public IActionResult Login(LoginPayload payload)
{
if (!_db.StudentExists(payload.IndexNumber))
{
return(Unauthorized("User not found"));
}
var SecurityData = _db.GetStudentSecurityData(payload.IndexNumber);
Console.WriteLine(SecurityData.PasswordHash);
if (String.IsNullOrEmpty(SecurityData.PasswordHash))
{
var Salt = HashingService.GenerateSalt();
_db.UpdatePassword(
payload.IndexNumber,
Salt,
HashingService.Hash(payload.PlainPassword, Salt)
);
}
else if (!HashingService.Check(
payload.PlainPassword,
SecurityData.Salt,
SecurityData.PasswordHash
))
{
return(Unauthorized("Wrong password"));
}
var RefreshToken = Guid.NewGuid();
_db.UpdateRefreshToken(payload.IndexNumber, RefreshToken.ToString());
return(Ok(new
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(_security.GenerateToken(
payload.IndexNumber,
SecurityData.Role
)),
RefreshToken = RefreshToken
}));
}