refactor: add functionality to require confirmed Email and PhoneNumber to te able to authenticate

2023-06-04 17:38:55 +03:00 · 2023-06-04 17:38:55 +03:00 · ea0681f78a
commit ea0681f78a
parent 8b9c9ae324
7 changed files with 102 additions and 27 deletions
--- a/Server/Controllers/AuthenticationController.cs
+++ b/Server/Controllers/AuthenticationController.cs
@ -23,7 +23,7 @@ public class AuthenticationController : ControllerBase
    }

    [HttpPost("register")]
-    public async Task<IActionResult> RegisterAsync([FromBody] RegistrationRequest request)
+    public async Task<IActionResult> Register([FromBody] RegistrationRequest request)
    {
        var result = await _authService.Register(request);

@ -34,6 +34,19 @@ public class AuthenticationController : ControllerBase
        
        return Ok();
    }
+    
+    [HttpPost("sendEmailConfirmationCode")]
+    public async Task<IActionResult> SendEmailConfirmationCode([FromBody] SendConfirmationRegistrationEmailRequest request)
+    {
+        var result = await _authService.SendEmailConfirmationCode(request);
+        
+        if (!result.succeeded)
+        {
+            return result.actionResult;
+        }
+
+        return Ok();
+    }

    [HttpPost("confirmEmail")]
    public async Task<IActionResult> ConfirmEmail([FromBody] ConfirmRegistrationEmailRequest request)
@ -48,6 +61,19 @@ public class AuthenticationController : ControllerBase
        return Ok();
    }
    
+    [HttpPost("sendPhoneNumberConfirmationCode")]
+    public async Task<IActionResult> SendPhoneNumberConfirmationCode([FromBody] SendConfirmationRegistrationPhoneNumberRequest request)
+    {
+        var result = await _authService.SendPhoneNumberConfirmationCode(request);
+        
+        if (!result.succeeded)
+        {
+            return result.actionResult;
+        }
+
+        return Ok();
+    }
+    
    [HttpPost("confirmPhoneNumber")]
    public async Task<IActionResult> ConfirmPhoneNumber([FromBody] ConfirmRegistrationPhoneNumberRequest request)
    {
@ -65,7 +91,7 @@ public class AuthenticationController : ControllerBase
    public async Task<IActionResult> Authenticate(AuthenticationRequest authRequest)
    {
        var (succeeded, authResponse, refreshToken) =
-            await _authService.AuthenticateAsync(authRequest);
+            await _authService.Authenticate(authRequest);

        if (!succeeded)
        {
@ -81,7 +107,7 @@ public class AuthenticationController : ControllerBase
    public async Task<IActionResult> AuthenticateWithGoogle(GoogleAuthenticationRequest authRequest)
    {
        var (succeeded, authResponse, refreshToken) =
-            await _authService.AuthenticateWithGoogleAsync(authRequest);
+            await _authService.AuthenticateWithGoogle(authRequest);

        if (!succeeded)
        {
@ -99,7 +125,7 @@ public class AuthenticationController : ControllerBase
        var refreshToken = Request.Cookies["refreshToken"];

        var (succeeded, authResponse, newRefreshToken) =
-            await _authService.RenewRefreshTokenAsync(refreshToken);
+            await _authService.RenewRefreshToken(refreshToken);

        if (!succeeded)
        {
--- a/Server/Services/AuthenticationService.cs
+++ b/Server/Services/AuthenticationService.cs
@ -70,16 +70,30 @@ public class AuthenticationService : IAuthenticationService

        await _userManager.AddToRoleAsync(user, Identity.DefaultRole.ToString());

-        var emailConfirmationToken = await _userManager.GenerateEmailConfirmationTokenAsync(user);
-        var confirmationMessage =
+        var emailMessage =
            "Someone registered an account on our service with your email.\n" +
-            $"Here is your confirmation code: {emailConfirmationToken}\n\n" +
            "If this was not you, please ignore this message.";
        
-        try { await _emailSender.SendMail(user.Email, "Email confirmation", confirmationMessage); }
+        try { await _emailSender.SendMail(user.Email, "Account Registration", emailMessage); }
        catch (Exception e) { /* ignored */ }
        
-        // TODO: Add phone number confirmation
+        return (true, null!);
+    }
+
+    public async Task<(bool succeeded, IActionResult actionResult)> SendEmailConfirmationCode(SendConfirmationRegistrationEmailRequest request)
+    {
+        var dbUser = await _userManager.FindByEmailAsync(request.Email);
+
+        if (dbUser == null)
+        {
+            return (false, new BadRequestObjectResult("Email not registered"));
+        }
+        
+        var emailConfirmationToken = await _userManager.GenerateEmailConfirmationTokenAsync(dbUser);
+        var confirmationMessage = $"Confirmation code: {emailConfirmationToken}";
+
+        try { await _emailSender.SendMail(dbUser.Email, "Email Confirmation", confirmationMessage); }
+        catch (Exception e) { /* ignored */ }

        return (true, null!);
    }
@ -97,17 +111,25 @@ public class AuthenticationService : IAuthenticationService
        return (true, null!);
    }

+    public Task<(bool succeeded, IActionResult actionResult)> SendPhoneNumberConfirmationCode(SendConfirmationRegistrationPhoneNumberRequest request)
+    {
+        throw new NotImplementedException();
+    }
+
    public async Task<(bool succeeded, IActionResult actionResult)> ConfirmRegistrationPhoneNumber(ConfirmRegistrationPhoneNumberRequest numberRequest)
    {
        var dbUser = await _userManager.Users.FirstAsync(u => u.PhoneNumber == numberRequest.PhoneNumber);

        // TODO: Add phone number confirmation token validation

+        dbUser.PhoneNumberConfirmed = true;
+        await _userManager.UpdateAsync(dbUser);
+        
        return (true, null!);
    }

    public async Task<(bool succeeded, AuthenticationResponse authResponse, string? refreshToken)>
-        AuthenticateAsync(AuthenticationRequest request)
+        Authenticate(AuthenticationRequest request)
    {
        var authResponse = new AuthenticationResponse();

@ -118,10 +140,22 @@ public class AuthenticationService : IAuthenticationService
            authResponse.Message = $"No accounts registered with {request.Email}.";
            return (false, authResponse, null);
        }
+        
+        if (!user.EmailConfirmed)
+        {
+            authResponse.Message = "You must confirm your email before logging in";
+            return (false, authResponse, null);
+        }
+        
+        if (!user.PhoneNumberConfirmed)
+        {
+            authResponse.Message = "You must confirm your phone number before logging in";
+            return (false, authResponse, null);
+        }

        if (!await _userManager.CheckPasswordAsync(user, request.Password))
        {
-            authResponse.Message = $"Incorrect email or password.";
+            authResponse.Message = "Incorrect email or password.";
            return (false, authResponse, null);
        }

@ -150,7 +184,7 @@ public class AuthenticationService : IAuthenticationService
    }

    public async Task<(bool succeeded, AuthenticationResponse authResponse, string? refreshToken)>
-        AuthenticateWithGoogleAsync(GoogleAuthenticationRequest request)
+        AuthenticateWithGoogle(GoogleAuthenticationRequest request)
    {
        GoogleJsonWebSignature.ValidationSettings settings = new GoogleJsonWebSignature.ValidationSettings();

@ -200,7 +234,7 @@ public class AuthenticationService : IAuthenticationService
    }

    public async Task<(bool succeeded, AuthenticationResponse authResponse, string? refreshToken)>
-        RenewRefreshTokenAsync(string? token)
+        RenewRefreshToken(string? token)
    {
        var authResponse = new AuthenticationResponse();

--- a/Server/Services/IAuthenticationService.cs
+++ b/Server/Services/IAuthenticationService.cs
@ -1,5 +1,4 @@
 using Microsoft.AspNetCore.Mvc;
-using SharedModels.Requests;
 using SharedModels.Requests.Authentication;
 using SharedModels.Responses;

@ -9,18 +8,22 @@ public interface IAuthenticationService
 {
    Task<(bool succeeded, IActionResult actionResult)> Register(RegistrationRequest request);
    
+    Task<(bool succeeded, IActionResult actionResult)> SendEmailConfirmationCode(SendConfirmationRegistrationEmailRequest request);
+    
    Task<(bool succeeded, IActionResult actionResult)> ConfirmRegistrationEmail(ConfirmRegistrationEmailRequest request);
    
+    Task<(bool succeeded, IActionResult actionResult)> SendPhoneNumberConfirmationCode(SendConfirmationRegistrationPhoneNumberRequest request);
+    
    Task<(bool succeeded, IActionResult actionResult)> ConfirmRegistrationPhoneNumber(ConfirmRegistrationPhoneNumberRequest numberRequest);

    Task<(bool succeeded, AuthenticationResponse authResponse, string? refreshToken)>
-        AuthenticateAsync(AuthenticationRequest request);
+        Authenticate(AuthenticationRequest request);
    
    Task<(bool succeeded, AuthenticationResponse authResponse, string? refreshToken)>
-        AuthenticateWithGoogleAsync(GoogleAuthenticationRequest request);
+        AuthenticateWithGoogle(GoogleAuthenticationRequest request);

    Task<(bool succeeded, AuthenticationResponse authResponse, string? refreshToken)>
-        RenewRefreshTokenAsync(string? token);
+        RenewRefreshToken(string? token);

    Task<bool> RevokeRefreshToken(string? token);
 }
--- a/SharedModels/Requests/Authentication/ConfirmRegistrationEmailRequest.cs
+++ b/SharedModels/Requests/Authentication/ConfirmRegistrationEmailRequest.cs
@ -2,12 +2,8 @@ using System.ComponentModel.DataAnnotations;

 namespace SharedModels.Requests.Authentication;

-public class ConfirmRegistrationEmailRequest
+public class ConfirmRegistrationEmailRequest : SendConfirmationRegistrationEmailRequest
 {
-    [Required]
-    [DataType(DataType.EmailAddress)]
-    public string Email { get; set; } = null!;
-
    [Required]
    public string Token { get; set; } = null!;
 }
--- a/SharedModels/Requests/Authentication/ConfirmRegistrationPhoneNumberRequest.cs
+++ b/SharedModels/Requests/Authentication/ConfirmRegistrationPhoneNumberRequest.cs
@ -2,12 +2,8 @@ using System.ComponentModel.DataAnnotations;

 namespace SharedModels.Requests.Authentication;

-public class ConfirmRegistrationPhoneNumberRequest
+public class ConfirmRegistrationPhoneNumberRequest : SendConfirmationRegistrationPhoneNumberRequest
 {
-    [Required]
-    [DataType(DataType.PhoneNumber)]
-    public string PhoneNumber { get; set; } = null!;
-    
    [Required]
    public string Token { get; set; } = null!;
 }
--- a/SharedModels/Requests/Authentication/SendConfirmationRegistrationEmailRequest.cs
+++ b/SharedModels/Requests/Authentication/SendConfirmationRegistrationEmailRequest.cs
@ -0,0 +1,10 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace SharedModels.Requests.Authentication;
+
+public class SendConfirmationRegistrationEmailRequest
+{
+    [Required]
+    [DataType(DataType.EmailAddress)]
+    public string Email { get; set; } = null!;
+}
--- a/SharedModels/Requests/Authentication/SendConfirmationRegistrationPhoneNumberRequest.cs
+++ b/SharedModels/Requests/Authentication/SendConfirmationRegistrationPhoneNumberRequest.cs
@ -0,0 +1,10 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace SharedModels.Requests.Authentication;
+
+public class SendConfirmationRegistrationPhoneNumberRequest
+{
+    [Required]
+    [DataType(DataType.PhoneNumber)]
+    public string PhoneNumber { get; set; } = null!;
+}