password recovery

Tsi1.Api/Tsi1.Api/Controllers/UserController.cs

@@ -23,21 +23,27 @@ namespace Tsi1.Api.Controllers
         private readonly IUserService _userService;
         private readonly IUserTypeService _userTypeService;
         private readonly ITenantService _tenantService;
-
-        public UserController(IJwtAuthManager jwtAuthManager, IUserService userService,
-            IUserTypeService userTypeService, ITenantService tenantService)
+        private readonly IEmailService _emailService;
+
+        public UserController(
+            IJwtAuthManager jwtAuthManager,
+            IUserService userService,
+            IUserTypeService userTypeService,
+            ITenantService tenantService,
+            IEmailService emailService)
         {
             _jwtAuthManager = jwtAuthManager;
             _userService = userService;
             _userTypeService = userTypeService;
             _tenantService = tenantService;
+            _emailService = emailService;
         }
 
         [AllowAnonymous]
         [HttpPost("Login")]
         public async Task<IActionResult> Login(LoginRequest request)
         {
-            var resultSplit = request.UserName.Split("@");
+            var resultSplit = request.Username.Split("@");
 
             if (resultSplit.Count() != 2)
             {
@@ -45,9 +51,7 @@ namespace Tsi1.Api.Controllers
             }
 
             var userName = resultSplit[0];
-
             var tenantName = resultSplit[1];
-
             var tenantId = await _tenantService.GetByName(tenantName);
 
             if (tenantId.HasError)
@@ -56,7 +60,6 @@ namespace Tsi1.Api.Controllers
             }
 
             var result = await _userService.Authenticate(userName, request.Password, tenantId.Data);
-
             if (result.HasError)
             {
                 return BadRequest(result.Message);
@@ -217,5 +220,108 @@ namespace Tsi1.Api.Controllers
             return Ok(result.Data);
         }
 
+        [AllowAnonymous]
+        [HttpGet("ForgotPassword/{username}")]
+        public async Task<IActionResult> ForgotPassword(string username)
+        {
+            var resultSplit = username.Split("@");
+
+            if (resultSplit.Count() != 2)
+            {
+                return BadRequest(ErrorMessages.InvalidUsername);
+            }
+
+            username = resultSplit[0];
+            var tenantName = resultSplit[1];
+            var tenantId = await _tenantService.GetByName(tenantName);
+
+            if (tenantId.HasError)
+            {
+                return BadRequest(tenantId.Message);
+            }
+
+            var userResult = await _userService.GetByUsername(username, tenantId.Data);
+
+            if (userResult.HasError)
+            {
+                return BadRequest(userResult.Message);
+            }
+
+            var code = _jwtAuthManager.GenerateVerificationCode(username, DateTime.Now);
+
+            var result = await _emailService.SendVerificationCode(userResult.Data.Email, code);
+            if (result.HasError)
+            {
+                return BadRequest("Ha ocurrido un error");
+            }
+
+            return Ok();
+        }
+
+        [AllowAnonymous]
+        [HttpGet("VerificationCode/{username}/{code}")]
+        public async Task<IActionResult> VerificationCode(string username, int code)
+        {
+            var resultSplit = username.Split("@");
+
+            if (resultSplit.Count() != 2)
+            {
+                return BadRequest(ErrorMessages.InvalidUsername);
+            }
+
+            username = resultSplit[0];
+            var tenantName = resultSplit[1];
+            var tenantId = await _tenantService.GetByName(tenantName);
+
+            if (tenantId.HasError)
+            {
+                return BadRequest(tenantId.Message);
+            }
+
+            if (!_jwtAuthManager.ValidateVerificationCode(username, code))
+            {
+                return BadRequest("Código de verificación incorrecto");
+            }
+
+            var userResult = await _userService.GetByUsername(username, tenantId.Data);
+            if (userResult.HasError)
+            {
+                return BadRequest(userResult.Message);
+            }
+
+            var user = userResult.Data;
+            var claims = new[]
+            {
+                new Claim("Id", user.Id.ToString()),
+                new Claim("Username", user.Username),
+                new Claim("TenantId", user.TenantId.ToString()),
+                new Claim(ClaimTypes.Role, user.UserType.Name)
+            };
+
+            var jwtResult = _jwtAuthManager.GenerateTokens(user.Username, claims, DateTime.Now);
+
+            return Ok(new LoginResult
+            {
+                Id = user.Id,
+                UserName = user.Username,
+                Role = user.UserType.Name,
+                AccessToken = jwtResult.AccessToken,
+                RefreshToken = jwtResult.RefreshToken.TokenString
+            });
+        }
+
+        [HttpPost("RestorePassword")]
+        public async Task<IActionResult> RestorePassword(RestorePasswordDto dto)
+        {
+            var userId = int.Parse(HttpContext.User.Claims.FirstOrDefault(x => x.Type == "Id").Value);
+
+            var result = await _userService.UpdatePassword(userId, dto.Password);
+            if (result.HasError)
+            {
+                return BadRequest(result.Message);
+            }
+
+            return Ok();
+        }
     }
 }