From fb9a24796e859e434c83ba2f5e84895143fc0232 Mon Sep 17 00:00:00 2001 From: Syndamia Date: Sat, 12 Dec 2020 13:53:53 +0200 Subject: Implemented register request, made login require correct password, removed create user request, brought back Roles.cs and moved roles constants to UserRoles, fixed authorization in UserController --- API/Controllers/UserController.cs | 18 ++++++++---------- API/Service/UserService.cs | 24 ++++++++++++++++-------- Data/Models/Classes/Roles.cs | 9 +++++++++ Data/Models/Classes/UserRoles.cs | 4 +--- Data/Models/DTOs/LoginDTO.cs | 8 ++++++++ Data/Models/DTOs/RegisterDTO.cs | 11 +++++++++++ Data/Models/Profiles/UserProfile.cs | 1 + 7 files changed, 54 insertions(+), 21 deletions(-) create mode 100644 Data/Models/Classes/Roles.cs create mode 100644 Data/Models/DTOs/LoginDTO.cs create mode 100644 Data/Models/DTOs/RegisterDTO.cs diff --git a/API/Controllers/UserController.cs b/API/Controllers/UserController.cs index 8618c1b..fd94283 100644 --- a/API/Controllers/UserController.cs +++ b/API/Controllers/UserController.cs @@ -10,7 +10,6 @@ using Microsoft.Extensions.Configuration; namespace API.Controllers { - [Authorize] [ApiController] [Route("/api/[controller]")] public class UserController: ControllerBase @@ -22,25 +21,22 @@ namespace API.Controllers this._service = new UserService(context, mapper, configuration.GetSection("AppSettings")); } - [AllowAnonymous] [HttpPost] [Route("login")] - public async Task Login([FromBody] UserDTO userDTO) + public async Task Login([FromBody] LoginDTO loginDTO) { - return await this._service.LoginUser(userDTO); + return await this._service.LoginUser(loginDTO); } - //Create - [AllowAnonymous] [HttpPost] - public async Task Create([FromBody] UserDTO userDTO) + [Route("register")] + public async Task Register([FromBody] RegisterDTO registerDto) { - return await this._service.CreateUser(userDTO); + return await this._service.RegisterUser(registerDto); } //Read [HttpGet] - [Authorize(Roles = UserRoles.Admin)] // Functionality, only for testing purposes public async Task GetById(int id) { return await this._service.GetUserById(id); @@ -48,13 +44,15 @@ namespace API.Controllers //Update [HttpPut] + [Authorize] public async Task Update(int id, [FromBody] UserDTO userDTO) { return await this._service.UpdateUser(id, userDTO); } //Delete - [HttpDelete] + [HttpDelete] + [Authorize] public async Task Delete(int id) { return await this._service.DeleteUser(id); diff --git a/API/Service/UserService.cs b/API/Service/UserService.cs index 8e1ba38..c3bf160 100644 --- a/API/Service/UserService.cs +++ b/API/Service/UserService.cs @@ -27,9 +27,9 @@ namespace API.Service this._appSettings = appSettings; } - public async Task LoginUser(UserDTO userDTO) + public async Task LoginUser(LoginDTO loginDTO) { - User user = this._userDbRepository.FindByUsername(userDTO.UserName); + User user = this._userDbRepository.FindByUsername(loginDTO.UserName); if (user == null) return new NotFoundObjectResult("User does not exist!"); @@ -37,6 +37,9 @@ namespace API.Service // Get key from appsettings.json var key = Encoding.ASCII.GetBytes(_appSettings.GetSection("Secret").Value); + if (user.PasswordHash != GeneratePasswordHash(loginDTO.Password)) + return new BadRequestObjectResult("Incorrect password!"); + // Create Jwt Token configuration var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor @@ -56,22 +59,27 @@ namespace API.Service return new OkObjectResult(tokenString); } - - public async Task CreateUser(UserDTO userDTO) + public async Task RegisterUser(RegisterDTO registerDTO) { - if (this._userDbRepository.DoesUsernameExist(userDTO.UserName)) + + if (this._userDbRepository.DoesUsernameExist(registerDTO.UserName)) return new BadRequestObjectResult("Username already exists!"); - User user = this._userMapper.Map(userDTO); + User user = this._userMapper.Map(registerDTO); - if (user.Role == null) - user.Role = UserRoles.User; + user.Role = UserRoles.User; + user.PasswordHash = GeneratePasswordHash(registerDTO.Password); await this._userDbRepository.AddAsync(user); return new CreatedResult("CreateUser", user); } + private string GeneratePasswordHash(string password) + { + return password; // TEMPORARY! + } + public async Task GetUserById(int id) { User user = await this._userDbRepository.FindByIdAsync(id); diff --git a/Data/Models/Classes/Roles.cs b/Data/Models/Classes/Roles.cs new file mode 100644 index 0000000..da35bb0 --- /dev/null +++ b/Data/Models/Classes/Roles.cs @@ -0,0 +1,9 @@ +using Microsoft.AspNetCore.Identity; + +namespace Data.Models.Classes +{ + public class Roles : IdentityRole + { + + } +} diff --git a/Data/Models/Classes/UserRoles.cs b/Data/Models/Classes/UserRoles.cs index 32e9bfd..5f7c87a 100644 --- a/Data/Models/Classes/UserRoles.cs +++ b/Data/Models/Classes/UserRoles.cs @@ -1,8 +1,6 @@ -using Microsoft.AspNetCore.Identity; - namespace Data.Models.Classes { - public class UserRoles : IdentityRole + public class UserRoles : Roles { public const string User = "User"; public const string Admin = "Admin"; diff --git a/Data/Models/DTOs/LoginDTO.cs b/Data/Models/DTOs/LoginDTO.cs new file mode 100644 index 0000000..16141e4 --- /dev/null +++ b/Data/Models/DTOs/LoginDTO.cs @@ -0,0 +1,8 @@ +namespace Data.Models.DTOs +{ + public class LoginDTO + { + public string UserName { get; set; } + public string Password { get; set; } + } +} diff --git a/Data/Models/DTOs/RegisterDTO.cs b/Data/Models/DTOs/RegisterDTO.cs new file mode 100644 index 0000000..55c112b --- /dev/null +++ b/Data/Models/DTOs/RegisterDTO.cs @@ -0,0 +1,11 @@ +namespace Data.Models.DTOs +{ + public class RegisterDTO + { + public string UserName { get; set; } + public string Email { get; set; } + public string FirstName { get; set; } + public string LastName { get; set; } + public string Password { get; set; } + } +} diff --git a/Data/Models/Profiles/UserProfile.cs b/Data/Models/Profiles/UserProfile.cs index 048deed..7bb1497 100644 --- a/Data/Models/Profiles/UserProfile.cs +++ b/Data/Models/Profiles/UserProfile.cs @@ -9,6 +9,7 @@ namespace Data.Models.Profiles public UserProfile() { CreateMap(); + CreateMap(); } } } -- cgit v1.2.3