From e0cf80a5d0e2d6898b611892a331aa917b9370d9 Mon Sep 17 00:00:00 2001
From: Jake Mannens <jake@asger.xyz>
Date: Fri, 29 Sep 2023 17:46:47 +1000
Subject: Finalised security service

---
 Controllers/LoginController.cs | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'Controllers')

diff --git a/Controllers/LoginController.cs b/Controllers/LoginController.cs
index bb31fe2..364bc5e 100644
--- a/Controllers/LoginController.cs
+++ b/Controllers/LoginController.cs
@@ -11,8 +11,15 @@ namespace HyperBooru.Controllers;
 [Route("/")]
 public class LoginController : Controller {
     private IHttpContextAccessor httpContextAccessor;
-    public LoginController(IHttpContextAccessor httpContextAccessor) =>
+    private IPrincipalProvider   principalProvider;
+
+    public LoginController(
+        IHttpContextAccessor httpContextAccessor,
+        IPrincipalProvider principalProvider) {
+
         this.httpContextAccessor = httpContextAccessor;
+        this.principalProvider   = principalProvider;
+    }
 
     [HttpPost("Login")]
     public async Task<IActionResult> Login(
@@ -20,17 +27,16 @@ public class LoginController : Controller {
         [FromForm] string password,
         HBContext db) {
 
-        var user = db.Users.FirstOrDefault(u => u.Name == username);
+        var user = principalProvider.GetUser(username);
         if(user is null)
             return StatusCode(403);
 
-        var hash = UserService.HashPassword(password);
-        if(hash != user.PasswordHash)
+        if(!principalProvider.ValidatePassword(user, password))
             return StatusCode(403);
 
         var claims = new Claim[] {
             new Claim(ClaimTypes.Name, user.Name),
-            new Claim("ObjectId", user.ObjectId.ToString())
+            new Claim("SID", user.Sid.ToString())
         };
 
         var claimsIdentity = new ClaimsIdentity(
-- 
cgit v1.3