public async Task LoginUserAsync(LoginDto dto) { HttpContext context = _httpContextAccessor.HttpContext; if (context.User.Identity.IsAuthenticated) { throw HttpError.Forbidden("User is still authenticated"); } if (dto.Name == null || dto.Password == null) { throw HttpError.InternalServerError("Username or password is null"); } User user = (await _userRepository.Find(x => x.Name == dto.Name)).FirstOrDefault(); if (user == null) { throw HttpError.Unauthorized("Wrong username or password"); } string savedPasswordHash = (await _hashRepository.Get(user.Id))?.PasswordHash; if (savedPasswordHash == null) { throw HttpError.InternalServerError("User has no password"); } if (!HashHelpers.CheckPasswordWithHash(dto.Password, savedPasswordHash)) { throw HttpError.Unauthorized("Wrong username or password"); } string[] roles = user.CredentialLevel.GetAllPossibleRoles(); List <Claim> claims = new List <Claim> { new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.NameIdentifier, user.Name) }; claims.AddRange(roles.Select(x => new Claim(ClaimTypes.Role, x))); var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); var principal = new ClaimsPrincipal(identity); var authProperties = new AuthenticationProperties { AllowRefresh = true, ExpiresUtc = DateTimeOffset.Now.AddDays(1), IsPersistent = dto.RememberMe }; await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, authProperties); }
public async Task Update(string id, UpdatePostDto dto) { User user = await _sessionService.GetUser(); Validate("modify", dto.Content, dto.Title, user); Post post = await _postRepository.GetById(id); if (post == null) { _logger.LogWarning($"Post {id} does not exist"); throw HttpError.NotFound($"Post {id} does not exist"); } if (post.AuthorId != user.Id) { _logger.LogWarning($"Post {id} does not belong to user"); throw HttpError.Forbidden($"Post {id} does not belong to user"); } post.Title = dto.Title; post.Content = dto.Content; post.LastUpdateTime = DateTime.Now; post.Tags = TagHelpers.GetTagsFromText(dto.Content); bool success = await _postRepository.Update(post); if (!success) { _logger.LogWarning("Error during update post"); throw HttpError.InternalServerError(""); } await _tagRepository.Create(post.Tags.Select(x => new Tag { Name = x, PostsNumber = 1 }).ToArray()); _logger.LogInformation("Tags have been added"); }
public async Task Update(string commentId, string id, UpdateResponseDto dto) { User user = await _sessionService.GetUser(); Validate("modify", dto.Content, user); Response response = await _responseRepository.GetById(id); if (response == null) { _logger.LogWarning($"Response {id} does not exist"); throw HttpError.NotFound($"Response {id} does not exist"); } if (response.CommentId != commentId) { throw HttpError.NotFound(""); } if (response.AuthorId != user.Id) { _logger.LogWarning($"Response {id} does not belong to user"); throw HttpError.Forbidden($"Response {id} does not belong to user"); } response.Content = dto.Content; response.LastUpdateTime = DateTime.Now; bool success = await _responseRepository.Update(response); if (!success) { _logger.LogWarning("Error during update response"); throw HttpError.InternalServerError(""); } }
public async Task Update(string postId, string id, UpdateCommentDto dto) { User user = await _sessionService.GetUser(); Validate("modify", dto.Content, user); Comment comment = await _commentRepository.GetById(id); if (comment == null) { _logger.LogWarning($"Comment {id} does not exist"); throw HttpError.NotFound($"Comment {id} does not exist"); } if (comment.PostId != postId) { throw HttpError.NotFound(""); } if (comment.AuthorId != user.Id) { _logger.LogWarning($"Comment {id} does not belong to user"); throw HttpError.Forbidden($"Comment {id} does not belong to user"); } comment.Content = dto.Content; comment.LastUpdateTime = DateTime.Now; bool success = await _commentRepository.Update(comment); if (!success) { _logger.LogWarning("Error during update comment"); throw HttpError.InternalServerError(""); } }