diff options
| author | Syndamia <kamen.d.mladenov@protonmail.com> | 2020-12-18 12:58:36 +0200 |
|---|---|---|
| committer | Syndamia <kamen.d.mladenov@protonmail.com> | 2020-12-18 12:58:36 +0200 |
| commit | f22f708a3b98dbee905786e076bb0d171316bae8 (patch) | |
| tree | 4c4009dbc528ba267e144ce3e5908cf479eefe7a /src/DevHive.Web/Controllers/UserController.cs | |
| parent | 5a5f3841c6dbed1bb332cb9a8b8d1613972b4011 (diff) | |
| download | DevHive-f22f708a3b98dbee905786e076bb0d171316bae8.tar DevHive-f22f708a3b98dbee905786e076bb0d171316bae8.tar.gz DevHive-f22f708a3b98dbee905786e076bb0d171316bae8.zip | |
Made user JWT more secure by checking the validity of the attached information and the given user (id)
Diffstat (limited to 'src/DevHive.Web/Controllers/UserController.cs')
| -rw-r--r-- | src/DevHive.Web/Controllers/UserController.cs | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/DevHive.Web/Controllers/UserController.cs b/src/DevHive.Web/Controllers/UserController.cs index e339f70..35c39df 100644 --- a/src/DevHive.Web/Controllers/UserController.cs +++ b/src/DevHive.Web/Controllers/UserController.cs @@ -9,7 +9,6 @@ using DevHive.Web.Models.Identity.User; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using DevHive.Common.Models.Identity; -using DevHive.Common.Models; namespace DevHive.Web.Controllers { @@ -56,8 +55,11 @@ namespace DevHive.Web.Controllers //Read [HttpGet] - public async Task<IActionResult> GetById(Guid id) + public async Task<IActionResult> GetById(Guid id, [FromHeader] string authorization) { + if (!await this._userService.ValidJWT(id, authorization)) + return new UnauthorizedResult(); + UserServiceModel userServiceModel = await this._userService.GetUserById(id); UserWebModel userWebModel = this._userMapper.Map<UserWebModel>(userServiceModel); @@ -66,8 +68,11 @@ namespace DevHive.Web.Controllers //Update [HttpPut] - public async Task<IActionResult> Update(Guid id, [FromBody] UpdateUserWebModel updateModel) + public async Task<IActionResult> Update(Guid id, [FromBody] UpdateUserWebModel updateModel, [FromHeader] string authorization) { + if (!await this._userService.ValidJWT(id, authorization)) + return new UnauthorizedResult(); + UpdateUserServiceModel updateUserServiceModel = this._userMapper.Map<UpdateUserServiceModel>(updateModel); updateUserServiceModel.Id = id; @@ -80,8 +85,11 @@ namespace DevHive.Web.Controllers //Delete [HttpDelete] - public async Task<IActionResult> Delete(Guid id) + public async Task<IActionResult> Delete(Guid id, [FromHeader] string authorization) { + if (!await this._userService.ValidJWT(id, authorization)) + return new UnauthorizedResult(); + await this._userService.DeleteUser(id); return new OkResult(); } |