From f2e79e51f217de53d785fac250405a017055f10d Mon Sep 17 00:00:00 2001
From: Polianin Nikita <nikitkapolyanin@yandex.ru>
Date: Sun, 22 Dec 2024 05:13:46 +0300
Subject: [PATCH] sec: transfer user verification to the appropriate service

---
 Endpoint/Controllers/V1/AuthController.cs | 6 +-----
 Security/Services/AuthService.cs          | 9 +++++----
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/Endpoint/Controllers/V1/AuthController.cs b/Endpoint/Controllers/V1/AuthController.cs
index 4453f65..529b29a 100644
--- a/Endpoint/Controllers/V1/AuthController.cs
+++ b/Endpoint/Controllers/V1/AuthController.cs
@@ -164,10 +164,6 @@ public class AuthController(IOptionsSnapshot<Admin> user, IOptionsSnapshot<Gener
     {
         var userEntity = user.Value;
 
-        if (!userEntity.Username.Equals(request.Username, StringComparison.OrdinalIgnoreCase) &&
-            !userEntity.Email.Equals(request.Username, StringComparison.OrdinalIgnoreCase))
-            return Unauthorized("Authentication failed. Please check your credentials.");
-
         var tokenResult = await auth.LoginAsync(
             GetCookieParams(),
             new User
@@ -181,7 +177,7 @@ public class AuthController(IOptionsSnapshot<Admin> user, IOptionsSnapshot<Gener
                 SecondFactorToken = userEntity.Secret,
                 OAuthProviders = userEntity.OAuthProviders
             },
-            HttpContext, request.Password);
+            HttpContext, request.Password, request.Username);
 
         return Ok(tokenResult.ConvertToDto());
     }
diff --git a/Security/Services/AuthService.cs b/Security/Services/AuthService.cs
index 30cd2e8..7eb71a7 100644
--- a/Security/Services/AuthService.cs
+++ b/Security/Services/AuthService.cs
@@ -47,10 +47,11 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
     private Task RevokeAccessToken(string token) =>
         revokedToken.AddTokenToRevokedAsync(token, accessTokenService.GetExpireDateTime(token));
 
-    private async Task VerifyUserOrThrowError(RequestContextInfo requestContext, User user, string password,
+    private async Task VerifyUserOrThrowError(RequestContextInfo requestContext, User user, string password, string username,
         CancellationToken cancellation = default)
     {
-        if (passwordService.VerifyPassword(password, user.Salt, user.PasswordHash))
+        if ((user.Email.Equals(username, StringComparison.OrdinalIgnoreCase) || user.Username.Equals(username, StringComparison.OrdinalIgnoreCase)) &&
+            passwordService.VerifyPassword(password, user.Salt, user.PasswordHash))
             return;
 
         var failedLoginCacheName = $"{requestContext.Fingerprint}_login_failed";
@@ -151,11 +152,11 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
         return true;
     }
 
-    public async Task<TwoFactorAuthenticator> LoginAsync(CookieOptionsParameters cookieOptions, User user, HttpContext context, string password, CancellationToken cancellation = default)
+    public async Task<TwoFactorAuthenticator> LoginAsync(CookieOptionsParameters cookieOptions, User user, HttpContext context, string password, string username, CancellationToken cancellation = default)
     {
         var requestContext = new RequestContextInfo(context, cookieOptions);
 
-        await VerifyUserOrThrowError(requestContext, user, password, cancellation);
+        await VerifyUserOrThrowError(requestContext, user, password, username, cancellation);
 
         if (user.TwoFactorAuthenticator == TwoFactorAuthenticator.None)
         {