public IActionResult UserLogin([FromBody] UserLoginDetails userLoginDetails)
{
//int queryResult = -1; //Set query result to fail.
string connectionString = Configuration["ConnectionStrings:DefaultConnectionString"];
string password = "";
//Create user
var user = new CurrentUserDetails();
using (SqlConnection connection = new SqlConnection(connectionString))
{
//Create the SQL command and set type to stored procedure.
SqlCommand command = new SqlCommand("User_Login", connection);
command.CommandType = System.Data.CommandType.StoredProcedure;
//Set the parameters for the command.
command.Parameters.AddWithValue("@username", userLoginDetails.Username);
connection.Open();
//Execute the query and store the result
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
user.UserID = reader.GetInt32(reader.GetOrdinal("UserID"));
user.Username = reader.GetString(reader.GetOrdinal("Username"));
password = reader.GetString(reader.GetOrdinal("Password"));
user.UserRole = reader.GetString(reader.GetOrdinal("Role"));
user.Firstname = reader.GetString(reader.GetOrdinal("Firstname"));
user.Surname = reader.GetString(reader.GetOrdinal("Surname"));
user.GroupID = reader.GetInt32(reader.GetOrdinal("GroupID"));
}
reader.Close();
}
else
{
return(BadRequest("Login credentials invalid"));
}
}
connection.Close();
}
bool passwordsMatch = VerifyPasswordHashAndSalt(userLoginDetails.Password, password);
// Check Error
if (!passwordsMatch)
{
//FAIL
//Return bad request.
return(BadRequest("Login credentials invalid"));
}
//Get user JWT
user.JWT = CreateJWT(user.UserID, user.Username, user.UserRole);;
//Return OK result with user
return(Ok(new
{
user
}));
}
public IActionResult VerifyJWT([FromBody] string jsonWebTokenString)//Might need different type.
{
//Get secret key from appsettings.json.
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT:SecretKey"]));
//Set token validation parameters.
var tokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = secretKey,
ValidAudience = Configuration["JWT:ValidAudience"],
ValidIssuer = Configuration["JWT:ValidIssuer"],
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
//var tokenValidationParameters = GetValidationParameters();
//Generate claims principal.
SecurityToken securityToken;
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal();
try {
claimsPrincipal = new JwtSecurityTokenHandler().ValidateToken(jsonWebTokenString, tokenValidationParameters, out securityToken);
}
catch
{
return(BadRequest("Invalid JWT"));
}
if (claimsPrincipal == null)
{
return(BadRequest("Invalid JWT"));
}
//Generate claims identity.
ClaimsIdentity identity = (ClaimsIdentity)claimsPrincipal.Identity;
if (identity == null)
{
return(BadRequest("Invalid JWT"));
}
int userID = Int32.Parse(identity.FindFirst("UserID").Value);
string connectionString = Configuration["ConnectionStrings:DefaultConnectionString"];
//Create user
var user = new CurrentUserDetails();
using (SqlConnection connection = new SqlConnection(connectionString))
{
//Create the SQL command and set type to stored procedure.
SqlCommand command = new SqlCommand("User_GetByID", connection);
command.CommandType = System.Data.CommandType.StoredProcedure;
//Set the parameters for the command.
command.Parameters.AddWithValue("@userID", userID);
connection.Open();
//Execute the query and store the result
using (SqlDataReader reader = command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
user.UserID = reader.GetInt32(reader.GetOrdinal("UserID"));
user.Username = reader.GetString(reader.GetOrdinal("Username"));
user.UserRole = reader.GetString(reader.GetOrdinal("Role"));
user.Firstname = reader.GetString(reader.GetOrdinal("Firstname"));
user.Surname = reader.GetString(reader.GetOrdinal("Surname"));
user.GroupID = reader.GetInt32(reader.GetOrdinal("GroupID"));
}
reader.Close();
}
else
{
return(BadRequest("Could not find matching user."));
}
}
connection.Close();
}
//Get user JWT
user.JWT = CreateJWT(user.UserID, user.Username, user.UserRole);
//Return OK result with user
return(Ok(new
{
user
}));
}
