InitialHEAD master

author: ivar <i@oiee.no> 2025-10-19 23:41:23 +0200
committer: ivar <i@oiee.no> 2025-10-19 23:41:23 +0200
commit: 3f4c0720e1e3421431e7baa20882a4a4512a7fab (patch)
tree: 734ca81d7d0841d8863e3f523ebba14c282dc681 /src/Controllers/AccountController.cs
download: fagprove-master.tar.xz
fagprove-master.zip
1 files changed, 97 insertions, 0 deletions
diff --git a/src/Controllers/AccountController.cs b/src/Controllers/AccountController.cs
new file mode 100644
index 0000000..e1f6946
--- /dev/null
+++ b/src/Controllers/AccountController.cs
@@ -0,0 +1,97 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using IOL.Fagprove.Data;
+using IOL.Fagprove.Data.DTOs;
+using IOL.Fagprove.Services.Interfaces;
+using IOL.Fagprove.Utilities;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace IOL.Fagprove.Controllers
+{
+    public class AccountController : BaseController
+    {
+        private readonly AppDbContext _context;
+        private readonly IUserService _userService;
+
+        public AccountController(AppDbContext context, IUserService userService)
+        {
+            _context = context;
+            _userService = userService;
+        }
+
+        [HttpPost("login")]
+        [ValidateAntiForgeryToken]
+        [AllowAnonymous]
+        public async Task<ActionResult> Login(LoginDto data)
+        {
+            if (data.Password.IsMissing() || data.Username.IsMissing()) return BadRequest("Ett eller flere felt er ikke fylt inn.");
+            if (data.Username.IsEmail() == false) return BadRequest("Det ser ikke ut som en e-postadresse");
+            var user = _context.Users.SingleOrDefault(u => u.Email == data.Username);
+            var passwordMatches = PasswordHasher.PasswordMatches(user?.Password ?? string.Empty, data.Password ?? string.Empty);
+            if (user == default || passwordMatches == false) return BadRequest("E-postadresse eller passord er feil");
+
+            var claims = new List<Claim>
+            {
+                new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
+                new Claim(ClaimTypes.Name, user.Name),
+                new Claim(ClaimTypes.Role, user.Role.ToString())
+            };
+            
+            var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
+            var authenticationProperties = new AuthenticationProperties
+            {
+                AllowRefresh = true,
+                IssuedUtc = DateTimeOffset.UtcNow
+            };
+
+            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+                                          new ClaimsPrincipal(claimsIdentity), authenticationProperties);
+            return Ok();
+        }
+
+        [HttpGet("logout")]
+        public async Task<ActionResult> Logout()
+        {
+            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+            return Redirect("/");
+        }
+
+        [AllowAnonymous]
+        [HttpPost("forgot")]
+        public ActionResult StartForgotPasswordFlow(string email)
+        {
+            var user = _context.Users.SingleOrDefault(u => u.Email == email);
+            if (user == default) return Ok();
+            var task = _userService.SetNewTemporaryPasswordAndNotifyUser(user);
+            if (task) return Ok();
+            return StatusCode(500);
+        }
+
+        [HttpPut("password")]
+        public ActionResult SetPasswordAfterTemporary(UpdatePasswordDto data)
+        {
+            var user = _context.Users.SingleOrDefault(u => u.Id == LoggedInUser.Id);
+            if (user == default)
+            {
+                SignOut();
+                return Unauthorized(new { error = "Vi fant deg ikke i våre systemer." });
+            }
+
+            if (data.Password.IsMissing() || data.Password.IsMissing())
+            {
+                return BadRequest(new { error = "Ett eller flere felt er ikke fylt inn." });
+            }
+            if (data.Password.Length <= 5) return BadRequest(new { error = "Passordet er ikke langt nok." });
+            if (data.Password != data.PasswordOnceMore) return BadRequest(new { error = "Passordene er forksjellige" });
+            var passwordIsUpdated = _userService.UpdatePassword(user, data.Password);
+            if (passwordIsUpdated) return Ok();
+            return StatusCode(500, new { error = "Noe gikk galt, vennligst prøv igjen senere." });
+        }
+    }
+}
+\ No newline at end of file
author	ivar <i@oiee.no>	2025-10-19 23:41:23 +0200
committer	ivar <i@oiee.no>	2025-10-19 23:41:23 +0200
commit	3f4c0720e1e3421431e7baa20882a4a4512a7fab (patch)
tree	734ca81d7d0841d8863e3f523ebba14c282dc681 /src/Controllers/AccountController.cs
download	fagprove-master.tar.xz fagprove-master.zip