* Added Authorization which is not working
This commit is contained in:
@@ -1,5 +1,9 @@
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using FaKrosnoApi.Models;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using OrdersManagementDataModel.Dtos;
|
||||
using OrdersManagementDataModel.Services;
|
||||
|
||||
@@ -7,7 +11,7 @@ namespace FaKrosnoApi.Controllers;
|
||||
|
||||
[ApiController]
|
||||
[Route("api/[controller]")]
|
||||
public class UsersController(IUserService service) : Controller
|
||||
public class UsersController(IUserService service, IConfiguration configuration) : Controller
|
||||
{
|
||||
[HttpGet]
|
||||
public async Task<ActionResult<IEnumerable<UserDto>>> GetAll()
|
||||
@@ -30,51 +34,41 @@ public class UsersController(IUserService service) : Controller
|
||||
return user != null ? Ok(user) : NotFound();
|
||||
}
|
||||
|
||||
[HttpPost("authenticate")]
|
||||
public async Task<IActionResult> Authenticate([FromBody] AuthenticateRequestModel? request)
|
||||
[HttpPost("login")]
|
||||
public async Task<IActionResult> Login([FromBody] AuthenticateRequestModel loginDto)
|
||||
{
|
||||
if (request == null || string.IsNullOrEmpty(request.Login) || string.IsNullOrEmpty(request.Password))
|
||||
{
|
||||
return BadRequest(new { message = "Login i hasło są wymagane" });
|
||||
}
|
||||
|
||||
var user = await service.GetByUsername(request.Login);
|
||||
|
||||
var x = BCrypt.Net.BCrypt.Verify(request.Password, user?.PasswordHash);
|
||||
// Sprawdź poprawność użytkownika (np. w bazie danych)
|
||||
var user = await service.GetByUsername(loginDto.Login);
|
||||
|
||||
if (user == null || !BCrypt.Net.BCrypt.Verify(request.Password, user.PasswordHash))
|
||||
if(user == null || !BCrypt.Net.BCrypt.Verify(loginDto.Password, user.PasswordHash))
|
||||
{
|
||||
return Unauthorized(new { message = "Nieprawidłowy login lub hasło" });
|
||||
return Unauthorized("Nieprawidłowa nazwa użytkownika lub hasło.");
|
||||
}
|
||||
|
||||
var userDto = new UserDto
|
||||
|
||||
var claims = new[]
|
||||
{
|
||||
Id = user.Id,
|
||||
Login = user.Login,
|
||||
IsTemporaryPassword = user.IsTemporaryPassword,
|
||||
IsActive = user.IsActive,
|
||||
ActiveFrom = user.ActiveFrom,
|
||||
ActiveTo = user.ActiveTo,
|
||||
Email = user.Email,
|
||||
FirstName = user.FirstName,
|
||||
LastName = user.LastName,
|
||||
CreatedDate = user.CreatedDate,
|
||||
LastLoginDate = user.LastLoginDate,
|
||||
FailedLoginAttempts = user.FailedLoginAttempts,
|
||||
IsLocked = user.IsLocked,
|
||||
LockoutEndDate = user.LockoutEndDate,
|
||||
RowPointer = user.RowPointer
|
||||
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
|
||||
new Claim(ClaimTypes.Name, user.Login),
|
||||
};
|
||||
|
||||
user.LastLoginDate = DateTime.Now;
|
||||
user.FailedLoginAttempts = 0;
|
||||
await service.Login(user);
|
||||
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Jwt:Key"]));
|
||||
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
|
||||
|
||||
return Ok(userDto);
|
||||
var token = new JwtSecurityToken(
|
||||
issuer: configuration["Jwt:Issuer"],
|
||||
audience: configuration["Jwt:Audience"],
|
||||
claims: claims,
|
||||
expires: DateTime.Now.AddHours(1), // Token ważny przez 1 godzinę
|
||||
signingCredentials: creds);
|
||||
|
||||
return Ok(new
|
||||
{
|
||||
token = new JwtSecurityTokenHandler().WriteToken(token),
|
||||
expires = token.ValidTo
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
[HttpPost]
|
||||
public async Task<ActionResult<UserDto>> Add([FromBody] UserDto user)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user