Update token controller for security (in body instead of url)

2025-12-06 01:31:19 +00:00 · 2020-03-04 23:13:25 +01:00 · 2020-03-04 23:13:25 +01:00 · 8c0468a22e
commit 8c0468a22e
parent 45fbed654a
5 changed files with 23 additions and 9 deletions
--- a/MyCore/Controllers/OddController.cs
+++ b/MyCore/Controllers/OddController.cs
@ -90,7 +90,7 @@ namespace MyCore.Controllers
            }
        }

-        public async Task<List<OddNice>> GetOddsForCountry(string id, double oddRequest)
+        private async Task<List<OddNice>> GetOddsForCountry(string id, double oddRequest)
        {
            League league = new League(id);
            var result = await oddService.GetOddsForLeague(league);
@ -116,7 +116,7 @@ namespace MyCore.Controllers
            }
            return oddToKeep;
        }
-
+        /*
        // POST api/values
        [HttpPost]
        public void Post([FromBody] string value)
@ -136,6 +136,6 @@ namespace MyCore.Controllers
        public void Delete(int id)
        {
            // For more information on protecting this API from Cross Site Request Forgery (CSRF) attacks, see https://go.microsoft.com/fwlink/?LinkID=717803
-        }
+        }*/
    }
 }
--- a/MyCore/Controllers/TokenController.cs
+++ b/MyCore/Controllers/TokenController.cs
@ -10,6 +10,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.IdentityModel.Tokens;
+using MyCore.DTO;
 using MyCore.Models;
 using MyCore.Services;

@ -31,14 +32,14 @@ namespace MyCore.Controllers

        [AllowAnonymous]
        [HttpPost]
-        public ActionResult<UserInfo> Create(string email, string password)
+        public ActionResult<UserInfo> ConnectUser([FromBody] TokenDTO tokenDTO)
        {
            //string test = _TokenService.GenerateSHA256String(password);

-            if (IsValidUserAndPasswordCombination(email, password))
+            if (IsValidUserAndPasswordCombination(tokenDTO.Email, tokenDTO.Password))
            {
-                UserInfo user = _userService.GetUserByEmail(email);
-                user.Token = _tokenService.GenerateToken(email).ToString();
+                UserInfo user = _userService.GetUserByEmail(tokenDTO.Email);
+                user.Token = _tokenService.GenerateToken(tokenDTO.Email).ToString();

                return user;
            }
--- a/MyCore/DTO/TokenDTO.cs
+++ b/MyCore/DTO/TokenDTO.cs
@ -0,0 +1,13 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace MyCore.DTO
+{
+    public class TokenDTO
+    {
+        public string Email { get; set; }
+        public string Password { get; set; }
+    }
+}
--- a/MyCore/Startup.cs
+++ b/MyCore/Startup.cs
@ -30,7 +30,7 @@ namespace MyCore

            //MerossService merossService = new MerossService();

-            ArloService arloService = new ArloService();
+            //ArloService arloService = new ArloService();
        }

        public IConfiguration Configuration { get; }
--- a/swagger.json
+++ b/swagger.json