public IActionResult Login(StudentLoginDto userLoginDTO)
{
var user = _authRepository.Login(userLoginDTO.Username.ToLower(), userLoginDTO.Password);
if (user == null)
{
return(Unauthorized());
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Name, user.Username),
new Claim(ClaimTypes.Role, user.Role)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value));
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddHours(3),
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature)
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return(Ok(new
{
token = tokenHandler.WriteToken(token)
}));
}
private async Task <StudentReturnDto> AuthenticateStudent(StudentLoginDto loginCreds)
{
var password = Helper.ComputeHash(loginCreds.Password);
var studentsWithEmail = _context.Students
.AsNoTracking()
.Include(s => s.Speciality)
.Where(t => t.Email.ToLower() == loginCreds.Email.ToLower());
foreach (var student in studentsWithEmail)
{
if (Helper.Equals(student.Password, password))
{
var currentCourses = await _context.CurrentCourseStudents
.AsNoTracking()
.Include(cs => cs.Course)
.Where(c => c.StudentId == student.Id)
.Select(cs => new CourseReturnDto()
{
Id = cs.Course.Id,
Name = cs.Course.Name,
AbsenceLimit = cs.Course.AbsenceLimit,
Credit = cs.Course.Credit,
SyllabusPath = cs.Course.SyllabusPath
}).ToListAsync();
var studentReturn = new StudentReturnDto()
{
Id = student.Id,
CurrentCourses = currentCourses,
Details = student.Details,
Email = student.Email,
Gender = student.Gender,
Name = student.Name,
SpecialityId = student.SpecialityId,
SpecialityName = student.Speciality.Name,
RegisterStatus = student.RegisterStatus
};
return(studentReturn);
}
}
return(null);
}
public async Task <IActionResult> PostLoginStudent(StudentLoginDto loginDto)
{
if (!ModelState.IsValid)
{
return(RedirectToAction(
actionName: "GetLoginStudent",
routeValues: new { error = "Invalid login credentials." }
));
}
var result = await _repo.LoginStudent(loginDto);
if (result.IsSuccess)
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, result.Content.Id.ToString()),
new Claim(ClaimTypes.Name, result.Content.Name),
new Claim(ClaimTypes.Email, result.Content.Email),
new Claim(ClaimTypes.Role, "student")
};
var identity = new ClaimsIdentity(
claims,
CookieAuthenticationDefaults.AuthenticationScheme
);
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(principal);
return(RedirectToAction("GetProfile"));
}
return(RedirectToAction(
"GetLoginStudent",
routeValues: new { error = result.Message }
));
}
public async Task <RepoResponse <StudentReturnDto> > LoginStudent(StudentLoginDto loginCreds)
{
var student = await AuthenticateStudent(loginCreds);
if (student == null)
{
var failResponse = new RepoResponse <StudentReturnDto>()
{
IsSuccess = false,
Message = _config["ErrorCodes:login"]
};
return(failResponse);
}
if (student.RegisterStatus != RegistrationStatus.Approved)
{
return(new RepoResponse <StudentReturnDto>()
{
IsSuccess = false,
Message = _config["ErrorCodes:reg_status"],
Content = student
});
}
var token = GenerateToken(student.Id, student.Email, "student");
var response = new RepoResponse <StudentReturnDto>()
{
IsSuccess = true,
Content = student,
//Message = token (token based auth)
Message = _config["SuccessCodes:login"]
};
return(response);
}
public Task <RepoResponse <bool> > DeleteStudent(StudentLoginDto creds)
{
throw new System.NotImplementedException();
}
