Implemented register request, made login require correct password, removed create user request, brought back Roles.cs and moved roles constants to UserRoles, fixed authorization in UserController

2 files changed, 24 insertions, 18 deletions

diff --git a/API/Controllers/UserController.cs b/API/Controllers/UserController.cs
index 8618c1b..fd94283 100644
--- a/API/Controllers/UserController.cs
+++ b/API/Controllers/UserController.cs
@@ -10,7 +10,6 @@ using Microsoft.Extensions.Configuration;
 
 namespace API.Controllers
 {
-	[Authorize]
 	[ApiController]
 	[Route("/api/[controller]")]
 	public class UserController: ControllerBase
@@ -22,25 +21,22 @@ namespace API.Controllers
 			this._service = new UserService(context, mapper, configuration.GetSection("AppSettings"));
 		}
 
-		[AllowAnonymous]
 		[HttpPost]
 		[Route("login")]
-		public async Task<IActionResult> Login([FromBody] UserDTO userDTO)
+		public async Task<IActionResult> Login([FromBody] LoginDTO loginDTO)
 		{
-			return await this._service.LoginUser(userDTO);
+			return await this._service.LoginUser(loginDTO);
 		}
 
-		//Create
-		[AllowAnonymous]
 		[HttpPost]
-		public async Task<IActionResult> Create([FromBody] UserDTO userDTO)
+		[Route("register")]
+		public async Task<IActionResult> Register([FromBody] RegisterDTO registerDto)
 		{
-			return await this._service.CreateUser(userDTO);
+			return await this._service.RegisterUser(registerDto);
 		}
 
 		//Read
 		[HttpGet]
-		[Authorize(Roles = UserRoles.Admin)] // Functionality, only for testing purposes
 		public async Task<IActionResult> GetById(int id)
 		{
 			return await this._service.GetUserById(id);
@@ -48,13 +44,15 @@ namespace API.Controllers
 
 		//Update
 		[HttpPut]
+		[Authorize]
 		public async Task<IActionResult> Update(int id, [FromBody] UserDTO userDTO)
 		{
 			return await this._service.UpdateUser(id, userDTO);
 		}
 
 		//Delete
-		[HttpDelete] 
+		[HttpDelete]
+	   	[Authorize]	
 		public async Task<IActionResult> Delete(int id)
 		{
 			return await this._service.DeleteUser(id);
diff --git a/API/Service/UserService.cs b/API/Service/UserService.cs
index 8e1ba38..c3bf160 100644
--- a/API/Service/UserService.cs
+++ b/API/Service/UserService.cs
@@ -27,9 +27,9 @@ namespace API.Service
 			this._appSettings = appSettings;
 		}
 
-		public async Task<IActionResult> LoginUser(UserDTO userDTO)
+		public async Task<IActionResult> LoginUser(LoginDTO loginDTO)
 		{
-			User user = this._userDbRepository.FindByUsername(userDTO.UserName);
+			User user = this._userDbRepository.FindByUsername(loginDTO.UserName);
 
 			if (user == null)
 				return new NotFoundObjectResult("User does not exist!");
@@ -37,6 +37,9 @@ namespace API.Service
 			// Get key from appsettings.json
 			var key = Encoding.ASCII.GetBytes(_appSettings.GetSection("Secret").Value);  
 
+			if (user.PasswordHash != GeneratePasswordHash(loginDTO.Password))
+				return new BadRequestObjectResult("Incorrect password!");
+
 			// Create Jwt Token configuration
 			var tokenHandler = new JwtSecurityTokenHandler();
             var tokenDescriptor = new SecurityTokenDescriptor
@@ -56,22 +59,27 @@ namespace API.Service
 			return new OkObjectResult(tokenString);
 		}
 
-
-		public async Task<IActionResult> CreateUser(UserDTO userDTO)
+		public async Task<IActionResult> RegisterUser(RegisterDTO registerDTO)
 		{
-			if (this._userDbRepository.DoesUsernameExist(userDTO.UserName))
+
+			if (this._userDbRepository.DoesUsernameExist(registerDTO.UserName))
 				return new BadRequestObjectResult("Username already exists!");
 
-			User user = this._userMapper.Map<User>(userDTO);
+			User user = this._userMapper.Map<User>(registerDTO);
 
-			if (user.Role == null)
-				user.Role = UserRoles.User;
+			user.Role = UserRoles.User;
+			user.PasswordHash = GeneratePasswordHash(registerDTO.Password);
 
 			await this._userDbRepository.AddAsync(user);
 
 			return new CreatedResult("CreateUser", user);
 		}
 
+		private string GeneratePasswordHash(string password)
+		{
+			return password; // TEMPORARY!
+		}
+
 		public async Task<IActionResult> GetUserById(int id) 
 		{
 			User user = await this._userDbRepository.FindByIdAsync(id);