jonas/Hoard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
38ec3741ab4c3c36286c7f32d7cad46e64ba0aef
Hoard/API/Controllers/Auth/AuthController.cs
T
Jonas fc99c91bd8 Add auth controller/DTOs and update seed password 
Introduce authentication API: add AuthController with login, logout and me endpoints using SignInManager/UserManager; add LoginRequest and CurrentUserResponse DTOs. Login enforces active users, updates UpdatedAt on success, and returns localized messages. Also change default seed admin password from "Hoard" to "HoardPassword".
2026-04-18 22:04:51 +02:00

72 lines
2.2 KiB
C#
Raw Blame History

using API.Contracts.Auth;
using API.Models;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
namespace API.Controllers.Auth
{
[ApiController]
[Route("auth")]
public class AuthController(
SignInManager<AppUser> signInManager,
UserManager<AppUser> userManager)
: ControllerBase
{
[HttpPost("login")]
[AllowAnonymous]
public async Task<IActionResult> Login([FromBody] LoginRequest request)
{
if (string.IsNullOrWhiteSpace(request.UserName) || string.IsNullOrWhiteSpace(request.Password))
return BadRequest(new { message = "Benutzername und Passwort sind erforderlich." });
var user = await userManager.FindByNameAsync(request.UserName);
if (user is null)
return Unauthorized(new { message = "Ungültige Anmeldedaten." });
if (!user.IsActive)
return Forbid();
var result = await signInManager.PasswordSignInAsync(
user,
request.Password,
isPersistent: true,
lockoutOnFailure: false);
if (!result.Succeeded)
return Unauthorized(new { message = "Ungültige Anmeldedaten." });
user.UpdatedAt = DateTimeOffset.UtcNow;
await userManager.UpdateAsync(user);
return Ok(new { message = "Login erfolgreich." });
}
[HttpPost("logout")]
[Authorize]
public async Task<IActionResult> Logout()
{
await signInManager.SignOutAsync();
return Ok(new { message = "Logout erfolgreich." });
}
[HttpGet("me")]
[Authorize]
public async Task<ActionResult<CurrentUserResponse>> Me()
{
var user = await userManager.GetUserAsync(User);
if (user is null)
return Unauthorized();
return Ok(new CurrentUserResponse
{
Id = user.Id,
UserName = user.UserName ?? string.Empty,
IsAdmin = user.IsAdmin,
IsActive = user.IsActive,
MustChangePassword = user.MustChangePassword
});
}
}
}
Reference in New Issue View Git Blame Copy Permalink