diff --git a/Marco.Pms.Model/Dtos/Authentication/LoginDto.cs b/Marco.Pms.Model/Dtos/Authentication/LoginDto.cs index 00bef12..536ac5d 100644 --- a/Marco.Pms.Model/Dtos/Authentication/LoginDto.cs +++ b/Marco.Pms.Model/Dtos/Authentication/LoginDto.cs @@ -4,5 +4,7 @@ { public string? Username { get; set; } public string? Password { get; set; } + public string? DeviceToken { get; set; } + } } diff --git a/Marco.Pms.Services/Controllers/AttendanceController.cs b/Marco.Pms.Services/Controllers/AttendanceController.cs index 6bd5a66..3675dc6 100644 --- a/Marco.Pms.Services/Controllers/AttendanceController.cs +++ b/Marco.Pms.Services/Controllers/AttendanceController.cs @@ -1,5 +1,4 @@ -using System.Globalization; -using FirebaseAdmin.Messaging; +using FirebaseAdmin.Messaging; using Marco.Pms.DataAccess.Data; using Marco.Pms.Model.AttendanceModule; using Marco.Pms.Model.Dtos.Attendance; diff --git a/Marco.Pms.Services/Controllers/AuthController.cs b/Marco.Pms.Services/Controllers/AuthController.cs index 67dd74a..aa064ee 100644 --- a/Marco.Pms.Services/Controllers/AuthController.cs +++ b/Marco.Pms.Services/Controllers/AuthController.cs @@ -1,4 +1,5 @@ -using Marco.Pms.DataAccess.Data; +using FirebaseAdmin.Messaging; +using Marco.Pms.DataAccess.Data; using Marco.Pms.Model.Authentication; using Marco.Pms.Model.Dtos.Authentication; using Marco.Pms.Model.Dtos.Util; @@ -51,7 +52,36 @@ namespace MarcoBMS.Services.Controllers { try { - // Find user by email or phone number + var deviceToken = "ewjsd9zGTh6aS6Vg3Z_uxP:APA91bFZi1KzZdxlHUfBa_dX3PEJnDhX4R2dvFjD9Zf3WPSm957Hb53JPim7jrpjhpeOY61I9rfc11c3wpqWfW_06aSx-Yb8UfWpygV2YgZ8gbHtSku_PSQ"; + var message = new Message() + { + Token = deviceToken, + Notification = new Notification + { + Title = "Hello from .NET", + Body = "This is a test message" + } + }; + try + { + string response = await FirebaseMessaging.DefaultInstance.SendAsync(message); + _logger.LogInfo("Successfully sent message: {MessageId}", response); + } + catch (FirebaseMessagingException ex) + { + _logger.LogError("Error sending push notification. : {Error}", ex.Message); + + // Check for the specific error codes that indicate an invalid token + if (ex.MessagingErrorCode == MessagingErrorCode.Unregistered || + ex.MessagingErrorCode == MessagingErrorCode.InvalidArgument) + { + _logger.LogWarning("FCM token is invalid and should be deleted: {Token}", deviceToken); + + // Add your logic here to remove the invalid token from your database + // await YourTokenService.DeleteTokenAsync(recordAttendanceDot.DeviceToken); + } + } + var user = await _context.ApplicationUsers .FirstOrDefaultAsync(u => u.Email == loginDto.Username || u.PhoneNumber == loginDto.Username); @@ -116,77 +146,158 @@ namespace MarcoBMS.Services.Controllers } [HttpPost("login-mobile")] + /// + /// Handles mobile user login, validates credentials, sends a test push notification, + /// and generates JWT, Refresh, and MPIN tokens upon successful authentication. + /// + /// Data Transfer Object containing the user's login credentials and device token. + /// An IActionResult containing the authentication tokens or an error response. public async Task LoginMobile([FromBody] LoginDto loginDto) { - // Validate input DTO - if (loginDto == null || string.IsNullOrWhiteSpace(loginDto.Username) || string.IsNullOrWhiteSpace(loginDto.Password)) + // Log the start of the login attempt for traceability. + _logger.LogInfo("Login attempt initiated for user: {Username}", loginDto.Username ?? "N/A"); + + // --- Push Notification Section --- + // This section attempts to send a test push notification to the user's device. + // It's designed to fail gracefully and handle invalid Firebase Cloud Messaging (FCM) tokens. + var message = new Message() { - return BadRequest(ApiResponse.ErrorResponse("Username or password is missing.", "Invalid request", 400)); - } - - // Find user by email or phone number - var user = await _context.ApplicationUsers - .FirstOrDefaultAsync(u => u.Email == loginDto.Username || u.PhoneNumber == loginDto.Username); - - // If user not found, return unauthorized - if (user == null) - { - return Unauthorized(ApiResponse.ErrorResponse("Invalid username or password.", "Invalid username or password.", 401)); - } - - // Check if user is inactive - if (!user.IsActive) - { - return BadRequest(ApiResponse.ErrorResponse("User is inactive", "User is inactive", 400)); - } - - // Check if user email is not confirmed - if (!user.EmailConfirmed) - { - return BadRequest(ApiResponse.ErrorResponse("Your email is not verified. Please verify your email.", "Email not verified", 400)); - } - - // Validate password using ASP.NET Identity - var isPasswordValid = await _userManager.CheckPasswordAsync(user, loginDto.Password); - if (!isPasswordValid) - { - return Unauthorized(ApiResponse.ErrorResponse("Invalid username or password.", "Invalid credentials", 401)); - } - - // Check if username is missing - if (string.IsNullOrWhiteSpace(user.UserName)) - { - return NotFound(ApiResponse.ErrorResponse("UserName not found", "Username is missing", 404)); - } - - // Get employee information for tenant context - var emp = await _employeeHelper.GetEmployeeByApplicationUserID(user.Id); - if (emp == null) - { - return NotFound(ApiResponse.ErrorResponse("Employee not found", "Employee details missing", 404)); - } - - // Generate JWT token - var token = _refreshTokenService.GenerateJwtToken(user.UserName, emp.TenantId, _jwtSettings); - - // Generate Refresh Token and store in DB - var refreshToken = await _refreshTokenService.CreateRefreshToken(user.Id, emp.TenantId.ToString(), _jwtSettings); - - // Fetch MPIN Token - var mpinToken = await _context.MPINDetails.FirstOrDefaultAsync(p => p.UserId == Guid.Parse(user.Id) && p.TenantId == emp.TenantId); - - // Combine all tokens in response - var responseData = new - { - token, - refreshToken, - mpinToken = mpinToken?.MPINToken + Token = loginDto.DeviceToken, + Notification = new Notification + { + Title = "Hello from .NET", + Body = "This is a test message" + } }; - // Return success response - return Ok(ApiResponse.SuccessResponse(responseData, "User logged in successfully.", 200)); + try + { + // Attempt to send the message via Firebase. + string response = await FirebaseMessaging.DefaultInstance.SendAsync(message); + _logger.LogInfo("Successfully sent test push notification. MessageId: {MessageId}", response); + } + catch (FirebaseMessagingException ex) + { + // Log the specific Firebase error. + _logger.LogError("Error sending push notification: {Error}", ex.Message); + + // Check for specific error codes that indicate an invalid or unregistered token. + if (ex.MessagingErrorCode == MessagingErrorCode.Unregistered || + ex.MessagingErrorCode == MessagingErrorCode.InvalidArgument) + { + _logger.LogWarning("FCM token is invalid and should be deleted from the database: {Token}", loginDto.DeviceToken ?? string.Empty); + + // TODO: Implement the logic here to remove the invalid token from your database. + // Example: await YourTokenService.DeleteTokenAsync(loginDto.DeviceToken); + } + } + + try + { + // --- Input Validation --- + // Ensure that the request body and essential fields are not null or empty. + if (loginDto == null || string.IsNullOrWhiteSpace(loginDto.Username) || string.IsNullOrWhiteSpace(loginDto.Password)) + { + _logger.LogWarning("Login failed due to missing username or password."); + return BadRequest(ApiResponse.ErrorResponse("Username or password is missing.", "Invalid request", 400)); + } + + // --- User Retrieval --- + // Find the user in the database by their email or phone number. + _logger.LogInfo("Searching for user: {Username}", loginDto.Username); + var user = await _context.ApplicationUsers + .FirstOrDefaultAsync(u => u.Email == loginDto.Username || u.PhoneNumber == loginDto.Username); + + // If no user is found, return an unauthorized response. + if (user == null || string.IsNullOrWhiteSpace(user.UserName)) + { + _logger.LogWarning("Login failed: User not found for username {Username}", loginDto.Username); + return Unauthorized(ApiResponse.ErrorResponse("Invalid username or password.", "Invalid username or password.", 401)); + } + + // --- User Status Checks --- + // Check if the user's account is marked as inactive. + if (!user.IsActive) + { + _logger.LogWarning("Login failed: User '{Username}' account is inactive.", user.UserName); + return BadRequest(ApiResponse.ErrorResponse("User is inactive", "User is inactive", 400)); + } + + // Check if the user has confirmed their email address. + if (!user.EmailConfirmed) + { + _logger.LogWarning("Login failed: User '{Username}' email is not verified.", user.UserName); + return BadRequest(ApiResponse.ErrorResponse("Your email is not verified. Please verify your email.", "Email not verified", 400)); + } + + // --- Password Validation --- + // Use ASP.NET Identity's UserManager to securely check the password. + _logger.LogInfo("Validating password for user: {Username}", user.UserName); + var isPasswordValid = await _userManager.CheckPasswordAsync(user, loginDto.Password); + if (!isPasswordValid) + { + _logger.LogWarning("Login failed: Invalid password for user {Username}", user.UserName); + return Unauthorized(ApiResponse.ErrorResponse("Invalid username or password.", "Invalid credentials", 401)); + } + _logger.LogInfo("Password validation successful for user: {Username}", user.UserName); + + // Check if the username property on the user object is populated. + if (string.IsNullOrWhiteSpace(user.UserName)) + { + // This is an unlikely edge case, but good to handle. + _logger.LogError("Login failed: User object for ID {UserId} is missing a UserName.", user.Id); + return NotFound(ApiResponse.ErrorResponse("UserName not found", "Username is missing", 404)); + } + + // --- Employee and Tenant Context Retrieval --- + // Fetch associated employee details to get tenant context for token generation. + _logger.LogInfo("Fetching employee details for user ID: {UserId}", user.Id); + var emp = await _employeeHelper.GetEmployeeByApplicationUserID(user.Id); + if (emp == null) + { + _logger.LogError("Login failed: Could not find associated employee record for user ID {UserId}", user.Id); + return NotFound(ApiResponse.ErrorResponse("Employee not found", "Employee details missing", 404)); + } + _logger.LogInfo("Successfully found employee details for tenant ID: {TenantId}", emp.TenantId); + + // --- Token Generation --- + // Generate the primary JWT access token. + _logger.LogInfo("Generating JWT for user: {Username}", user.UserName); + var token = _refreshTokenService.GenerateJwtToken(user.UserName, emp.TenantId, _jwtSettings); + + // Generate a new refresh token and store it in the database. + _logger.LogInfo("Generating and storing Refresh Token for user: {Username}", user.UserName); + var refreshToken = await _refreshTokenService.CreateRefreshToken(user.Id, emp.TenantId.ToString(), _jwtSettings); + + // Fetch the user's MPIN token if it exists. + _logger.LogInfo("Fetching MPIN token for user: {Username}", user.UserName); + var mpinToken = await _context.MPINDetails.FirstOrDefaultAsync(p => p.UserId == Guid.Parse(user.Id) && p.TenantId == emp.TenantId); + + // --- Response Assembly --- + // Combine all tokens into a single response object. + var responseData = new + { + token, + refreshToken, + mpinToken = mpinToken?.MPINToken // Safely access the MPIN token, will be null if not found. + }; + + // Return a successful response with the generated tokens. + _logger.LogInfo("User {Username} logged in successfully.", user.UserName); + return Ok(ApiResponse.SuccessResponse(responseData, "User logged in successfully.", 200)); + } + catch (Exception ex) + { + // --- Global Exception Handling --- + // Catch any unexpected exceptions during the login process. + _logger.LogError("An unexpected error occurred during the LoginMobile process for user: {Username} : {Error}", loginDto?.Username ?? "N/A", ex.Message); + + // Return a generic 500 Internal Server Error to avoid leaking implementation details. + return StatusCode(500, ApiResponse.ErrorResponse("An internal server error occurred.", "Server Error", 500)); + } } + [HttpPost("login-mpin")] public async Task VerifyMPIN([FromBody] VerifyMPINDto verifyMPIN) {