2024-10-23 23:16:01 +02:00
|
|
|
|
using FirmTracker_Server.Models;
|
|
|
|
|
using FirmTracker_Server.Services;
|
|
|
|
|
using FirmTracker_Server;
|
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
|
using FirmTracker_Server.Entities;
|
2024-10-26 21:17:52 +02:00
|
|
|
|
using System.Security.Claims;
|
2024-11-06 22:01:08 +01:00
|
|
|
|
using FirmTracker_Server.Exceptions;
|
2024-10-23 23:16:01 +02:00
|
|
|
|
|
|
|
|
|
namespace FirmTracker_Server.Controllers
|
|
|
|
|
{
|
|
|
|
|
[Route("api/user")]
|
|
|
|
|
[ApiController]
|
|
|
|
|
[Authorize]
|
|
|
|
|
public class UserController : ControllerBase
|
|
|
|
|
{
|
|
|
|
|
private readonly IUserService UserService;
|
|
|
|
|
|
|
|
|
|
public UserController(IUserService userService)
|
|
|
|
|
{
|
|
|
|
|
UserService = userService;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[HttpPost("create")]
|
|
|
|
|
[Authorize(Roles = Roles.Admin)]
|
|
|
|
|
public ActionResult CreateUser([FromBody] CreateUserDto dto)
|
|
|
|
|
{
|
|
|
|
|
if (!ModelState.IsValid)
|
|
|
|
|
{
|
|
|
|
|
return BadRequest("Nieprawidłowa wartość pola. /n" + ModelState);
|
|
|
|
|
}
|
|
|
|
|
var id = UserService.AddUser(dto);
|
|
|
|
|
return Created($"/api/user/{id}", "User dodany poprawnie");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[HttpPost("login")]
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
public ActionResult Login([FromBody] LoginDto dto)
|
|
|
|
|
{
|
|
|
|
|
var token = UserService.CreateTokenJwt(dto);
|
|
|
|
|
return Ok(token);
|
|
|
|
|
}
|
2024-10-26 21:17:52 +02:00
|
|
|
|
[HttpGet("role")]
|
|
|
|
|
[Authorize(Roles = Roles.Admin + "," + Roles.User)]
|
|
|
|
|
public ActionResult<string> GetUserRole()
|
2024-10-23 23:16:01 +02:00
|
|
|
|
{
|
2024-10-26 21:17:52 +02:00
|
|
|
|
var roleClaim = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Role)?.Value;
|
|
|
|
|
if (roleClaim == null)
|
|
|
|
|
{
|
|
|
|
|
return NotFound("Role not found for the logged-in user.");
|
|
|
|
|
}
|
|
|
|
|
return Ok(roleClaim);
|
|
|
|
|
}
|
2024-11-06 22:01:08 +01:00
|
|
|
|
|
|
|
|
|
[HttpPost("change-password")]
|
|
|
|
|
[Authorize(Roles = Roles.User + "," + Roles.Admin)]
|
|
|
|
|
public ActionResult ChangePassword([FromBody] ChangePasswordDto dto)
|
|
|
|
|
{
|
|
|
|
|
if (!ModelState.IsValid)
|
|
|
|
|
{
|
|
|
|
|
return BadRequest("Invalid data.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get the user ID from the claims of the authenticated user
|
|
|
|
|
var userIdClaim = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
|
|
|
|
|
|
|
|
|
|
if (userIdClaim == null || !int.TryParse(userIdClaim, out var userId))
|
|
|
|
|
{
|
|
|
|
|
return Unauthorized("User ID not found.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
// Pass the userId to the service to find the user
|
|
|
|
|
var success = UserService.ChangePassword(userId, dto);
|
|
|
|
|
if (!success)
|
|
|
|
|
{
|
|
|
|
|
return BadRequest("Password change failed.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Ok("Password changed successfully.");
|
|
|
|
|
}
|
|
|
|
|
catch (WrongUserOrPasswordException ex)
|
|
|
|
|
{
|
|
|
|
|
return BadRequest(ex.Message);
|
|
|
|
|
}
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
{
|
|
|
|
|
return StatusCode(500, "An error occurred: " + ex.Message);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
[HttpPost("reset-password")]
|
|
|
|
|
[Authorize(Roles = Roles.Admin)]
|
|
|
|
|
public ActionResult ResetPassword([FromBody] ResetPasswordDto dto)
|
|
|
|
|
{
|
|
|
|
|
if (!ModelState.IsValid)
|
|
|
|
|
{
|
|
|
|
|
return BadRequest("Invalid data.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
// Reset password for the user
|
|
|
|
|
var success = UserService.ResetPassword(dto.UserMail, dto.NewPassword);
|
|
|
|
|
if (!success)
|
|
|
|
|
{
|
|
|
|
|
return BadRequest("Password reset failed.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Ok("Password has been successfully reset.");
|
|
|
|
|
}
|
|
|
|
|
catch (Exception ex)
|
|
|
|
|
{
|
|
|
|
|
return StatusCode(500, "An error occurred: " + ex.Message);
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-10-26 21:17:52 +02:00
|
|
|
|
// New method to get all users
|
|
|
|
|
/* [HttpGet("all")]
|
|
|
|
|
[AllowAnonymous]
|
|
|
|
|
public ActionResult<IList<User>> GetAllUsers()
|
|
|
|
|
{
|
|
|
|
|
var users = UserService.GetAllUsers();
|
|
|
|
|
return Ok(users);
|
|
|
|
|
}*/
|
2024-10-23 23:16:01 +02:00
|
|
|
|
}
|
|
|
|
|
}
|