SysAdmin
a2247d7c02
Some checks failed
Build and Deploy LittleShop / Build TeleBot Docker Image (push) Failing after 11s
Build and Deploy LittleShop / Build LittleShop Docker Image (push) Failing after 15s
Build and Deploy LittleShop / Deploy to Production VPS (Manual Only) (push) Has been skipped
Build and Deploy LittleShop / Deploy to Pre-Production (CT109) (push) Has been skipped
Major Feature Additions: - Customer management: Full CRUD with data export and privacy compliance - Payment management: Centralized payment tracking and administration - Push notification subscriptions: Manage and track web push subscriptions Security Enhancements: - IP whitelist middleware for administrative endpoints - Data retention service with configurable policies - Enhanced push notification security documentation - Security fixes progress tracking (2025-11-14) UI/UX Improvements: - Enhanced navigation with improved mobile responsiveness - Updated admin dashboard with order status counts - Improved product CRUD forms - New customer and payment management interfaces Backend Improvements: - Extended customer service with data export capabilities - Enhanced order service with status count queries - Improved crypto payment service with better error handling - Updated validators and configuration Documentation: - DEPLOYMENT_NGINX_GUIDE.md: Nginx deployment instructions - IP_STORAGE_ANALYSIS.md: IP storage security analysis - PUSH_NOTIFICATION_SECURITY.md: Push notification security guide - UI_UX_IMPROVEMENT_PLAN.md: Planned UI/UX enhancements - UI_UX_IMPROVEMENTS_COMPLETED.md: Completed improvements Cleanup: - Removed temporary database WAL files - Removed stale commit message file 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
86 lines
2.6 KiB
C#
86 lines
2.6 KiB
C#
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using System.Security.Claims;
|
|
using LittleShop.Services;
|
|
using LittleShop.DTOs;
|
|
|
|
namespace LittleShop.Areas.Admin.Controllers;
|
|
|
|
[Area("Admin")]
|
|
public class AccountController : Controller
|
|
{
|
|
private readonly IAuthService _authService;
|
|
|
|
public AccountController(IAuthService authService)
|
|
{
|
|
_authService = authService;
|
|
}
|
|
|
|
[HttpGet]
|
|
public IActionResult Login()
|
|
{
|
|
if (User.Identity?.IsAuthenticated == true)
|
|
{
|
|
return RedirectToAction("Index", "Dashboard");
|
|
}
|
|
return View();
|
|
}
|
|
|
|
[HttpPost]
|
|
[ValidateAntiForgeryToken]
|
|
public async Task<IActionResult> Login(string Username, string Password)
|
|
{
|
|
// Make parameters case-insensitive for form compatibility
|
|
var username = Username?.ToLowerInvariant();
|
|
var password = Password;
|
|
|
|
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
|
|
{
|
|
ModelState.AddModelError("", "Username and password are required");
|
|
return View();
|
|
}
|
|
|
|
// Use AuthService to validate against database users (username already lowercase)
|
|
var loginDto = new LoginDto { Username = username!, Password = password };
|
|
var authResponse = await _authService.LoginAsync(loginDto);
|
|
|
|
if (authResponse != null)
|
|
{
|
|
// Get the actual user from database to get correct ID
|
|
var user = await _authService.GetUserByUsernameAsync(username);
|
|
if (user != null)
|
|
{
|
|
var claims = new List<Claim>
|
|
{
|
|
new(ClaimTypes.Name, user.Username),
|
|
new(ClaimTypes.NameIdentifier, user.Id.ToString()), // Use real database ID
|
|
new(ClaimTypes.Role, "Admin") // All users in admin system are admins
|
|
};
|
|
|
|
var identity = new ClaimsIdentity(claims, "Cookies");
|
|
var principal = new ClaimsPrincipal(identity);
|
|
|
|
await HttpContext.SignInAsync("Cookies", principal);
|
|
return RedirectToAction("Index", "Dashboard");
|
|
}
|
|
}
|
|
|
|
ModelState.AddModelError("", "Invalid username or password");
|
|
return View();
|
|
}
|
|
|
|
[HttpPost]
|
|
[ValidateAntiForgeryToken]
|
|
[Authorize]
|
|
public async Task<IActionResult> Logout()
|
|
{
|
|
await HttpContext.SignOutAsync("Cookies");
|
|
return RedirectToAction("Login");
|
|
}
|
|
|
|
public IActionResult AccessDenied()
|
|
{
|
|
return View();
|
|
}
|
|
} |