Hej, piszę API w ASP.NET Core 2.2 pod Angulara i ciekaw jestem czy coś byście dodali, usunęli, albo zmienili w kontrolerze użytkownika (na razie tylko rejestracja)? Trochę się boję o security i odpowiednią komunikacją z klientem... Też do końca nie wiem jeszcze co powinien zwrócić w wypadku powodzenia, ale się jeszcze dowiem...
[Route("api/[controller]")]
public class UserController : Controller
{
private readonly UserManager<AppUser> _userManager;
private readonly IUserValidation _validator;
public UserController(UserManager<AppUser> userMgr, IUserValidation validator)
{
_userManager = userMgr;
_validator = validator;
}
/// <summary>
/// POST: api/user/register
/// </summary>
/// <returns>Creates a new User and return it accordingly.
///</returns>
[HttpPost("Register")]
public async Task<IActionResult> AddNewUser([FromBody]UserViewModel userRegisterVm)
{
//todo: sanitizer
if (!_validator.VerifyPassedRegisterViewModel(userRegisterVm))
{
return new ObjectResult("Wrong register user input, or user is null.") { StatusCode = 422 };
}
if (!ModelState.IsValid)
{
string errors = string.Join(", ", ModelState.Select(x => x.Value.Errors)
.Where(y => y.Count > 0)
.ToList());
return new ObjectResult("Wrong register user input: " + errors + ".") { StatusCode = 422 };
}
AppUser user = await _userManager.FindByNameAsync(userRegisterVm.UserName);
if (user != null)
{
return new ObjectResult("Username already exists.") { StatusCode = 409 };
}
user = await _userManager.FindByEmailAsync(userRegisterVm.Email);
if (user != null)
{
return new ObjectResult("Email already exists.") { StatusCode = 409 };
}
bool result = await CreateNewUserAndAddToDbAsync(userRegisterVm);
if (!result)
{
return new ObjectResult("Error when creating new user.") { StatusCode = 409 };
}
return Ok();
}
/// <summary>
/// Creates new user and adds to the Db
/// </summary>
/// <param name="registerVm">User inputs</param>
/// <returns>Boolean if succeeded or not</returns>
private async Task<bool> CreateNewUserAndAddToDbAsync(UserViewModel registerVm)
{
AppUser user = CreateNewUser(registerVm);
IdentityResult result = await _userManager.CreateAsync(user, registerVm.Password);
if (!result.Succeeded)
{
return false;
}
if (!await UpdateDbWithNewUser(user))
{
return false;
}
return true;
}
/// <summary>
/// Creates new user
/// </summary>
/// <param name="registerVm">User inputs</param>
/// <returns>New user</returns>
private AppUser CreateNewUser(UserViewModel registerVm)
{
var now = DateTime.Now;
return new AppUser()
{
SecurityStamp = Guid.NewGuid().ToString(),
UserName = registerVm.UserName,
Email = registerVm.Email
};
}
/// <summary>
/// Adds new user to the Db
/// </summary>
/// <param name="user">Passed user</param>
/// <returns>Boolean if succeeded or not</returns>
private async Task<bool> UpdateDbWithNewUser(AppUser user)
{
try
{
await _userManager.UpdateAsync(user);
return true;
}
catch
{
return false;
}
}
}