using ContactManagementAPI.Data; using ContactManagementAPI.Models; using ContactManagementAPI.Services; using ContactManagementAPI.ViewModels; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; namespace ContactManagementAPI.Controllers { public class AccountController : Controller { private readonly ApplicationDbContext _context; private readonly PasswordHasher _passwordHasher = new(); public AccountController(ApplicationDbContext context) { _context = context; } [HttpGet] public IActionResult Login(string? returnUrl = null) { return View(new LoginViewModel { ReturnUrl = returnUrl }); } [HttpPost] [ValidateAntiForgeryToken] public IActionResult Login(LoginViewModel model) { if (!ModelState.IsValid) return View(model); var user = _context.AppUsers .Include(u => u.Group) .FirstOrDefault(u => u.UserName == model.UserName); if (user == null || !user.IsActive) { ModelState.AddModelError(string.Empty, "Invalid username or password."); return View(model); } var result = _passwordHasher.VerifyHashedPassword(user, user.PasswordHash, model.Password); if (result == PasswordVerificationResult.Failed) { ModelState.AddModelError(string.Empty, "Invalid username or password."); return View(model); } HttpContext.Session.SetInt32(SessionKeys.UserId, user.Id); return Redirect(string.IsNullOrWhiteSpace(model.ReturnUrl) ? "/" : model.ReturnUrl); } public IActionResult Logout() { HttpContext.Session.Clear(); return RedirectToAction("Login"); } public IActionResult AccessDenied() { return View(); } } }