src/server/Controllers/AccountController.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

using System;
using System.Collections.Generic;
using System.IO;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Dough.Models;
using Dough.Models.Database;
using Dough.Models.Payloads;
using Dough.Models.Results;
using Dough.Services;
using Dough.Utilities;
using IdentityServer4;
using IdentityServer4.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;

namespace Dough.Controllers
{
    [AllowAnonymous]
    public class AccountController : BaseController
    {
        private readonly MainDbContext _context;
        private readonly IIdentityServerInteractionService _interaction;
        private readonly EmailService _emailService;

        public AccountController(MainDbContext context,
            IIdentityServerInteractionService interaction,
            EmailService emailService)
        {
            _context = context;
            _interaction = interaction;
            _emailService = emailService;
        }

        [HttpGet("login")]
        public ActionResult GetLogin()
        {
            var pathToLoginFile = Path.Combine(Directory.GetCurrentDirectory(), "AppData", "login.html");
            var fileContent = System.IO.File.ReadAllText(pathToLoginFile);
            return Content(fileContent, "text/html");
        }

        [HttpPost("login")]
        [ValidateAntiForgeryToken]
        public async Task<ActionResult> PostLogin(LoginPayload payload)
        {
            if (!_interaction.IsValidReturnUrl(payload.ReturnUrl))
                return BadRequest(new ErrorResult());

            var user = _context.Users.SingleByNameOrDefault(payload.Username);
            if (user == default)
            {
                await Task.Delay(1500);
                return BadRequest(new ErrorResult("Username or password is incorrect","Please try again with a different username and/or password"));
            }

            if (!user.VerifyPassword(payload.Password))
            {
                await Task.Delay(1000);
                return BadRequest(new ErrorResult("Username or password is incorrect","Please try again with a different username and/or password"));
            }

            
            var props = new AuthenticationProperties
            {
                AllowRefresh = true,
                IssuedUtc = DateTime.UtcNow,
            };

            if (payload.Persist)
            {
                props.IsPersistent = true;
                props.ExpiresUtc = DateTime.UtcNow.AddDays(15);
            }
            
            var identityServerUser = new IdentityServerUser(user.Id.ToString())
            {
                DisplayName = user.Username,
                AuthenticationTime = DateTime.UtcNow,
            };

            await HttpContext.SignInAsync(identityServerUser, props);
            
            return Ok(payload.ReturnUrl);
        }


        [HttpGet("forgot")]
        public async Task<ActionResult> ForgotPassword(string username)
        {
            var user = _context.Users.SingleByNameOrDefault(username);
            if (user == default) return Ok();
            return Ok();
        }

        [Authorize]
        [HttpGet("me")]
        public ActionResult GetClaimsForUser()
        {
            return Ok(LoggedInUser);
        }
    }
}