Jonas
bd261b6868
Introduce ChangePasswordRequest DTO and a new ChangePassword endpoint in AuthController that validates input, changes the user's password via UserManager, updates the security stamp, signs out the user to invalidate sessions, and returns localized messages. Add a simple authorized AppUserController stub (GET /auth/user). Update the 404 view to resolve auth status via fetchCurrentUser, show a dynamic CTA/icon (Dashboard vs Home), auto-redirect after a short delay with proper timer cleanup, and adjust navigation behavior. Update codexInfo.md to document the 404 behavior change.
117 lines
4.0 KiB
C#
117 lines
4.0 KiB
C#
using API.Contracts.Auth;
|
|
using API.Models;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace API.Controllers.Auth
|
|
{
|
|
[ApiController]
|
|
[Route("auth")]
|
|
public class AuthController(
|
|
SignInManager<AppUser> signInManager,
|
|
UserManager<AppUser> userManager)
|
|
: ControllerBase
|
|
{
|
|
[HttpPost("login")]
|
|
[AllowAnonymous]
|
|
public async Task<IActionResult> Login([FromBody] LoginRequest request)
|
|
{
|
|
if (string.IsNullOrWhiteSpace(request.UserName) || string.IsNullOrWhiteSpace(request.Password))
|
|
return BadRequest(new { message = "Benutzername und Passwort sind erforderlich." });
|
|
|
|
var user = await userManager.FindByNameAsync(request.UserName);
|
|
if (user is null)
|
|
return Unauthorized(new { message = "Ungültige Anmeldedaten." });
|
|
|
|
if (!user.IsActive)
|
|
return Forbid();
|
|
|
|
var result = await signInManager.PasswordSignInAsync(
|
|
user,
|
|
request.Password,
|
|
isPersistent: true,
|
|
lockoutOnFailure: false);
|
|
|
|
if (!result.Succeeded)
|
|
return Unauthorized(new { message = "Ungültige Anmeldedaten." });
|
|
|
|
user.UpdatedAt = DateTimeOffset.UtcNow;
|
|
await userManager.UpdateAsync(user);
|
|
|
|
return Ok(new { message = "Login erfolgreich." });
|
|
}
|
|
|
|
[HttpPost("logout")]
|
|
[Authorize]
|
|
public async Task<IActionResult> Logout()
|
|
{
|
|
await signInManager.SignOutAsync();
|
|
return Ok(new { message = "Logout erfolgreich." });
|
|
}
|
|
|
|
[HttpGet("me")]
|
|
[Authorize]
|
|
public async Task<ActionResult<CurrentUserResponse>> Me()
|
|
{
|
|
var user = await userManager.GetUserAsync(User);
|
|
if (user is null)
|
|
return Unauthorized();
|
|
|
|
return Ok(new CurrentUserResponse
|
|
{
|
|
Id = user.Id,
|
|
UserName = user.UserName ?? string.Empty,
|
|
IsAdmin = user.IsAdmin,
|
|
IsActive = user.IsActive,
|
|
MustChangePassword = user.MustChangePassword
|
|
});
|
|
}
|
|
|
|
[HttpPost("password")]
|
|
[Authorize]
|
|
public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequest pwChangeDto)
|
|
{
|
|
var user = await userManager.GetUserAsync(User);
|
|
if (user is null)
|
|
return Unauthorized();
|
|
|
|
if (string.IsNullOrWhiteSpace(pwChangeDto.NewPassword) ||
|
|
string.IsNullOrWhiteSpace(pwChangeDto.OldPassword) ||
|
|
string.IsNullOrWhiteSpace(pwChangeDto.NewPasswordConfirm))
|
|
{
|
|
return BadRequest(new { message = "Alle Passwörter müssen einen Wert enthalten." });
|
|
}
|
|
|
|
if (pwChangeDto.NewPassword != pwChangeDto.NewPasswordConfirm)
|
|
{
|
|
return BadRequest(new { message = "Die neuen Passwörter stimmen nicht überein." });
|
|
}
|
|
|
|
var result = await userManager.ChangePasswordAsync(
|
|
user,
|
|
pwChangeDto.OldPassword,
|
|
pwChangeDto.NewPassword
|
|
);
|
|
|
|
if (!result.Succeeded)
|
|
{
|
|
return BadRequest(new
|
|
{
|
|
message = "Passwort konnte nicht geändert werden.",
|
|
errors = result.Errors.Select(e => e.Description)
|
|
});
|
|
}
|
|
|
|
var stampResult = await userManager.UpdateSecurityStampAsync(user);
|
|
if (!stampResult.Succeeded)
|
|
{
|
|
return StatusCode(500, new { message = "Passwort geändert, aber Sessions konnten nicht invalidiert werden." });
|
|
}
|
|
|
|
await signInManager.SignOutAsync();
|
|
|
|
return Ok(new { message = "Passwort geändert. Du wurdest auf allen Geräten abgemeldet." });
|
|
}
|
|
}
|
|
} |