
// Entity PostGres Code First command
User testUser = _context.Users.SingleOrDefault(user => user.Email == userVM.registerVM.Email);
if (testUser != null)
{
// the email currently exists in the database
string key = "Email";
string errorMessage = "This email address already exists. Please select another or login.";
ModelState.AddModelError(key, errorMessage);
TempData["errors"] = true;
return(RedirectToAction("Index"));
}
}
catch
{
// if email was not found - do nothing and proceed
}
// Dapper factory command
// userFactory.Add(userVM.registerVM);
// Entity PostGres Code First command
User NewUser = new User(userVM.registerVM);
// generate a 128-bit salt using a secure PRNG
byte[] newSalt = new byte[128 / 8];
using (var rng = RandomNumberGenerator.Create())
{
rng.GetBytes(newSalt);
}
string newSaltString = Convert.ToBase64String(newSalt);
NewUser.Salt = newSaltString;
// hash password
string SaltedPasswd = NewUser.Password + newSaltString;
PasswordHasher <User> Hasher = new PasswordHasher <User>();
NewUser.Password = Hasher.HashPassword(NewUser, SaltedPasswd);
_context.Users.Add(NewUser);
_context.SaveChanges();
string userSerialized = JsonConvert.SerializeObject(userVM.registerVM);
TempData["user"] = (string)userSerialized;
// store user id, first name, and username in session
// run query to gather id number generated by the database
// Dapper connection command
// User NewUser = userFactory.FindByUsername(userVM.registerVM.Username);
// Entity PostGres Code First command
User UserFromDb = _context.Users.SingleOrDefault(user => user.Email == userVM.registerVM.Email);
// login to the application
HttpContext.Session.SetInt32(LOGGED_IN_ID, UserFromDb.UserId);
HttpContext.Session.SetString(LOGGED_IN_USERNAME, UserFromDb.Email);
HttpContext.Session.SetString(LOGGED_IN_FIRSTNAME, UserFromDb.FirstName);
return(RedirectToAction("Index"));
}
// model did not validate correctly --> show errors to user
TempData["errors"] = true;
return(RedirectToAction("Index"));
}
