From fb9a24796e859e434c83ba2f5e84895143fc0232 Mon Sep 17 00:00:00 2001 From: Syndamia Date: Sat, 12 Dec 2020 13:53:53 +0200 Subject: Implemented register request, made login require correct password, removed create user request, brought back Roles.cs and moved roles constants to UserRoles, fixed authorization in UserController --- API/Controllers/UserController.cs | 18 ++++++++---------- API/Service/UserService.cs | 24 ++++++++++++++++-------- 2 files changed, 24 insertions(+), 18 deletions(-) (limited to 'API') diff --git a/API/Controllers/UserController.cs b/API/Controllers/UserController.cs index 8618c1b..fd94283 100644 --- a/API/Controllers/UserController.cs +++ b/API/Controllers/UserController.cs @@ -10,7 +10,6 @@ using Microsoft.Extensions.Configuration; namespace API.Controllers { - [Authorize] [ApiController] [Route("/api/[controller]")] public class UserController: ControllerBase @@ -22,25 +21,22 @@ namespace API.Controllers this._service = new UserService(context, mapper, configuration.GetSection("AppSettings")); } - [AllowAnonymous] [HttpPost] [Route("login")] - public async Task Login([FromBody] UserDTO userDTO) + public async Task Login([FromBody] LoginDTO loginDTO) { - return await this._service.LoginUser(userDTO); + return await this._service.LoginUser(loginDTO); } - //Create - [AllowAnonymous] [HttpPost] - public async Task Create([FromBody] UserDTO userDTO) + [Route("register")] + public async Task Register([FromBody] RegisterDTO registerDto) { - return await this._service.CreateUser(userDTO); + return await this._service.RegisterUser(registerDto); } //Read [HttpGet] - [Authorize(Roles = UserRoles.Admin)] // Functionality, only for testing purposes public async Task GetById(int id) { return await this._service.GetUserById(id); @@ -48,13 +44,15 @@ namespace API.Controllers //Update [HttpPut] + [Authorize] public async Task Update(int id, [FromBody] UserDTO userDTO) { return await this._service.UpdateUser(id, userDTO); } //Delete - [HttpDelete] + [HttpDelete] + [Authorize] public async Task Delete(int id) { return await this._service.DeleteUser(id); diff --git a/API/Service/UserService.cs b/API/Service/UserService.cs index 8e1ba38..c3bf160 100644 --- a/API/Service/UserService.cs +++ b/API/Service/UserService.cs @@ -27,9 +27,9 @@ namespace API.Service this._appSettings = appSettings; } - public async Task LoginUser(UserDTO userDTO) + public async Task LoginUser(LoginDTO loginDTO) { - User user = this._userDbRepository.FindByUsername(userDTO.UserName); + User user = this._userDbRepository.FindByUsername(loginDTO.UserName); if (user == null) return new NotFoundObjectResult("User does not exist!"); @@ -37,6 +37,9 @@ namespace API.Service // Get key from appsettings.json var key = Encoding.ASCII.GetBytes(_appSettings.GetSection("Secret").Value); + if (user.PasswordHash != GeneratePasswordHash(loginDTO.Password)) + return new BadRequestObjectResult("Incorrect password!"); + // Create Jwt Token configuration var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor @@ -56,22 +59,27 @@ namespace API.Service return new OkObjectResult(tokenString); } - - public async Task CreateUser(UserDTO userDTO) + public async Task RegisterUser(RegisterDTO registerDTO) { - if (this._userDbRepository.DoesUsernameExist(userDTO.UserName)) + + if (this._userDbRepository.DoesUsernameExist(registerDTO.UserName)) return new BadRequestObjectResult("Username already exists!"); - User user = this._userMapper.Map(userDTO); + User user = this._userMapper.Map(registerDTO); - if (user.Role == null) - user.Role = UserRoles.User; + user.Role = UserRoles.User; + user.PasswordHash = GeneratePasswordHash(registerDTO.Password); await this._userDbRepository.AddAsync(user); return new CreatedResult("CreateUser", user); } + private string GeneratePasswordHash(string password) + { + return password; // TEMPORARY! + } + public async Task GetUserById(int id) { User user = await this._userDbRepository.FindByIdAsync(id); -- cgit v1.2.3