From 6519305560e2556292ee36848a0d66547db90aee Mon Sep 17 00:00:00 2001 From: Julien LEICHER Date: Wed, 15 Dec 2021 13:54:01 +0100 Subject: [PATCH] ajout autorisation --- .../Controllers/AccountController.cs | 41 +++++++++++++++++-- .../Controllers/CommentsController.cs | 3 ++ .../Controllers/LinksController.cs | 3 ++ Apps/HackerNet.Web/Program.cs | 13 +++++- Apps/HackerNet.Web/Views/Account/Login.cshtml | 23 +++++++++++ .../HackerNet.Web/Views/Shared/_Layout.cshtml | 1 + 6 files changed, 79 insertions(+), 5 deletions(-) create mode 100644 Apps/HackerNet.Web/Views/Account/Login.cshtml diff --git a/Apps/HackerNet.Web/Controllers/AccountController.cs b/Apps/HackerNet.Web/Controllers/AccountController.cs index a048305..0a44403 100644 --- a/Apps/HackerNet.Web/Controllers/AccountController.cs +++ b/Apps/HackerNet.Web/Controllers/AccountController.cs @@ -1,4 +1,5 @@ using HackerNet.Web.Models; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; @@ -7,10 +8,12 @@ namespace HackerNet.Web.Controllers; public class AccountController : HackerController { private readonly UserManager _userManager; + private readonly SignInManager _signInManager; - public AccountController(UserManager userManager) + public AccountController(UserManager userManager, SignInManager signInManager) { _userManager = userManager; + _signInManager = signInManager; } [HttpGet] @@ -46,13 +49,43 @@ public class AccountController : HackerController [HttpGet] public IActionResult Login() { - return View(); + return View(new SignupLoginViewModel()); } [HttpPost] [ValidateAntiForgeryToken] - public IActionResult Login(SignupLoginViewModel cmd) + public async Task Login(SignupLoginViewModel cmd, string? redirectUrl = null) { - return View(); + if (!ModelState.IsValid) + { + return View(cmd); + } + + var user = await _userManager.FindByNameAsync(cmd.Username); + + if (user == null) + { + ModelState + .AddModelError(nameof(SignupLoginViewModel.Username), "Nom d'utilisateur ou mot de passe invalide"); + return View(cmd); + } + + var result = await _signInManager.PasswordSignInAsync(user, cmd.Password, true, false); + + if (!result.Succeeded) + { + ModelState + .AddModelError(nameof(SignupLoginViewModel.Username), "Nom d'utilisateur ou mot de passe invalide"); + return View(cmd); + } + + SetFlashMessage("Vous êtes désormais connecté !"); + + if (!string.IsNullOrWhiteSpace(redirectUrl)) + { + return Redirect(redirectUrl); + } + + return RedirectToAction("Index", "Links"); } } \ No newline at end of file diff --git a/Apps/HackerNet.Web/Controllers/CommentsController.cs b/Apps/HackerNet.Web/Controllers/CommentsController.cs index da7f26a..59d5762 100644 --- a/Apps/HackerNet.Web/Controllers/CommentsController.cs +++ b/Apps/HackerNet.Web/Controllers/CommentsController.cs @@ -1,4 +1,5 @@ using HackerNet.Application; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace HackerNet.Web.Controllers; @@ -13,6 +14,7 @@ public class CommentsController : HackerController } [HttpGet] + [Authorize] public IActionResult New(Guid id) { var link = _linkService.GetLinkDetail(id); @@ -26,6 +28,7 @@ public class CommentsController : HackerController [HttpPost] [ValidateAntiForgeryToken] + [Authorize] public IActionResult New(PublishCommentCommand cmd) { if (!ModelState.IsValid) diff --git a/Apps/HackerNet.Web/Controllers/LinksController.cs b/Apps/HackerNet.Web/Controllers/LinksController.cs index 3c709b9..e97030e 100644 --- a/Apps/HackerNet.Web/Controllers/LinksController.cs +++ b/Apps/HackerNet.Web/Controllers/LinksController.cs @@ -1,6 +1,7 @@ using HackerNet.Application; using HackerNet.Infrastructure.AspNet.Filters; using HackerNet.Web.Models; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace HackerNet.Web.Controllers; @@ -36,6 +37,7 @@ public class LinksController : HackerController } [HttpGet] + [Authorize] public IActionResult New() { return View(new PublishLinkCommand()); @@ -43,6 +45,7 @@ public class LinksController : HackerController [HttpPost] [ValidateAntiForgeryToken] + [Authorize] public IActionResult New(PublishLinkCommand cmd) { if (!ModelState.IsValid) diff --git a/Apps/HackerNet.Web/Program.cs b/Apps/HackerNet.Web/Program.cs index 03e78ac..1320ee4 100644 --- a/Apps/HackerNet.Web/Program.cs +++ b/Apps/HackerNet.Web/Program.cs @@ -1,7 +1,7 @@ using HackerNet.Infrastructure.AspNet; using HackerNet.Infrastructure.Repositories.EntityFramework; -using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Identity; +using Microsoft.AspNetCore.Mvc.Authorization; var builder = WebApplication.CreateBuilder(args); @@ -15,11 +15,22 @@ builder.Services }) .AddEntityFrameworkStores(); +builder.Services.AddAuthorization(o => +{ + // o.AddPolicy("IsAdmin", builder => builder + // .RequireRole("Admin") + // .RequireAuthenticatedUser() + // .RequireClaim() + // .AddRequirements() + // .RequireUserName("julien")); +}); + builder.Services //.AddHackerNetServicesMemory() .AddHackerNetServicesEntityFramework(builder.Configuration) .AddControllersWithViews(o => { + // o.Filters.Add(new AuthorizeFilter()); //o.Filters.Add(); }); diff --git a/Apps/HackerNet.Web/Views/Account/Login.cshtml b/Apps/HackerNet.Web/Views/Account/Login.cshtml new file mode 100644 index 0000000..619b056 --- /dev/null +++ b/Apps/HackerNet.Web/Views/Account/Login.cshtml @@ -0,0 +1,23 @@ +@model HackerNet.Web.Models.SignupLoginViewModel +@{ + ViewData["Title"] = "Se connecter"; +} + +
+

@ViewData["Title"]

+ +
+ + + + + + + + +
+ +
+
+
+ diff --git a/Apps/HackerNet.Web/Views/Shared/_Layout.cshtml b/Apps/HackerNet.Web/Views/Shared/_Layout.cshtml index bc5b41e..f16000c 100644 --- a/Apps/HackerNet.Web/Views/Shared/_Layout.cshtml +++ b/Apps/HackerNet.Web/Views/Shared/_Layout.cshtml @@ -20,6 +20,7 @@ } else { + Se connecter Créer un compte }