ajout autorisation

Apps/HackerNet.Web/Controllers/AccountController.cs

@@ -1,4 +1,5 @@
 using HackerNet.Web.Models;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 
@@ -7,10 +8,12 @@ namespace HackerNet.Web.Controllers;
 public class AccountController : HackerController
 {
   private readonly UserManager<IdentityUser> _userManager;
+  private readonly SignInManager<IdentityUser> _signInManager;
 
-  public AccountController(UserManager<IdentityUser> userManager)
+  public AccountController(UserManager<IdentityUser> userManager, SignInManager<IdentityUser> signInManager)
   {
     _userManager = userManager;
+    _signInManager = signInManager;
   }
 
   [HttpGet]
@@ -46,13 +49,43 @@ public class AccountController : HackerController
   [HttpGet]
   public IActionResult Login()
   {
-    return View();
+    return View(new SignupLoginViewModel());
   }
 
   [HttpPost]
   [ValidateAntiForgeryToken]
-  public IActionResult Login(SignupLoginViewModel cmd)
+  public async Task<IActionResult> Login(SignupLoginViewModel cmd, string? redirectUrl = null)
   {
-    return View();
+    if (!ModelState.IsValid)
+    {
+      return View(cmd);
+    }
+
+    var user = await _userManager.FindByNameAsync(cmd.Username);
+
+    if (user == null)
+    {
+      ModelState
+        .AddModelError(nameof(SignupLoginViewModel.Username), "Nom d'utilisateur ou mot de passe invalide");
+      return View(cmd);
+    }
+
+    var result = await _signInManager.PasswordSignInAsync(user, cmd.Password, true, false);
+
+    if (!result.Succeeded)
+    {
+      ModelState
+        .AddModelError(nameof(SignupLoginViewModel.Username), "Nom d'utilisateur ou mot de passe invalide");
+      return View(cmd);
+    }
+
+    SetFlashMessage("Vous êtes désormais connecté !");
+
+    if (!string.IsNullOrWhiteSpace(redirectUrl))
+    {
+      return Redirect(redirectUrl);
+    }
+
+    return RedirectToAction("Index", "Links");
   }
 }

Apps/HackerNet.Web/Controllers/CommentsController.cs

@@ -1,4 +1,5 @@
 using HackerNet.Application;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace HackerNet.Web.Controllers;
@@ -13,6 +14,7 @@ public class CommentsController : HackerController
   }
 
   [HttpGet]
+  [Authorize]
   public IActionResult New(Guid id)
   {
     var link = _linkService.GetLinkDetail(id);
@@ -26,6 +28,7 @@ public class CommentsController : HackerController
 
   [HttpPost]
   [ValidateAntiForgeryToken]
+  [Authorize]
   public IActionResult New(PublishCommentCommand cmd)
   {
     if (!ModelState.IsValid)

Apps/HackerNet.Web/Controllers/LinksController.cs

@@ -1,6 +1,7 @@
 using HackerNet.Application;
 using HackerNet.Infrastructure.AspNet.Filters;
 using HackerNet.Web.Models;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace HackerNet.Web.Controllers;
@@ -36,6 +37,7 @@ public class LinksController : HackerController
   }
 
   [HttpGet]
+  [Authorize]
   public IActionResult New()
   {
     return View(new PublishLinkCommand());
@@ -43,6 +45,7 @@ public class LinksController : HackerController
 
   [HttpPost]
   [ValidateAntiForgeryToken]
+  [Authorize]
   public IActionResult New(PublishLinkCommand cmd)
   {
     if (!ModelState.IsValid)

Apps/HackerNet.Web/Program.cs

@@ -1,7 +1,7 @@
 using HackerNet.Infrastructure.AspNet;
 using HackerNet.Infrastructure.Repositories.EntityFramework;
-using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc.Authorization;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -15,11 +15,22 @@ builder.Services
   })
   .AddEntityFrameworkStores<HackerContext>();
 
+builder.Services.AddAuthorization(o =>
+{
+  // o.AddPolicy("IsAdmin", builder => builder
+  // .RequireRole("Admin")
+  // .RequireAuthenticatedUser()
+  // .RequireClaim()
+  // .AddRequirements()
+  // .RequireUserName("julien"));
+});
+
 builder.Services
   //.AddHackerNetServicesMemory()
   .AddHackerNetServicesEntityFramework(builder.Configuration)
   .AddControllersWithViews(o =>
 {
+  // o.Filters.Add(new AuthorizeFilter());
   //o.Filters.Add<CustomExceptionFilter>();
 });
 

Apps/HackerNet.Web/Views/Account/Login.cshtml

@@ -0,0 +1,23 @@
+@model HackerNet.Web.Models.SignupLoginViewModel
+@{
+  ViewData["Title"] = "Se connecter";
+}
+
+<div class="shadow-xl p-6">
+  <h1 class="font-semibold text-xl text-indigo-500">@ViewData["Title"]</h1>
+
+  <form asp-action="Login" asp-route-redirectUrl="@Context.Request.Query["ReturnUrl"]" method="post">
+    <label asp-for="@Model.Username"></label>
+    <input class="mt-4 bg-gray-100 rounded-xl px-2 py-4 block w-full" asp-for="@Model.Username" />
+    <span class="text-red-700 text-sm block" asp-validation-for="@Model.Username"></span>
+
+    <label asp-for="@Model.Password"></label>
+    <input class="mt-4 bg-gray-100 rounded-xl px-2 py-4 block w-full" asp-for="@Model.Password" />
+    <span class="text-red-700 text-sm block" asp-validation-for="@Model.Password"></span>
+
+    <div class="mt-4 flex justify-end">
+      <button type="submit" class="px-4 py-2 text-indigo-500 font-semibold rounded-xl bg-indigo-100">Se connecter</button>
+    </div>
+  </form>
+</div>
+

Apps/HackerNet.Web/Views/Shared/_Layout.cshtml

@@ -20,6 +20,7 @@
                 }
                 else
                 {
+                    <a asp-controller="Account" asp-action="Login" class="px-4 py-2 text-indigo-500 font-semibold rounded-xl bg-indigo-100">Se connecter</a>
                     <a asp-controller="Account" asp-action="Signup" class="px-4 py-2 text-indigo-500 font-semibold rounded-xl bg-indigo-100">Créer un compte</a>
                 }
             </div>