Add authentication

2020-01-03 13:32:20 +00:00 · 2020-01-03 13:32:20 +00:00 · a2d84e182d
commit a2d84e182d
parent 8f0c4c0a45
11 changed files with 206 additions and 21 deletions
--- a/Website/Controllers/AccountController.cs
+++ b/Website/Controllers/AccountController.cs
@ -0,0 +1,54 @@
+using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Mvc;
+using Website.Data;
+using Website.Models;
+using Website.ViewModels;
+
+namespace Website.Controllers {
+	public class AccountController:Controller {
+		private readonly UserRepository _repo;
+
+		public AccountController(UserRepository repo) => _repo = repo;
+
+		public IActionResult Index() => View();
+
+		[HttpGet]
+		public IActionResult Login(string returnUrl, bool failedAttempt = false) {
+			var model = new LoginViewModel {
+				ReturnUrl = returnUrl,
+				FailedAttempt = failedAttempt
+			};
+			return View(model);
+		}
+
+		[HttpPost]
+		public async Task<IActionResult> Login(LoginRequest request) {
+			try {
+				var user = await _repo.GetUserByEmail(request.Username);
+				return user.ValidatePassword(request.Password)
+					? await SetIdentityAndRedirect(request.ReturnUrl, user)
+					: Login(request.ReturnUrl, true);
+			}
+			catch (Exception e) {
+				return Login(request.ReturnUrl, true);
+			}
+		}
+
+		private async Task<IActionResult> SetIdentityAndRedirect(string returnUrl, User user) {
+			var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
+			identity.AddClaim(new Claim(ClaimTypes.Name, user.Username));
+			identity.AddClaim(new Claim(ClaimTypes.Email, user.Username));
+
+			var principal = new ClaimsPrincipal(identity);
+			await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
+
+			return string.IsNullOrEmpty(returnUrl)
+				? (IActionResult) RedirectToAction(nameof(Index))
+				: Redirect(returnUrl);
+		}
+	}
+}
--- a/Website/Controllers/BlogController.cs
+++ b/Website/Controllers/BlogController.cs
@ -1,6 +1,7 @@
 using System;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Website.Data;
 using Website.Models;
@ -38,6 +39,7 @@ namespace Website.Controllers
 			}
 		}

+		[Authorize]
 		public async Task<IActionResult> Edit(int? id) {
 			if (!id.HasValue)
 				return View();
@ -56,6 +58,7 @@ namespace Website.Controllers
 			}
 		}

+		[Authorize]
 		[HttpPost]
 		public async Task<IActionResult> Save(BlogPostSubmission submission) {
 			var post = submission.Id.HasValue ? await _repo.GetPostByIdAsync(submission.Id.Value) : new BlogPost();
@ -68,12 +71,14 @@ namespace Website.Controllers
 			return RedirectToAction(nameof(Edit), new{savedPost.Id});
 		}

+		[Authorize]
 		public async Task<IActionResult> Manage() {
 			var posts = await _repo.GetAllPostsAsync();
 			var models = posts.OrderByDescending(post => post.Timestamp).Select(post => new BlogPostViewModel(post));
 			return View(models);
 		}

+		[Authorize]
 		public async Task<IActionResult> Publish(int id) {
 			var post = await _repo.GetPostByIdAsync(id);
 			post.Publish();
@ -82,6 +87,7 @@ namespace Website.Controllers
 			return RedirectToAction(nameof(Manage));
 		}

+		[Authorize]
 		public async Task<IActionResult> Delete(int id) {
 			await _repo.DeletePostAsync(id);