public async Task <ActionResult <UserIdentifiedDTO> > Login([FromBody] UserLoginDTO userRegisterDTO)
{
string username = userRegisterDTO.Username;
string password = userRegisterDTO.Password;
Models.Account accountToFind = _smallPostersContext.Accounts.FirstOrDefault(a => a.Username == username);
if (accountToFind == null)
{
return(StatusCode(StatusCodes.Status401Unauthorized));
}
string passwordHash = HashPair.Generate(password, accountToFind.Salt);
if (accountToFind.PasswordHash == passwordHash)
{
string authTokenString = HashPair.Generate(TokenGenerator.GetUniqueKey(TokenSize), accountToFind.Salt);
string hashedAuthTokenString = HashPair.Generate(authTokenString, accountToFind.Salt);
Models.AuthToken authToken = new Models.AuthToken(hashedAuthTokenString, accountToFind);
_smallPostersContext.AuthTokens.Add(authToken);
await _smallPostersContext.SaveChangesAsync();
return(new UserIdentifiedDTO {
Username = username, AuthToken = authTokenString, IsAdmin = accountToFind.IsAdmin
});
}
else
{
return(StatusCode(StatusCodes.Status401Unauthorized));
}
}
public ActionResult <UserIdentifiedDTO> Register([FromBody] UserRegisterDTO userRegisterDTO)
{
string username = userRegisterDTO.Username;
string password = userRegisterDTO.Password;
if (_smallPostersContext.Accounts.Any(a => a.Username == username))
{
return(StatusCode(StatusCodes.Status409Conflict));
}
Models.Account accountToAdd = new Models.Account(username, password, false);
_smallPostersContext.Accounts.Add(accountToAdd);
_smallPostersContext.SaveChanges();
string authTokenString = HashPair.Generate(TokenGenerator.GetUniqueKey(TokenSize), accountToAdd.Salt);
string hashedAuthTokenString = HashPair.Generate(authTokenString, accountToAdd.Salt);
Models.AuthToken authToken = new Models.AuthToken(hashedAuthTokenString, accountToAdd);
_smallPostersContext.AuthTokens.Add(authToken);
_smallPostersContext.SaveChanges();
return(new UserIdentifiedDTO {
Username = username, AuthToken = authTokenString, IsAdmin = accountToAdd.IsAdmin
});
}