migrate to identity for authentication

api/src/Controllers/AuthController.cs

@@ -1,6 +1,7 @@
 
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
 
 using agologumApi.Models;
 using agologumApi.Services;
@@ -9,11 +10,17 @@ using agologumApi.Services;
 [Route("api/[controller]")]
 public class AuthController : ControllerBase {
 
+    // identity things
+    private readonly UserManager<User> userManager_;
+    private readonly SignInManager<User> signInManager_;
+
     private readonly UserService users_;
     private readonly JwtService jwt_;
 
-    public AuthController(UserService users, JwtService jwt)
-    {
+    public AuthController(UserManager<User> userManager, SignInManager<User> signInManager, UserService users, JwtService jwt) {
+
+        userManager_ = userManager;
+        signInManager_ = signInManager;
         users_ = users;
         jwt_ = jwt;
     }
@@ -21,10 +28,9 @@ public class AuthController : ControllerBase {
     [HttpPost("register")]
     public async Task<ActionResult> Register(RegisterDto dto) {
         var user = new User {
-            Name = dto.Username,
+            UserName = dto.UserName,
             Email = dto.Email,
             PasswordHash = BCrypt.Net.BCrypt.HashPassword(dto.Password), // TODO: secondary hashing stage in client
-            Role = "user",
             CreatedAt = DateTime.UtcNow // yeah why not utc
         };
 
@@ -39,11 +45,13 @@ public class AuthController : ControllerBase {
     [HttpPost("login")]
     public async Task<ActionResult> Login(LoginDto dto)
     {
-        var user = await users_.Get(dto.Username);
+        var user = await users_.Get(dto.UserName);
 
-        if (user == null || !BCrypt.Net.BCrypt.Verify(dto.Password, user.PasswordHash)) {
-            return Unauthorized();
-        }
+        if (user == null) return Unauthorized();
+
+        var result = await signInManager_.CheckPasswordSignInAsync(user, dto.Password, false);
+
+        if(!result.Succeeded) return Unauthorized();
 
         var token = jwt_.GenerateJwt(user);
 

api/src/Models/Dto.cs

@@ -1,7 +1,7 @@
 
 public class RegisterDto {
 
-    public string Name { get; set; } = "";
+    public string UserName { get; set; } = "";
     public string Email { get; set; } = "";
     public string Password { get; set; } = "";
 
@@ -9,7 +9,7 @@ public class RegisterDto {
 
 public class LoginDto {
 
-    public string Name { get; set; } = "";
+    public string UserName { get; set; } = "";
     public string Password { get; set; } = "";
 
 }

api/src/Models/User.cs

@@ -1,13 +1,32 @@
 
+using Microsoft.AspNetCore.Identity;
+
 namespace agologumApi.Models;
 
-public class User {
+public class User : IdentityUser {
 
-    public int Id { get; set; }
-    public string Name { get; set; } = "";
-    public string Email { get; set; } = "";
-    public string PasswordHash { get; set; } = "";
-    public string Role { get; set; } = "";
     public DateTime CreatedAt { get; set; }
 
+    // properties inherited from IdentityUser:
+    /*
+    AccessFailedCount: Gets or sets the number of failed login attempts for the current user.
+    Claims: Navigation property for the claims this user possesses.
+    ConcurrencyStamp: A random value that must change whenever a user is persisted to the store
+    Email: Gets or sets the email address for this user.
+    EmailConfirmed: Gets or sets a flag indicating if a user has confirmed their email address.
+    Id: Gets or sets the primary key for this user.
+    LockoutEnabled: Gets or sets a flag indicating if the user could be locked out.
+    LockoutEnd: Gets or sets the date and time, in UTC, when any user lockout ends.
+    Logins: Navigation property for this users login accounts.
+    NormalizedEmail: Gets or sets the normalized email address for this user.
+    NormalizedUserName: Gets or sets the normalized user name for this user.
+    PasswordHash: Gets or sets a salted and hashed representation of the password for this user.
+    PhoneNumber: Gets or sets a telephone number for the user.
+    PhoneNumberConfirmed: Gets or sets a flag indicating if a user has confirmed their telephone address.
+    Roles: Navigation property for the roles this user belongs to.
+    SecurityStamp: A random value that must change whenever a users credentials change (password changed, login removed)
+    TwoFactorEnabled: Gets or sets a flag indicating if two factor authentication is enabled for this user.
+    UserName: Gets or sets the user name for this user.
+    https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.entityframeworkcore.identityuser?view=aspnetcore-1.1
+    */
 };

api/src/Services/JwtService.cs

@@ -22,13 +22,17 @@ public class JwtService {
 
         var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
 
+        if(user.UserName == null) return null;
+
         // not too sure
         var claims = new[] {
-            new Claim(ClaimTypes.Name, user.Name),
+            new Claim(ClaimTypes.Name, user.UserName),
             new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())
         };
 
         var token = new JwtSecurityToken(
+            issuer: "agologum",
+            audience: "agologum",
             claims: claims,
             expires: DateTime.UtcNow.AddHours(2), // will add a refresher later
             signingCredentials: creds

api/src/Services/UserService.cs

@@ -22,7 +22,7 @@ public class UserService {
     }
 
     public async Task<User?> Get(string username) {
-        return await db_.Users.FirstOrDefaultAsync(u => u.Name == username);
+        return await db_.Users.FirstOrDefaultAsync(u => u.UserName == username);
     }
 
     public async Task<User> Create(User user) {