api/src/Controllers/AuthController.cs

@@ -30,15 +30,15 @@ public class AuthController : ControllerBase {
         var user = new User {
             UserName = dto.UserName,
             Email = dto.Email,
-            PasswordHash = BCrypt.Net.BCrypt.HashPassword(dto.Password), // TODO: secondary hashing stage in client
             CreatedAt = DateTime.UtcNow // yeah why not utc
         };
 
-        var newUser = await users_.Create(user);
+        var result = await userManager_.CreateAsync(user, dto.Password);
+        if(!result.Succeeded) return BadRequest(result.Errors);
+
         return CreatedAtAction(
             nameof(Register),
-            new { id = newUser.Id },
-            user
+            new { id = user.Id }
         );
     }
 
@@ -63,6 +63,7 @@ public class AuthController : ControllerBase {
     public ActionResult Logout() {
         // dummy endpoint
         // logout happens upon client-side jwt removal
+        // TODO: expire all refresh tokens 
         return Ok();
     }
 
@@ -70,4 +71,5 @@ public class AuthController : ControllerBase {
     // refresh tokens
     // email verification
     // password reset
+    // oh hell naw 2FA I do not care enough
 }