using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; using MvcMovie.Models; using System.Threading.Tasks; using Microsoft.Extensions.Logging; using MvcMovie.Data; namespace MvcMovie.Controllers { [Authorize] public class AccountController : Controller { private readonly UserManager _userManager; private readonly SignInManager _signInManager; private readonly ILogger _logger; public AccountController(UserManager userMgr, SignInManager signinMgr, ILogger logger) { _userManager = userMgr; _signInManager = signinMgr; _logger = logger; } [AllowAnonymous] public IActionResult Login(string returnUrl) { var login = new Login { ReturnUrl = returnUrl }; return View(login); } [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task Login(Login login) { if (ModelState.IsValid) { var appUser = await _userManager.FindByNameAsync(login.Email); if (appUser != null) { await _signInManager.SignOutAsync(); var result = await _signInManager.PasswordSignInAsync(appUser, login.Password, false, true); if (result.Succeeded) { _logger.LogInformation($"User {login.Email} logged in."); return Redirect(login.ReturnUrl ?? "/"); } } ModelState.AddModelError(nameof(login.Email), "Login Failed: Invalid Email or password"); } return View(login); } public async Task Logout() { var user = await _userManager.GetUserAsync(HttpContext.User); if (user != null) _logger.LogInformation($"User {user.UserName} logged out."); await _signInManager.SignOutAsync(); return RedirectToAction("Index", "Home"); } public IActionResult ChangePassword() { var model = new ChangePassword(); return View(model); } [HttpPost] [ValidateAntiForgeryToken] public async Task ChangePassword(ChangePassword changePassword) { if (!ModelState.IsValid) return View(changePassword); var user = await _userManager.GetUserAsync(HttpContext.User); if (user == null) return NotFound(); var changePassResult = await _userManager.ChangePasswordAsync(user, changePassword.CurrentPassword, changePassword.NewPassword); if (!changePassResult.Succeeded) { foreach (var error in changePassResult.Errors) ModelState.AddModelError(error.Code, error.Description); return View(changePassword); } if(user.EnforceChangePassword) { user.EnforceChangePassword = false; await _userManager.UpdateAsync(user); } _logger.LogInformation($"User {user.UserName} password changed."); return RedirectToAction("ChangePasswordConfirmation"); } public IActionResult ChangePasswordConfirmation() { return View(); } public IActionResult SetPassword() { var model = new SetPassword(); return View(model); } [HttpPost] [ValidateAntiForgeryToken] public async Task SetPassword(SetPassword setPassword) { if (!ModelState.IsValid) return View(setPassword); var user = await _userManager.GetUserAsync(HttpContext.User); if (user == null) return NotFound(); var changePassResult = await _userManager.ChangePasswordAsync(user, DbHelper.DefaultPassword, setPassword.NewPassword); if (!changePassResult.Succeeded) { foreach (var error in changePassResult.Errors) ModelState.AddModelError(error.Code, error.Description); return View(setPassword); } if(user.EnforceChangePassword) { user.EnforceChangePassword = false; await _userManager.UpdateAsync(user); } _logger.LogInformation($"User {user.UserName} password changed."); return RedirectToAction("ChangePasswordConfirmation"); } } }