Implemented register request, made login require correct password, removed create user request, brought back Roles.cs and moved roles constants to UserRoles, fixed authorization in UserController

7 files changed, 54 insertions, 21 deletions

diff --git a/API/Controllers/UserController.cs b/API/Controllers/UserController.cs
index 8618c1b..fd94283 100644
--- a/API/Controllers/UserController.cs
+++ b/API/Controllers/UserController.cs
@@ -10,7 +10,6 @@ using Microsoft.Extensions.Configuration;
 
 namespace API.Controllers
 {
-	[Authorize]
 	[ApiController]
 	[Route("/api/[controller]")]
 	public class UserController: ControllerBase
@@ -22,25 +21,22 @@ namespace API.Controllers
 			this._service = new UserService(context, mapper, configuration.GetSection("AppSettings"));
 		}
 
-		[AllowAnonymous]
 		[HttpPost]
 		[Route("login")]
-		public async Task<IActionResult> Login([FromBody] UserDTO userDTO)
+		public async Task<IActionResult> Login([FromBody] LoginDTO loginDTO)
 		{
-			return await this._service.LoginUser(userDTO);
+			return await this._service.LoginUser(loginDTO);
 		}
 
-		//Create
-		[AllowAnonymous]
 		[HttpPost]
-		public async Task<IActionResult> Create([FromBody] UserDTO userDTO)
+		[Route("register")]
+		public async Task<IActionResult> Register([FromBody] RegisterDTO registerDto)
 		{
-			return await this._service.CreateUser(userDTO);
+			return await this._service.RegisterUser(registerDto);
 		}
 
 		//Read
 		[HttpGet]
-		[Authorize(Roles = UserRoles.Admin)] // Functionality, only for testing purposes
 		public async Task<IActionResult> GetById(int id)
 		{
 			return await this._service.GetUserById(id);
@@ -48,13 +44,15 @@ namespace API.Controllers
 
 		//Update
 		[HttpPut]
+		[Authorize]
 		public async Task<IActionResult> Update(int id, [FromBody] UserDTO userDTO)
 		{
 			return await this._service.UpdateUser(id, userDTO);
 		}
 
 		//Delete
-		[HttpDelete] 
+		[HttpDelete]
+	   	[Authorize]	
 		public async Task<IActionResult> Delete(int id)
 		{
 			return await this._service.DeleteUser(id);
diff --git a/API/Service/UserService.cs b/API/Service/UserService.cs
index 8e1ba38..c3bf160 100644
--- a/API/Service/UserService.cs
+++ b/API/Service/UserService.cs
@@ -27,9 +27,9 @@ namespace API.Service
 			this._appSettings = appSettings;
 		}
 
-		public async Task<IActionResult> LoginUser(UserDTO userDTO)
+		public async Task<IActionResult> LoginUser(LoginDTO loginDTO)
 		{
-			User user = this._userDbRepository.FindByUsername(userDTO.UserName);
+			User user = this._userDbRepository.FindByUsername(loginDTO.UserName);
 
 			if (user == null)
 				return new NotFoundObjectResult("User does not exist!");
@@ -37,6 +37,9 @@ namespace API.Service
 			// Get key from appsettings.json
 			var key = Encoding.ASCII.GetBytes(_appSettings.GetSection("Secret").Value);  
 
+			if (user.PasswordHash != GeneratePasswordHash(loginDTO.Password))
+				return new BadRequestObjectResult("Incorrect password!");
+
 			// Create Jwt Token configuration
 			var tokenHandler = new JwtSecurityTokenHandler();
             var tokenDescriptor = new SecurityTokenDescriptor
@@ -56,22 +59,27 @@ namespace API.Service
 			return new OkObjectResult(tokenString);
 		}
 
-
-		public async Task<IActionResult> CreateUser(UserDTO userDTO)
+		public async Task<IActionResult> RegisterUser(RegisterDTO registerDTO)
 		{
-			if (this._userDbRepository.DoesUsernameExist(userDTO.UserName))
+
+			if (this._userDbRepository.DoesUsernameExist(registerDTO.UserName))
 				return new BadRequestObjectResult("Username already exists!");
 
-			User user = this._userMapper.Map<User>(userDTO);
+			User user = this._userMapper.Map<User>(registerDTO);
 
-			if (user.Role == null)
-				user.Role = UserRoles.User;
+			user.Role = UserRoles.User;
+			user.PasswordHash = GeneratePasswordHash(registerDTO.Password);
 
 			await this._userDbRepository.AddAsync(user);
 
 			return new CreatedResult("CreateUser", user);
 		}
 
+		private string GeneratePasswordHash(string password)
+		{
+			return password; // TEMPORARY!
+		}
+
 		public async Task<IActionResult> GetUserById(int id) 
 		{
 			User user = await this._userDbRepository.FindByIdAsync(id);
diff --git a/Data/Models/Classes/Roles.cs b/Data/Models/Classes/Roles.cs
new file mode 100644
index 0000000..da35bb0
--- /dev/null
+++ b/Data/Models/Classes/Roles.cs
@@ -0,0 +1,9 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace Data.Models.Classes
+{
+	public class Roles : IdentityRole<int>
+	{
+		
+	}
+}
diff --git a/Data/Models/Classes/UserRoles.cs b/Data/Models/Classes/UserRoles.cs
index 32e9bfd..5f7c87a 100644
--- a/Data/Models/Classes/UserRoles.cs
+++ b/Data/Models/Classes/UserRoles.cs
@@ -1,8 +1,6 @@
-using Microsoft.AspNetCore.Identity;
-
 namespace Data.Models.Classes
 {
-	public class UserRoles : IdentityRole<int>
+	public class UserRoles : Roles
 	{
 		public const string User = "User";
 		public const string Admin = "Admin";
diff --git a/Data/Models/DTOs/LoginDTO.cs b/Data/Models/DTOs/LoginDTO.cs
new file mode 100644
index 0000000..16141e4
--- /dev/null
+++ b/Data/Models/DTOs/LoginDTO.cs
@@ -0,0 +1,8 @@
+namespace Data.Models.DTOs
+{
+	public class LoginDTO
+	{
+		public string UserName { get; set; }
+		public string Password { get; set; }
+	}
+}
diff --git a/Data/Models/DTOs/RegisterDTO.cs b/Data/Models/DTOs/RegisterDTO.cs
new file mode 100644
index 0000000..55c112b
--- /dev/null
+++ b/Data/Models/DTOs/RegisterDTO.cs
@@ -0,0 +1,11 @@
+namespace Data.Models.DTOs
+{
+	public class RegisterDTO
+	{
+		public string UserName { get; set; }
+		public string Email { get; set; }
+		public string FirstName { get; set; }
+		public string LastName { get; set; }
+		public string Password { get; set; }
+	}
+}
diff --git a/Data/Models/Profiles/UserProfile.cs b/Data/Models/Profiles/UserProfile.cs
index 048deed..7bb1497 100644
--- a/Data/Models/Profiles/UserProfile.cs
+++ b/Data/Models/Profiles/UserProfile.cs
@@ -9,6 +9,7 @@ namespace Data.Models.Profiles
 		public UserProfile() 
 		{
 			CreateMap<UserDTO, User>();
+			CreateMap<RegisterDTO, User>();
 		}
 	} 
 }