Daniel Elliott
e03c1d9856
Features: - Login page with username/email + password - Registration page for new accounts - Logout functionality - Cookie-based authentication (30-day sessions) - Auto-redirect to login for unauthorized access - User dropdown in navbar with logout link Security: - All admin pages now require authentication - [Authorize] attribute on all admin PageModels - Redirect to /Login if not authenticated - Auto-login after registration UI: - Beautiful gradient login/register pages - Consistent styling with admin panel - User info displayed in navbar - Logout link in dropdown menu Starting resources for new users: - 100,000 Gold - 500,000 Cash - Level 1 - Full admin panel access Ready for production deployment!
111 lines
3.4 KiB
C#
111 lines
3.4 KiB
C#
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.RazorPages;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using System.Security.Claims;
|
|
using RR3CommunityServer.Services;
|
|
using RR3CommunityServer.Models;
|
|
|
|
namespace RR3CommunityServer.Pages;
|
|
|
|
public class RegisterModel : PageModel
|
|
{
|
|
private readonly IAuthService _authService;
|
|
private readonly ILogger<RegisterModel> _logger;
|
|
|
|
public RegisterModel(IAuthService authService, ILogger<RegisterModel> logger)
|
|
{
|
|
_authService = authService;
|
|
_logger = logger;
|
|
}
|
|
|
|
[BindProperty]
|
|
public string Username { get; set; } = string.Empty;
|
|
|
|
[BindProperty]
|
|
public string Email { get; set; } = string.Empty;
|
|
|
|
[BindProperty]
|
|
public string Password { get; set; } = string.Empty;
|
|
|
|
[BindProperty]
|
|
public string ConfirmPassword { get; set; } = string.Empty;
|
|
|
|
public string? ErrorMessage { get; set; }
|
|
public string? SuccessMessage { get; set; }
|
|
|
|
public void OnGet()
|
|
{
|
|
// If already logged in, redirect to admin panel
|
|
if (User.Identity?.IsAuthenticated == true)
|
|
{
|
|
Response.Redirect("/admin");
|
|
}
|
|
}
|
|
|
|
public async Task<IActionResult> OnPostAsync()
|
|
{
|
|
if (string.IsNullOrWhiteSpace(Username) || string.IsNullOrWhiteSpace(Email) ||
|
|
string.IsNullOrWhiteSpace(Password) || string.IsNullOrWhiteSpace(ConfirmPassword))
|
|
{
|
|
ErrorMessage = "All fields are required";
|
|
return Page();
|
|
}
|
|
|
|
var registerRequest = new RegisterRequest
|
|
{
|
|
Username = Username,
|
|
Email = Email,
|
|
Password = Password,
|
|
ConfirmPassword = ConfirmPassword
|
|
};
|
|
|
|
var (success, token, error) = await _authService.RegisterAsync(registerRequest);
|
|
|
|
if (!success || string.IsNullOrEmpty(token))
|
|
{
|
|
ErrorMessage = error ?? "Registration failed";
|
|
_logger.LogWarning("Failed registration attempt for: {Username}", Username);
|
|
return Page();
|
|
}
|
|
|
|
_logger.LogInformation("New account registered: {Username} ({Email})", Username, Email);
|
|
|
|
// Auto-login after registration
|
|
var loginRequest = new LoginRequest
|
|
{
|
|
UsernameOrEmail = Username,
|
|
Password = Password
|
|
};
|
|
|
|
var (loginSuccess, response, loginError) = await _authService.LoginAsync(loginRequest);
|
|
|
|
if (loginSuccess && response != null)
|
|
{
|
|
var claims = new List<Claim>
|
|
{
|
|
new Claim(ClaimTypes.NameIdentifier, response.AccountId.ToString()),
|
|
new Claim(ClaimTypes.Name, response.Username),
|
|
new Claim(ClaimTypes.Email, response.Email)
|
|
};
|
|
|
|
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
|
|
var authProperties = new AuthenticationProperties
|
|
{
|
|
IsPersistent = true,
|
|
ExpiresUtc = response.ExpiresAt
|
|
};
|
|
|
|
await HttpContext.SignInAsync(
|
|
CookieAuthenticationDefaults.AuthenticationScheme,
|
|
new ClaimsPrincipal(claimsIdentity),
|
|
authProperties);
|
|
|
|
return RedirectToPage("/Admin");
|
|
}
|
|
|
|
SuccessMessage = "Account created successfully! Please login.";
|
|
return RedirectToPage("/Login");
|
|
}
|
|
}
|