using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System.Security.Claims; using LittleShop.Services; using LittleShop.DTOs; namespace LittleShop.Areas.Admin.Controllers; [Area("Admin")] public class AccountController : Controller { private readonly IAuthService _authService; public AccountController(IAuthService authService) { _authService = authService; } [HttpGet] public IActionResult Login() { if (User.Identity?.IsAuthenticated == true) { return RedirectToAction("Index", "Dashboard"); } return View(); } [HttpPost] [ValidateAntiForgeryToken] public async Task Login(string username, string password) { Console.WriteLine($"Received Username: '{username}', Password: '{password}'"); if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { ModelState.AddModelError("", "Username and password are required"); return View(); } // Use AuthService to validate against database users var loginDto = new LoginDto { Username = username, Password = password }; var authResponse = await _authService.LoginAsync(loginDto); if (authResponse != null) { // Get the actual user from database to get correct ID var user = await _authService.GetUserByUsernameAsync(username); if (user != null) { var claims = new List { new(ClaimTypes.Name, user.Username), new(ClaimTypes.NameIdentifier, user.Id.ToString()), // Use real database ID new(ClaimTypes.Role, "Admin") // All users in admin system are admins }; var identity = new ClaimsIdentity(claims, "Cookies"); var principal = new ClaimsPrincipal(identity); await HttpContext.SignInAsync("Cookies", principal); return RedirectToAction("Index", "Dashboard"); } } ModelState.AddModelError("", "Invalid username or password"); return View(); } [HttpPost] [ValidateAntiForgeryToken] [Authorize] public async Task Logout() { await HttpContext.SignOutAsync("Cookies"); return RedirectToAction("Login"); } public IActionResult AccessDenied() { return View(); } }