public IActionResult Create(string apiKey, [FromBody] JsonElement reqBody)
{
if (!api.validAPIKey(apiKey))
{
return(new UnauthorizedObjectResult("Invalid API key"));
}
// Validate that the POST request contains all necessary attributes to create a NEW Session and nothing more
Dictionary <string, object> req = JsonConvert.DeserializeObject <Dictionary <string, object> >(Convert.ToString(reqBody));
HashSet <string> reqAttributes = new HashSet <string>(req.Keys);
if (!reqAttributes.SetEquals(attributes))
{
return(BadRequest("Request body should contain exactly {usernameoremail, password}"));
}
Session sess = null;
var jwt = generateJwtToken(Convert.ToString(req["usernameoremail"]));
// Create the Session with the given variables using the POST payload
try
{
UserAccount user = uas.getUsingUsername(Convert.ToString(req["usernameoremail"]));
if (user == null) // if user is not found using username, try with email
{
user = uas.getUsingEmail(Convert.ToString(req["usernameoremail"]));
}
// create a new session with jwttoken, user.accountid, user.accountusername, user.emailaddress
sess = new Session(
// removed sessionid out of session creation because new id is assigned in sessionservice
jwtToken: jwt,
accID: user.AccountID,
userName: user.AccountUsername,
email: user.EmailAddress
//date: convert.todatetime(req["dateissued"])
);
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
return(BadRequest());
}
// Calls login function for SessionService
switch (ss.Login(Convert.ToString(req["usernameoremail"]), Convert.ToString(req["password"]), jwt))
{
case 1:
return(api.serveErrorMsg("User not found."));
case 2:
return(api.serveErrorMsg("Incorrect Password"));
default:
//return new OkObjectResult($"Login session created for {Convert.ToString(req["usernameoremail"])}");
return(api.serveJson(ss.getJSON(sess)));
}
}
public IActionResult Create(string apiKey, [FromBody] JsonElement reqBody)
{
if (!api.validAPIKey(apiKey))
{
return(new UnauthorizedObjectResult("Invalid API key"));
}
// Validate that the POST request contains all necessary attributes to create a NEW Account and nothing more
Dictionary <string, object> req = JsonConvert.DeserializeObject <Dictionary <string, object> >(Convert.ToString(reqBody));
HashSet <string> reqAttributes = new HashSet <string>(req.Keys);
if (!reqAttributes.SetEquals(attributes))
{
return(BadRequest("Request body should contain exactly { AccountUsername, EmailAddress, Password }"));
}
UserAccount acc = null;
// Create the Account with the given accID using the POST payload
try
{
acc = new UserAccount(
// Removed AccountID out of UserAccount creation because new account ID is assigned in UserAccountService
//AccountID: accID,
username: Convert.ToString(req["AccountUsername"]),
email: Convert.ToString(req["EmailAddress"]),
pass: Convert.ToString(req["Password"])
//passSalt: null // TODO: Fix
// Removed byte[] passSalt from constructor because it gets generated in UserAccountService
);
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
return(BadRequest());
}
// Validate username, email, password strength
switch (uas.write(acc))
{
case 1:
return(api.serveErrorMsg("Invalid or already taken email address"));
case 2:
return(api.serveErrorMsg("Username already taken"));
case 3:
return(api.serveErrorMsg("Password too weak"));
default:
return(new OkObjectResult($"Account {acc.AccountUsername} successfully registered"));
}
}