feat: add db-based user log-on, invalidate tokens made for old passwords

Controllers/AuthController.cs

@@ -1,7 +1,9 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using QuotifyBE.Data;
+using QuotifyBE.Entities;
 using QuotifyBE.DTOs;
+using System.Threading.Tasks;
 
 namespace QuotifyBE.Controllers;
 
@@ -21,14 +23,29 @@ public class AuthController : ControllerBase
     }
 
     [HttpPost("login")]
-    public IActionResult Login([FromBody] UserLoginDTO user, GeneralUseHelpers guhf)
+    public async Task<IActionResult> Login([FromBody] UserLoginDTO formUser, GeneralUseHelpers guhf)
     {
-        if (user.Email == "admin" && user.Password == "password")
+        // Ensure the form is complete
+        if (formUser.Email == null || formUser.Password == null)
         {
-            var token = guhf.GenerateJwtToken(user.Email, _appsettings);
-            return Ok(new { token });
+            return BadRequest(new {status = "error", error_msg = "Form contains missing data"});
         }
-        return Unauthorized();
+
+        // Find the user with retrieved e-mail
+        User? user = await guhf.GetUserFromEmail(formUser.Email);
+        if (user == null)
+        {
+            return NotFound(new {status = "error", error_msg = "User not found"});
+        }
+
+        // Hash the password and compare with the user-provided one
+        string hashedFormPassword = guhf.HashWithSHA512(formUser.Password);
+        if (hashedFormPassword == user.PasswordHash)
+        {
+            // All set - generate the token and return it
+            var token = guhf.GenerateJwtToken(formUser.Email, formUser.Password);
+            return Ok(new { status = "ok", token });
+        } else return Unauthorized(new {status = "error", error_msg = "Unknown pair of email and password"});
     }
 
     [HttpGet("some_values")]