feat(AuthController): Login-Methode mit Body für Verbraucher-APIs hinzugefügt.

2025-01-15 13:55:47 +01:00
parent 79eaa06ed4
commit 7bab2657d4
2 changed files with 19 additions and 5 deletions
--- a/src/DigitalData.Auth.API/Controllers/AuthController.cs
+++ b/src/DigitalData.Auth.API/Controllers/AuthController.cs
@@ -81,12 +81,12 @@ namespace DigitalData.Auth.API.Controllers
        }

        private async Task<IActionResult> CreateTokenAsync(ConsumerApiLogin login, bool cookie = true)
-        {          
-            if (!await _consumerApiService.VerifyAsync(login.Name, login.Password))
-                return Unauthorized();
-
+        {
            var api = await _consumerApiService.ReadByNameAsync(login.Name);

+            if (api is null || api.Password != login.Password)
+                return Unauthorized();
+    
            if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, _apiParams.DefaultConsumer.Audience, out var descriptor) || descriptor is null)
                return StatusCode(StatusCodes.Status500InternalServerError);

@@ -162,6 +162,20 @@ namespace DigitalData.Auth.API.Controllers
            }
        }

+        [HttpPost()]
+        public async Task<IActionResult> CreateTokenViaBody([FromBody] ConsumerApiLogin login, [FromQuery] bool cookie = false)
+        {
+            try
+            {
+                return await CreateTokenAsync(login, cookie);
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(ex, "{Message}", ex.Message);
+                return StatusCode(StatusCodes.Status500InternalServerError);
+            }
+        }
+
        [HttpGet("check")]
        [Authorize]
        public IActionResult Check() => Ok();