diff --git a/TIAMWebApp/Server/Controllers/UserAPIController.cs b/TIAMWebApp/Server/Controllers/UserAPIController.cs index bbc9385b..f958c6a7 100644 --- a/TIAMWebApp/Server/Controllers/UserAPIController.cs +++ b/TIAMWebApp/Server/Controllers/UserAPIController.cs @@ -32,8 +32,8 @@ namespace TIAMWebApp.Server.Controllers private UserDal _userDal; private readonly IConfiguration _configuration; private readonly IWebHostEnvironment _webHostEnvironment; - PasswordHasher hasher = new PasswordHasher(); - + readonly PasswordHasher _hasher = new(); + /*private UserModel[] users = new UserModel[] { @@ -48,7 +48,7 @@ namespace TIAMWebApp.Server.Controllers { _logger = logger; _configuration = configuration; - _webHostEnvironment = webHostEnvironment; + _webHostEnvironment = webHostEnvironment; _userDal = userDal; } @@ -77,9 +77,9 @@ namespace TIAMWebApp.Server.Controllers { return Unauthorized(); } - else + else { - bool isValidUser = false; + var isValidUser = false; if (dbUser.Password == authenticateUser.Password) { @@ -91,7 +91,7 @@ namespace TIAMWebApp.Server.Controllers if (isValidUser) { Console.WriteLine("UserModel authenticated, let's start JWT"); - string accessToken = GenerateAccessToken(dbUser); + var accessToken = GenerateAccessToken(dbUser); Console.WriteLine("Generate refresh token"); var refreshToken = GenerateRefreshToken(); dbUser.RefreshToken = refreshToken; @@ -115,23 +115,23 @@ namespace TIAMWebApp.Server.Controllers return Unauthorized(); } } - - - } private string GenerateAccessToken(User user) { var tokenHandler = new JwtSecurityTokenHandler(); - var token = new JwtSecurityToken(); Console.WriteLine("----------------------------------------------------------"); - var keyDetail = Encoding.UTF8.GetBytes(_configuration["JWT:Key"]); + + if (_configuration["JWT:Key"] == null) + throw new SecurityTokenException("Token is null"); + + var keyDetail = Encoding.UTF8.GetBytes(_configuration["JWT:Key"] ?? string.Empty); Console.WriteLine(_configuration["JWT:Key"]); var claims = new List { - new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), - new Claim(ClaimTypes.Email, user.Email) + new(ClaimTypes.NameIdentifier, user.Id.ToString()), + new(ClaimTypes.Email, user.Email) }; var tokenDescriptor = new SecurityTokenDescriptor @@ -142,18 +142,21 @@ namespace TIAMWebApp.Server.Controllers Subject = new ClaimsIdentity(claims), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(keyDetail), SecurityAlgorithms.HmacSha256Signature) }; - token = tokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken; - string writtenToken = tokenHandler.WriteToken(token); + + var token = tokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken; + var writtenToken = tokenHandler.WriteToken(token); Console.WriteLine(writtenToken); + return writtenToken; } [AllowAnonymous] [HttpPost] [Route("RefreshToken")] - public async Task RefreshToken(RefreshTokenRequest refreshTokenRequest) + public async Task RefreshToken(RefreshTokenRequest? refreshTokenRequest) { Console.WriteLine("RefreshToken called"); + var response = new MainResponse(); if (refreshTokenRequest is null) { @@ -190,9 +193,9 @@ namespace TIAMWebApp.Server.Controllers return BadRequest(response); } - string newAccessToken = GenerateAccessToken(dbUser); - string refreshToken = GenerateRefreshToken(); - + var newAccessToken = GenerateAccessToken(dbUser); + var refreshToken = GenerateRefreshToken(); + //mocking - update userModel with new refreshToken dbUser.RefreshToken = refreshToken; //TODO await _userManager.UpdateAsync(userModel); @@ -204,21 +207,22 @@ namespace TIAMWebApp.Server.Controllers RefreshToken = refreshToken, AccessToken = newAccessToken }; + return Ok(response); } - else - { - Console.WriteLine("Principal is null"); - return NotFound("Invalid Token Found"); - } + Console.WriteLine("Principal is null"); + return NotFound("Invalid Token Found"); } private ClaimsPrincipal GetPrincipalFromExpiredToken(string token) { var tokenHandler = new JwtSecurityTokenHandler(); - var keyDetail = Encoding.UTF8.GetBytes(_configuration["JWT:Key"]); + if (_configuration["JWT:Key"] == null) + throw new SecurityTokenException("Token is null"); + + var keyDetail = Encoding.UTF8.GetBytes(_configuration["JWT:Key"] ?? string.Empty); var tokenValidationParameter = new TokenValidationParameters { @@ -231,11 +235,11 @@ namespace TIAMWebApp.Server.Controllers IssuerSigningKey = new SymmetricSecurityKey(keyDetail), }; - SecurityToken securityToken; - var principal = tokenHandler.ValidateToken(token, tokenValidationParameter, out securityToken); - var jwtSecurityToken = securityToken as JwtSecurityToken; - if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase)) + var principal = tokenHandler.ValidateToken(token, tokenValidationParameter, out var securityToken); + + if (securityToken is not JwtSecurityToken jwtSecurityToken || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase)) throw new SecurityTokenException("Invalid token"); + return principal; } @@ -257,56 +261,54 @@ namespace TIAMWebApp.Server.Controllers public async Task CreateUser([FromBody] JsonElement SerializedRegistrationModel) { Console.WriteLine("CreateUser called"); + if (string.IsNullOrEmpty(SerializedRegistrationModel.GetRawText())) { return BadRequest("SerializedLoginModel is required"); } else { - RegistrationModel? user = JObject.Parse(SerializedRegistrationModel.GetRawText()).ToObject(); + var user = JObject.Parse(SerializedRegistrationModel.GetRawText()).ToObject(); - - if(user != null) + if (user != null) + { + //add userModel to users array + //Array.Resize(ref users, users.Length + 1); + //users[users.Length - 1] = new UserModel(user.Email, user.PhoneNumber, user.Password); + + + var userId = Guid.NewGuid(); + var email = user?.Email; + var phoneNumber = user?.PhoneNumber; + var password = user?.Password; + + if (email is null || phoneNumber is null || password is null) { - //add userModel to users array - //Array.Resize(ref users, users.Length + 1); - //users[users.Length - 1] = new UserModel(user.Email, user.PhoneNumber, user.Password); + return BadRequest("Invalid request"); + } + else + { + Console.WriteLine($"User to be created: {userId}"); + Console.WriteLine($"User to be created: {email}"); + Console.WriteLine($"User to be created: {phoneNumber}"); + Console.WriteLine($"User to be created: {password}"); + await _userDal.CreateUserAsync(new User(userId, email, phoneNumber, password)); + } + } - var userId = Guid.NewGuid(); - string? email = user?.Email; - string? phoneNumber = user?.PhoneNumber; - string? password = user?.Password; - - if(email is null || phoneNumber is null || password is null) - { - return BadRequest("Invalid request"); - } - else - { - Console.WriteLine($"User to be created: {userId}"); - Console.WriteLine($"User to be created: {email}"); - Console.WriteLine($"User to be created: {phoneNumber}"); - Console.WriteLine($"User to be created: {password}"); - - await _userDal.CreateUserAsync(new User(userId, email, phoneNumber, password)); - } - } - return Ok("yes"); - - + return Ok("yes"); } - - } [HttpPost] [Route("Test1")] public async Task TestEndpoint([FromBody] int testParam) - { + { return Ok(testParam.ToString()); } + [HttpGet] [Route("Test2")] public string TestEndpoint2(int testParam) @@ -345,13 +347,13 @@ namespace TIAMWebApp.Server.Controllers private bool VerifyPassword(string password, string hashedPassword) { - bool isPasswordValid = hasher.VerifyPassword(password, hashedPassword); + var isPasswordValid = _hasher.VerifyPassword(password, hashedPassword); return isPasswordValid; } private string HashPassword(string password) { - var hashedPassword = hasher.HashPassword(password); + var hashedPassword = _hasher.HashPassword(password); return hashedPassword; } }