From a57515c33eb177e5e8a2dc1a3856199610936d2c Mon Sep 17 00:00:00 2001 From: john Date: Sun, 15 Jun 2025 19:12:34 +0200 Subject: [PATCH 1/2] oops --- .../Application/Services/AuthService.cs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Femto.Modules.Auth/Application/Services/AuthService.cs b/Femto.Modules.Auth/Application/Services/AuthService.cs index 4fb9323..1a9f868 100644 --- a/Femto.Modules.Auth/Application/Services/AuthService.cs +++ b/Femto.Modules.Auth/Application/Services/AuthService.cs @@ -15,10 +15,17 @@ internal class AuthService(AuthContext context, SessionStorage storage) : IAuthS CancellationToken cancellationToken = default ) { - return await context + var user = await context .Users.Where(u => u.Username == username) - .Select(u => new UserInfo(u.Id, u.Username, u.Roles.Select(r => r.Role).ToList())) .SingleOrDefaultAsync(cancellationToken); + + if (user is null) + return null; + + if (!user.HasPassword(password)) + return null; + + return new UserInfo(user.Id, user.Username, user.Roles.Select(r => r.Role).ToList()); } public Task GetUserWithId(Guid? userId, CancellationToken cancellationToken) From 65ba3a64350b1cbca66c7d7ee6b3b1ad6ab68dcb Mon Sep 17 00:00:00 2001 From: john Date: Sun, 15 Jun 2025 19:14:49 +0200 Subject: [PATCH 2/2] change login failure status code --- Femto.Api/Controllers/Auth/AuthController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Femto.Api/Controllers/Auth/AuthController.cs b/Femto.Api/Controllers/Auth/AuthController.cs index 5322493..e45e73c 100644 --- a/Femto.Api/Controllers/Auth/AuthController.cs +++ b/Femto.Api/Controllers/Auth/AuthController.cs @@ -35,7 +35,7 @@ public class AuthController( ); if (user is null) - return Forbid(); + return this.BadRequest(); var session = await authService.CreateStrongSession(user.Id);