Create minimal app

CSR.Application/Interfaces/IUserService.cs

@@ -10,4 +10,8 @@ public interface IUserService
      string email,
      string password
      );
+
+  record LoginResult(Domain.Entities.User? User, string? Error);
+  
+  Task<LoginResult> Login(string username, string password);
 }

CSR.Application/Services/UserService.cs

@@ -50,4 +50,20 @@ public class UserService(IUserRepository userRepository, Domain.Interfaces.IPass
 
     return new IUserService.RegisterNewUserResult(user, null);
   }
+  
+  public async Task<IUserService.LoginResult> Login(string username, string password)
+  {
+    var user = await _userRepository.GetByUsernameAsync(username);
+    if (user == null)
+    {
+      return new IUserService.LoginResult(null, "User not found.");
+    }
+
+    if (!user.VerifyPassword(password, _passwordHasher))
+    {
+      return new IUserService.LoginResult(null, "Wrong password.");
+    }
+
+    return new IUserService.LoginResult(user, null);
+  }
 }

CSR.Domain/Entities/User.cs

@@ -71,7 +71,7 @@ public class User
   }
 
 
-  public bool VerifyPasswordAgainstHash(string providedPassword, IPasswordHasher passwordHasher)
+  public bool VerifyPassword(string providedPassword, IPasswordHasher passwordHasher)
   {
     return passwordHasher.VerifyHashedPassword(this, PasswordHash, providedPassword);
   }

CSR.WebUI/Pages/Admin.cshtml

@@ -0,0 +1,9 @@
+
+@page
+@model AdminPageModel
+@{
+    ViewData["Title"] = "Admin";
+}
+<h1>@ViewData["Title"]</h1>
+
+<p>page full of admin stuff</p>

CSR.WebUI/Pages/Admin.cshtml.cs

@@ -0,0 +1,13 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace CSR.WebUI.Pages
+{
+    [Authorize(Policy = "AdminOnly")]
+    public class AdminPageModel : PageModel
+    {
+        public void OnGet()
+        {
+        }
+    }
+}

CSR.WebUI/Pages/Auth.cshtml

@@ -0,0 +1,89 @@
+@page
+@model CSR.WebUI.Pages.AuthModel
+@{
+    ViewData["Title"] = "Authenticate";
+}
+
+<div class="row" style="display: flex; flex-direction: row;">
+    <div class="col-md-4">
+        <form method="post">
+            <h4>Login</h4>
+            <hr />
+            @if (Model.LoginErrorMessages != null && Model.LoginErrorMessages.Any())
+            {
+                <div asp-validation-summary="ModelOnly" class="text-danger" role="alert">
+                    <ul>
+                        @foreach (var error in Model.LoginErrorMessages)
+                        {
+                            <li>@error</li>
+                        }
+                    </ul>
+                </div>
+            }
+            <div class="form-floating mb-3">
+                <input asp-for="LoginInput.Username" class="form-control" autocomplete="username" aria-required="true" placeholder="username" />
+                <label asp-for="LoginInput.Username">Username</label>
+                <span asp-validation-for="LoginInput.Username" class="text-danger"></span>
+            </div>
+            <div class="form-floating mb-3">
+                <input asp-for="LoginInput.Password" class="form-control" type="password" autocomplete="current-password" aria-required="true" placeholder="password" />
+                <label asp-for="LoginInput.Password">Password</label>
+                <span asp-validation-for="LoginInput.Password" class="text-danger"></span>
+            </div>
+            <div>
+                <button type="submit" asp-page-handler="Login" class="w-100 btn btn-lg btn-secondary">Login</button>
+            </div>
+        </form>
+    </div>
+    <div class="col-md-4">
+        <form method="post">
+            <h4>Register</h4>
+            <hr />
+            @if (Model.RegisterErrorMessages != null && Model.RegisterErrorMessages.Any())
+            {
+                <div asp-validation-summary="ModelOnly" class="text-danger" role="alert">
+                    <ul>
+                        @foreach (var error in Model.RegisterErrorMessages)
+                        {
+                            <li>@error</li>
+                        }
+                    </ul>
+                </div>
+            }
+            <div class="form-floating mb-3">
+                <input asp-for="RegisterInput.Username" class="form-control" autocomplete="username" aria-required="true" placeholder="username" />
+                <label asp-for="RegisterInput.Username">Username</label>
+                <span asp-validation-for="RegisterInput.Username" class="text-danger"></span>
+            </div>
+            <div class="form-floating mb-3">
+                <input asp-for="RegisterInput.Email" class="form-control" autocomplete="email" placeholder="name@example.com" />
+                <label asp-for="RegisterInput.Email">Email</label>
+                <span asp-validation-for="RegisterInput.Email" class="text-danger"></span>
+            </div>
+            <div class="form-floating mb-3">
+                <input asp-for="RegisterInput.Password" class="form-control" type="password" autocomplete="current-password" aria-required="true" placeholder="password" />
+                <label asp-for="RegisterInput.Password">Password</label>
+                <span asp-validation-for="RegisterInput.Password" class="text-danger"></span>
+            </div>
+            <div>
+                <button type="submit" asp-page-handler="Register" class="w-100 btn btn-lg btn-primary">Login</button>
+            </div>
+        </form>
+    </div>
+</div>
+
+@section Scripts {
+    <partial name="_ValidationScriptsPartial" />
+    <script>
+        $(document).ready(function() {
+            // when login button is clicked, remove validation from email field
+            $("button[asp-page-handler='Login']").click(function() {
+                $("#Input_Email").removeAttr("data-val");
+                $("#Input_Email").removeAttr("data-val-required");
+                // revalidate the form to clear error
+                $("form").validate().element("#Input_Email");
+                return true;
+            });
+        });
+    </script>
+}

CSR.WebUI/Pages/Auth.cshtml.cs

@@ -0,0 +1,166 @@
+namespace CSR.WebUI.Pages;
+
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using System.ComponentModel.DataAnnotations;
+using System.Threading.Tasks;
+using CSR.Application.Interfaces;
+using CSR.Domain.Entities;
+using System.Collections.Generic;
+using System.Linq;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using System.Security.Claims;
+using System.Runtime.InteropServices;
+
+// If you are using ASP.NET Core Identity for sign-in management, you might need:
+// using Microsoft.AspNetCore.Identity;
+// using System.Security.Claims;
+
+public class AuthModel(IUserService userService) : PageModel
+{
+    private readonly IUserService _userService = userService;
+
+    [BindProperty]
+    public LoginModel LoginInput { get; set; } = new();
+
+    [BindProperty]
+    public RegisterModel RegisterInput { get; set; } = new();
+
+    public List<string> LoginErrorMessages { get; set; } = [];
+    public List<string> RegisterErrorMessages { get; set; } = [];
+
+    public class LoginModel
+    {
+        [Required(ErrorMessage = "Username is required.")]
+        [Display(Name = "Username")]
+        public string Username { get; set; } = string.Empty;
+
+        [Required]
+        [DataType(DataType.Password)]
+        [Display(Name = "Password")]
+        public string Password { get; set; } = string.Empty;
+    }
+
+    public class RegisterModel
+    {
+        [Required(ErrorMessage = "Username is required.")]
+        [Display(Name = "Username")]
+        [StringLength(32, ErrorMessage = "Username cannot be longer than 32 characters.")]
+        [RegularExpression(@"^[a-zA-Z0-9_]+$", ErrorMessage = "Username can only contain letters, numbers and underscore.")]
+        [DataType(DataType.Text)]
+        public string Username { get; set; } = string.Empty;
+
+        [Required(ErrorMessage = "Email is required for registration.")]
+        [EmailAddress]
+        [Display(Name = "Email")]
+        public string Email { get; set; } = string.Empty;
+
+        [Required]
+        [DataType(DataType.Password)]
+        [Display(Name = "Password")]
+        public string Password { get; set; } = string.Empty;
+    }
+
+    public void OnGet()
+    {
+    }
+
+    public async Task<IActionResult> OnPostRegisterAsync()
+    {
+        if (!ModelState.IsValid)
+        {
+            RegisterErrorMessages.Add("Please correct the form errors.");
+            return Page();
+        }
+
+        // Email is required for registration
+        if (string.IsNullOrWhiteSpace(RegisterInput.Email))
+        {
+            RegisterErrorMessages.Add("Email is required for registration.");
+            return Page();
+        }
+
+
+        var result = await _userService.RegisterNewUser(RegisterInput.Username, RegisterInput.Email, RegisterInput.Password);
+
+        if (result.User != null)
+        {
+            // Registration successful
+            await _userService.Login(RegisterInput.Username, RegisterInput.Password);
+
+            await SendCookies(result.User.Username, result.User.Role.Name);
+
+            return RedirectToPageBasedOnRole(result.User);
+        }
+        else
+        {
+            if (result.Errors != null)
+            {
+                RegisterErrorMessages.AddRange(result.Errors);
+            }
+            else
+            {
+                RegisterErrorMessages.Add("An unknown error occurred during registration.");
+            }
+            return Page();
+        }
+    }
+
+    public async Task<IActionResult> OnPostLoginAsync()
+    {
+        if (string.IsNullOrWhiteSpace(LoginInput.Username) || string.IsNullOrWhiteSpace(LoginInput.Password))
+        {
+            LoginErrorMessages.Add("Username and Password are required.");
+            return Page();
+        }
+        
+        var (user, error) = await _userService.Login(LoginInput.Username, LoginInput.Password);
+        
+        if (user == null)
+        {
+            LoginErrorMessages.Add(error ?? "Login failed.");
+            return Page();
+        }
+        
+        await SendCookies(user.Username, user.Role.Name);
+
+        return RedirectToPageBasedOnRole(user);
+    }
+    
+    private async Task SendCookies(string username, string role)
+    {
+        var claims = new List<Claim>
+        {
+            new(ClaimTypes.Name, username),
+            new(ClaimTypes.Role, role)
+        };
+
+        var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
+        var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
+
+        var authProperties = new AuthenticationProperties
+        {
+            IsPersistent = true,
+            ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(5)
+        };
+
+        await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, claimsPrincipal, authProperties);
+    }
+
+    private RedirectToPageResult RedirectToPageBasedOnRole(User user)
+    {
+        if (user == null || string.IsNullOrWhiteSpace(user.Role.Name))
+        {
+            // Default redirect if role is not defined or user is null
+            return RedirectToPage("/Index");
+        }
+
+        return user.Role.Name switch
+        {
+            "Admin" => RedirectToPage("/Admin"),
+            "User" => RedirectToPage("/User"),
+            _ => RedirectToPage("/Index"),
+        };
+    }
+}

CSR.WebUI/Pages/Error.cshtml.cs

@@ -6,18 +6,13 @@ namespace CSR.WebUI.Pages;
 
 [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
 [IgnoreAntiforgeryToken]
-public class ErrorModel : PageModel
+public class ErrorModel(ILogger<ErrorModel> logger) : PageModel
 {
     public string? RequestId { get; set; }
 
     public bool ShowRequestId => !string.IsNullOrEmpty(RequestId);
 
-    private readonly ILogger<ErrorModel> _logger;
-
-    public ErrorModel(ILogger<ErrorModel> logger)
-    {
-        _logger = logger;
-    }
+    private readonly ILogger<ErrorModel> _logger = logger;
 
     public void OnGet()
     {

CSR.WebUI/Pages/Index.cshtml

@@ -1,10 +1,9 @@
 @page
 @model IndexModel
 @{
-    ViewData["Title"] = "Home page";
+    ViewData["Title"] = "Home";
 }
 
 <div class="text-center">
     <h1 class="display-4">Welcome</h1>
-    <p>Learn about <a href="https://learn.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
 </div>

CSR.WebUI/Pages/Index.cshtml.cs

@@ -3,14 +3,9 @@ using Microsoft.AspNetCore.Mvc.RazorPages;
 
 namespace CSR.WebUI.Pages;
 
-public class IndexModel : PageModel
+public class IndexModel(ILogger<IndexModel> logger) : PageModel
 {
-    private readonly ILogger<IndexModel> _logger;
-
-    public IndexModel(ILogger<IndexModel> logger)
-    {
-        _logger = logger;
-    }
+    private readonly ILogger<IndexModel> _logger = logger;
 
     public void OnGet()
     {

CSR.WebUI/Pages/Privacy.cshtml

@@ -1,8 +0,0 @@
-@page
-@model PrivacyModel
-@{
-    ViewData["Title"] = "Privacy Policy";
-}
-<h1>@ViewData["Title"]</h1>
-
-<p>Use this page to detail your site's privacy policy.</p>

CSR.WebUI/Pages/Privacy.cshtml.cs

@@ -1,19 +0,0 @@
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.RazorPages;
-
-namespace CSR.WebUI.Pages;
-
-public class PrivacyModel : PageModel
-{
-    private readonly ILogger<PrivacyModel> _logger;
-
-    public PrivacyModel(ILogger<PrivacyModel> logger)
-    {
-        _logger = logger;
-    }
-
-    public void OnGet()
-    {
-    }
-}
-

CSR.WebUI/Pages/Shared/_Layout.cshtml

@@ -3,7 +3,7 @@
 <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>@ViewData["Title"] - CSR.WebUI</title>
+    <title>@ViewData["Title"] Dan Mehr</title>
     <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.min.css" />
     <link rel="stylesheet" href="~/css/site.css" asp-append-version="true" />
     <link rel="stylesheet" href="~/CSR.WebUI.styles.css" asp-append-version="true" />
@@ -12,7 +12,7 @@
     <header>
         <nav class="navbar navbar-expand-sm navbar-toggleable-sm navbar-light bg-white border-bottom box-shadow mb-3">
             <div class="container">
-                <a class="navbar-brand" asp-area="" asp-page="/Index">CSR.WebUI</a>
+                <a class="navbar-brand" asp-area="" asp-page="/Index">CSR App</a>
                 <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target=".navbar-collapse" aria-controls="navbarSupportedContent"
                         aria-expanded="false" aria-label="Toggle navigation">
                     <span class="navbar-toggler-icon"></span>
@@ -20,10 +20,7 @@
                 <div class="navbar-collapse collapse d-sm-inline-flex justify-content-between">
                     <ul class="navbar-nav flex-grow-1">
                         <li class="nav-item">
-                            <a class="nav-link text-dark" asp-area="" asp-page="/Index">Home</a>
-                        </li>
-                        <li class="nav-item">
-                            <a class="nav-link text-dark" asp-area="" asp-page="/Privacy">Privacy</a>
+                            <a class="nav-link text-dark" asp-area="" asp-page="/Auth">Login/Register</a>
                         </li>
                     </ul>
                 </div>
@@ -38,7 +35,7 @@
 
     <footer class="border-top footer text-muted">
         <div class="container">
-            &copy; 2025 - CSR.WebUI - <a asp-area="" asp-page="/Privacy">Privacy</a>
+            &copy; 2025 - CSR App
         </div>
     </footer>
 

CSR.WebUI/Pages/User.cshtml

@@ -0,0 +1,8 @@
+@page
+@model UserPageModel
+@{
+    ViewData["Title"] = "User Profile";
+}
+<h1>@ViewData["Title"]</h1>
+
+<p>your username is: @Model.Username</p>

CSR.WebUI/Pages/User.cshtml.cs

@@ -0,0 +1,15 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace CSR.WebUI.Pages
+{
+    [Authorize(Policy = "UserOrAdmin")]
+    public class UserPageModel : PageModel
+    {
+        public string Username { get; set; } = string.Empty;
+        public void OnGet()
+        {
+            Username = User.Identity?.Name ?? "Unknown";
+        }
+    }
+}

CSR.WebUI/Program.cs

@@ -16,6 +16,20 @@ builder.Configuration
   .AddEnvironmentVariables()
   .AddKeyPerFile("/run/secrets", optional: true);
 
+
+builder.Services.AddAuthentication(Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme)
+    .AddCookie(options =>
+    {
+      options.LoginPath = "/Auth";
+      options.LogoutPath = "/Logout";
+      options.AccessDeniedPath = "/AccessDenied";
+      options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
+      options.SlidingExpiration = true;
+    });
+builder.Services.AddAuthorizationBuilder()
+    .AddPolicy("AdminOnly", policy => policy.RequireRole("Admin"))
+    .AddPolicy("UserOrAdmin", policy => policy.RequireRole("User", "Admin"));
+
 // Add services to the container.
 builder.Services.AddRazorPages();
 
@@ -73,6 +87,7 @@ app.UseStaticFiles();
 
 app.UseRouting();
 
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapRazorPages();

CSR.WebUI/appsettings.Development.json

@@ -7,6 +7,6 @@
     }
   },
   "Database": {
-    "Path": "/home/danial23/dl/csr.db"
+    "Path": "/home/danial23/Desktop/csr.db"
   }
 }