diff --git a/AsbCloudInfrastructure/Services/AuthService.cs b/AsbCloudInfrastructure/Services/AuthService.cs index e42e9b8c..53754c58 100644 --- a/AsbCloudInfrastructure/Services/AuthService.cs +++ b/AsbCloudInfrastructure/Services/AuthService.cs @@ -45,7 +45,7 @@ namespace AsbCloudInfrastructure.Services var identity = await GetClaimsUserAsync(login, password, token) .ConfigureAwait(false); - if (identity == default) + if (identity == default || identity.User.State == 0) return null; return new UserTokenDto @@ -89,7 +89,8 @@ namespace AsbCloudInfrastructure.Services var user = new User { IdCompany = userDto.IdCompany, - IdRole = userDto.IdRole, + IdRole = 2, // simple user + State = 0, Name = userDto.Name, Surname = userDto.Surname, Patronymic = userDto.Patronymic, @@ -98,7 +99,7 @@ namespace AsbCloudInfrastructure.Services Position = userDto.Position, Level = userDto.Level, Login = userDto.Login, - PasswordHash = salt + ComputeHash(salt, userDto.Password) + PasswordHash = salt + ComputeHash(salt, userDto.Password), }; db.Users.Add(user); diff --git a/AsbCloudWebApi/Controllers/AuthController.cs b/AsbCloudWebApi/Controllers/AuthController.cs index 6cf23e7e..58753b19 100644 --- a/AsbCloudWebApi/Controllers/AuthController.cs +++ b/AsbCloudWebApi/Controllers/AuthController.cs @@ -36,7 +36,7 @@ namespace AsbCloudWebApi.Controllers auth.Password, token).ConfigureAwait(false); if (userToken is null) - BadRequest();//"wrong login or password" + Forbid(); return Ok(userToken); } @@ -57,14 +57,9 @@ namespace AsbCloudWebApi.Controllers /// Регистрация пользователя. Доступна администратору /// /// Ок - [Authorize] [HttpPost] public IActionResult Register(UserDto user) { - const string roleName = "Администратор"; - if (!User.IsInRole(roleName)) - return Forbid($"You must be an {roleName}."); - var code = authService.Register(user); return code switch {