From 604ef537e0fabfbcc3abf9d7473b22f08dc549a6 Mon Sep 17 00:00:00 2001 From: Jake Mannens Date: Thu, 14 Sep 2023 14:41:40 +1000 Subject: Finalised login functionality --- Controllers/LoginController.cs | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'Controllers/LoginController.cs') diff --git a/Controllers/LoginController.cs b/Controllers/LoginController.cs index fff3e6e..aa680a0 100644 --- a/Controllers/LoginController.cs +++ b/Controllers/LoginController.cs @@ -1,5 +1,7 @@ -using Microsoft.AspNetCore.Authentication; +using HyperBooru.Services; +using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.AspNetCore.Cryptography.KeyDerivation; using Microsoft.AspNetCore.Mvc; using System.Security.Claims; @@ -15,10 +17,20 @@ public class LoginController : Controller { [HttpPost("Login")] public async Task Login( [FromForm] string username, - [FromForm] string password) { + [FromForm] string password, + HBContext db) { + + var user = db.Users.FirstOrDefault(u => u.Username == username); + if(user is null) + return StatusCode(403); + + var hash = UserService.HashPassword(password); + if(hash != user.PasswordHash) + return StatusCode(403); var claims = new Claim[] { - new Claim(ClaimTypes.NameIdentifier, username) + new Claim(ClaimTypes.Name, user.Username), + new Claim("ObjectId", user.ObjectId.ToString()) }; var claimsIdentity = new ClaimsIdentity( @@ -27,12 +39,8 @@ public class LoginController : Controller { var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); - if(username == "admin" && password == "test") { - await httpContextAccessor.HttpContext!.SignInAsync(claimsPrincipal); - return Ok(); - } else { - return StatusCode(403); - } + await httpContextAccessor.HttpContext!.SignInAsync(claimsPrincipal); + return Ok(); } [HttpPost("Logout")] -- cgit v1.3