on.nemtina/DD.WellWorkover.Cloud
1
0
Fork 0
forked from ddrilling/AsbCloudServer
Code Pull Requests Activity

Fixed Login. Users with State == 0 will not be authenticated

Browse Source
This commit is contained in:
KharchenkoVladimir 2021-10-21 17:24:25 +05:00
parent 16e17c0559
commit 9fea1c94a6
2 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
AsbCloudInfrastructure/Services/AuthService.cs
View File

@ -45,7 +45,7 @@ namespace AsbCloudInfrastructure.Services
var identity = await GetClaimsUserAsync(login, password, token) var identity = await GetClaimsUserAsync(login, password, token)
.ConfigureAwait(false); .ConfigureAwait(false);
if (identity == default) if (identity == default || identity.User.State == 0)
return null; return null;
return new UserTokenDto return new UserTokenDto
@ -89,7 +89,8 @@ namespace AsbCloudInfrastructure.Services
var user = new User var user = new User
{ {
IdCompany = userDto.IdCompany, IdCompany = userDto.IdCompany,
IdRole = userDto.IdRole, IdRole = 2, // simple user
State = 0,
Name = userDto.Name, Name = userDto.Name,
Surname = userDto.Surname, Surname = userDto.Surname,
Patronymic = userDto.Patronymic, Patronymic = userDto.Patronymic,
@ -98,7 +99,7 @@ namespace AsbCloudInfrastructure.Services
Position = userDto.Position, Position = userDto.Position,
Level = userDto.Level, Level = userDto.Level,
Login = userDto.Login, Login = userDto.Login,
PasswordHash = salt + ComputeHash(salt, userDto.Password) PasswordHash = salt + ComputeHash(salt, userDto.Password),
}; };
db.Users.Add(user); db.Users.Add(user);

7
AsbCloudWebApi/Controllers/AuthController.cs
View File

@ -36,7 +36,7 @@ namespace AsbCloudWebApi.Controllers
auth.Password, token).ConfigureAwait(false); auth.Password, token).ConfigureAwait(false);
if (userToken is null) if (userToken is null)
BadRequest();//"wrong login or password" Forbid();
return Ok(userToken); return Ok(userToken);
} }
@ -57,14 +57,9 @@ namespace AsbCloudWebApi.Controllers
/// Регистрация пользователя. Доступна администратору /// Регистрация пользователя. Доступна администратору
/// </summary> /// </summary>
/// <returns code="200">Ок</returns> /// <returns code="200">Ок</returns>
[Authorize]
[HttpPost] [HttpPost]
public IActionResult Register(UserDto user) public IActionResult Register(UserDto user)
{ {
const string roleName = "Администратор";
if (!User.IsInRole(roleName))
return Forbid($"You must be an {roleName}.");
var code = authService.Register(user); var code = authService.Register(user);
return code switch return code switch
{ {