public async Task <IActionResult> SignIn(string login, string password)
{
if (string.IsNullOrEmpty(login) || string.IsNullOrEmpty(password))
{
return(BadRequest("Login or password is empty"));
}
if (!LoginValidateRegex.IsMatch(login))
{
return(BadRequest("Bad login"));
}
using (await AsyncLockPool.GetLockObject(login).AcquireAsync(HttpContext.RequestAborted))
{
var user = await UserManager.FindAsync(login);
if (user == null || !CryptographicOperations.FixedTimeEquals(Encoding.UTF8.GetBytes(user.Password), Encoding.UTF8.GetBytes(password)))
{
return(StatusCode(403, "No such user or invalid password"));
}
await SignInAsync(login);
}
return(Ok("Ok"));
}
public async Task <IActionResult> SignUp(string login, string name, string password)
{
if (string.IsNullOrEmpty(login) || string.IsNullOrEmpty(password) || string.IsNullOrEmpty(name))
{
return(BadRequest("Login or password or name is empty"));
}
if (!LoginValidateRegex.IsMatch(login))
{
return(BadRequest("Bad login"));
}
if (name.Length > MaxFieldLength || password.Length > MaxFieldLength)
{
return(BadRequest("Field too long"));
}
using (await AsyncLockPool.GetLockObject(login).AcquireAsync(HttpContext.RequestAborted))
{
if (await UserManager.FindAsync(login) != null)
{
return(Conflict("User already exists"));
}
if (HttpContext.RequestAborted.IsCancellationRequested)
{
return(BadRequest("Cancelled"));
}
var key = new byte[16];
RandomNumberGenerator.Fill(key);
var user = new User {
Login = login, Name = name, Password = password, Key = key
};
await UserManager.AddAsync(user);
await SignInAsync(login);
}
return(Ok("Ok"));
}