public static ActionResult <UserModel> Execute(Guid webSessionId, PostVerifyUserType data, string connectionString) { try { using (var connection = new SqlConnection(connectionString)) { // create command object var command = new SqlCommand(); command.Connection = connection; command.Connection.Open(); // authenticate web session if (!WebSessionCheck.Check(webSessionId, connection, command)) { return(new UnauthorizedResult()); } // update user, set verified time to now and set verifier user id to given value command.CommandText = @$ " UPDATE users SET verified = GETDATE() , verifier_user_id = (SELECT users.id FROM users JOIN web_sessions ON users.id = web_sessions.user_id WHERE web_sessions.id = '{data.webSessionId}') WHERE username = '******' "; var rowsAffected = command.ExecuteNonQuery(); // if no rows affected, user was not updated if (rowsAffected != 1) { return(new BadRequestResult()); } // select updated user from database command.CommandText = @$ " SELECT * FROM users WHERE username = '******'
public ActionResult <UserModel> PostVerifyUser([FromHeader(Name = "X-websession")] Guid webSessionId, [FromBody] PostVerifyUserType data) { return(postVerifyUser.Execute(webSessionId, data, _configuration["ConnectionStrings:DefaultConnection"])); }