src/server/Controllers/AccountController.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Dough.Models;
using Dough.Models.Database;
using Dough.Models.Payloads;
using Dough.Models.Results;
using Dough.Utilities;

namespace Dough.Controllers
{
    public class AccountController : BaseController
    {
        private readonly MainDbContext _context;

        public AccountController(MainDbContext context)
        {
            _context = context;
        }

        [HttpPost("login")]
        public async Task<ActionResult> Login(LoginPayload payload)
        {
            var user = _context.Users.SingleByNameOrDefault(payload.Username);
            if (user == default)
                return BadRequest(new ErrorResult("Ugyldig brukernavn eller passord",
                    "Verifiser at passord og brukernavn er riktig og prøv igjen"));

            if (!user.VerifyPassword(payload.Password))
                return BadRequest(new ErrorResult("Ugyldig brukernavn eller passord",
                    "Verifiser at passord og brukernavn er riktig"));

            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.Name, user.Username),
                new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
                new Claim(ClaimTypes.AuthenticationInstant, DateTime.UtcNow.ToString("O"))
            };

            var claimsIdentity = new ClaimsIdentity(claims, Constants.AuthenticationScheme);
            var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);

            var authenticationProperties = new AuthenticationProperties
            {
                IsPersistent = false,
                IssuedUtc = DateTime.UtcNow,
                AllowRefresh = true,
                ExpiresUtc = DateTime.UtcNow.AddDays(7),
            };

            await HttpContext.SignInAsync(Constants.AuthenticationScheme,
                claimsPrincipal,
                authenticationProperties);

            return Ok();
        }

        [HttpGet("logout")]
        public async Task<ActionResult> Logout(string continueTo = default)
        {
            await HttpContext.SignOutAsync(Constants.AuthenticationScheme);
            if (continueTo.IsPresent() && continueTo.IsValidUrl()) return Redirect(continueTo);
            return Ok();
        }

        [Authorize]
        [HttpGet("me")]
        public ActionResult GetClaimsForUser()
        {
            return Ok(LoggedInUser);
        }
    }
}