using System.Security.Claims; using administration.Models; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; namespace administration.Controllers { public class ConnectionsController : Controller { private readonly LayoutDataContext _db; private readonly IPasswordHasher _hasher; public ConnectionsController(LayoutDataContext db, IPasswordHasher hasher) { _db = db; _hasher = hasher; } // --- PAGE DE LOGIN --- [HttpGet] [AllowAnonymous] public IActionResult Login() => View(); [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task Login(string username, string password, string? returnUrl = null) { // 1) Recherche de l'utilisateur var user = _db.Users.FirstOrDefault(u => u.Username == username); if (user == null) { ViewBag.Error = "Nom d’utilisateur ou mot de passe incorrect."; return View(); } // 2) Vérification du mot de passe var verification = _hasher.VerifyHashedPassword(user, user.PasswordHash ?? "", password); if (verification != PasswordVerificationResult.Success && verification != PasswordVerificationResult.SuccessRehashNeeded) { ViewBag.Error = "Nom d’utilisateur ou mot de passe incorrect."; return View(); } // 3) Si rehash nécessaire → on sauvegarde if (verification == PasswordVerificationResult.SuccessRehashNeeded) { user.PasswordHash = _hasher.HashPassword(user, password); _db.SaveChanges(); } // 4) Sauvegarde dans la session (si besoin pour ton code existant) HttpContext.Session.SetInt32("UserId", user.Id); HttpContext.Session.SetString("UserName", user.Username); // 5) Création du cookie d'authentification var claims = new[] { new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), new Claim(ClaimTypes.Name, user.Username) }; var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); await HttpContext.SignInAsync( CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity)); // 6) Redirection sécurisée if (!string.IsNullOrWhiteSpace(returnUrl) && Url.IsLocalUrl(returnUrl) && !returnUrl.Contains("/Connections/Login", StringComparison.OrdinalIgnoreCase)) { return LocalRedirect(returnUrl); } return RedirectToAction("Index", "Home"); } // --- DECONNEXION --- [HttpPost] [ValidateAntiForgeryToken] public async Task Logout() { await HttpContext.SignOutAsync(); // supprime le cookie HttpContext.Session.Clear(); // vide la session return RedirectToAction("Login", "Connections"); } // --- MISE À JOUR DU MOT DE PASSE --- // ⚠️ On met [Authorize] pour éviter un accès public [HttpPost] [Authorize] public IActionResult SetPassword(string username, string newPassword) { var user = _db.Users.FirstOrDefault(u => u.Username == username); if (user == null) return Content("❌ Utilisateur introuvable"); user.PasswordHash = _hasher.HashPassword(user, newPassword); _db.SaveChanges(); return Content("✅ Mot de passe mis à jour avec succès"); } } }