using System; using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Dough.Models; using Dough.Models.Database; using Dough.Models.Results; using Dough.Utilities; namespace Dough.Controllers { public class AccountController : BaseController { private readonly MainDbContext _context; public AccountController(MainDbContext context) { _context = context; } [HttpPost("login")] public async Task Login(string username, string password) { var user = _context.Users.SingleByNameOrDefault(username); if (user == default) return BadRequest(new ErrorResult("Ugyldig brukernavn eller passord", "Verifiser at passord og brukernavn er riktig og prøv igjen")); if (!user.VerifyPassword(password)) return BadRequest(new ErrorResult("Ugyldig brukernavn eller passord", "Verifiser at passord og brukernavn er riktig")); var claims = new List { new Claim(ClaimTypes.Name, user.Username), new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()) }; var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); var authenticationProperties = new AuthenticationProperties { IsPersistent = false, IssuedUtc = DateTime.UtcNow, AllowRefresh = true, ExpiresUtc = DateTime.UtcNow.AddDays(7), }; await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal, authenticationProperties); return Ok(); } [HttpGet("logout")] public async Task Logout(string continueTo = default) { await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); if (continueTo.IsPresent() && continueTo.IsValidUrl()) return Redirect(continueTo); return Ok(); } [Authorize] [HttpGet("me")] public ActionResult GetClaimsForUser() { return Ok(LoggedInUser); } } }