From 6201184b7cfde19911b9165409be251db45cee32 Mon Sep 17 00:00:00 2001
From: "ashutosh.nehete" <ashutosh.nehete@marcoaiot.com>
Date: Wed, 2 Apr 2025 15:31:41 +0530
Subject: [PATCH] Added new validation in user login to verify if user is
 active or not and if user's email is confirmed or not

---
 .../Controllers/AuthController.cs             | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/Marco.Pms.Services/Controllers/AuthController.cs b/Marco.Pms.Services/Controllers/AuthController.cs
index 6b8a2bb..58a4a6c 100644
--- a/Marco.Pms.Services/Controllers/AuthController.cs
+++ b/Marco.Pms.Services/Controllers/AuthController.cs
@@ -1,4 +1,5 @@
-using Marco.Pms.Model.Authentication;
+using Marco.Pms.DataAccess.Data;
+using Marco.Pms.Model.Authentication;
 using Marco.Pms.Model.Dtos;
 using Marco.Pms.Model.Dtos.Util;
 using Marco.Pms.Model.Employees;
@@ -21,13 +22,14 @@ namespace MarcoBMS.Services.Controllers
     public class AuthController : ControllerBase
     {
         private readonly UserManager<IdentityUser> _userManager;
+        private readonly ApplicationDbContext _context;
         private readonly JwtSettings _jwtSettings;
         private readonly RefreshTokenService _refreshTokenService;
         private readonly IEmailSender _emailSender;
         private readonly IConfiguration _configuration;
         private readonly EmployeeHelper _employeeHelper;
         //string tenentId = "1";
-        public AuthController(UserManager<IdentityUser> userManager, JwtSettings jwtSettings, RefreshTokenService refreshTokenService, 
+        public AuthController(UserManager<IdentityUser> userManager,ApplicationDbContext context, JwtSettings jwtSettings, RefreshTokenService refreshTokenService, 
             IEmailSender emailSender, IConfiguration configuration, EmployeeHelper employeeHelper)
         {
             _userManager = userManager;
@@ -36,21 +38,27 @@ namespace MarcoBMS.Services.Controllers
             _emailSender = emailSender;
             _configuration = configuration;
             _employeeHelper = employeeHelper;
+            _context = context;
         }
 
         [HttpPost("login")]
         public async Task<IActionResult> Login([FromBody] LoginDto loginDto)
         {
-            var user = await _userManager.FindByEmailAsync(loginDto.Username);
-            var user1 = await _userManager.Users.FirstOrDefaultAsync(u => u.Email == loginDto.Username || u.PhoneNumber == loginDto.Username);
-
+            var user = await _context.ApplicationUsers.FirstOrDefaultAsync(u => u.Email == loginDto.Username || u.PhoneNumber == loginDto.Username);
             
             if (user == null || !await _userManager.CheckPasswordAsync(user, loginDto.Password))
             {
                 return Unauthorized("Invalid username or password.");
             }
 
-
+            if (!user.IsActive)
+            {
+                return BadRequest("User is In Active");
+            }
+            if (!user.EmailConfirmed)
+            {
+                return BadRequest("Your email is not verified, Please verify your email");
+            }
            Employee emp = await _employeeHelper.GetEmployeeByApplicationUserID(user.Id);
             //var refreshToken = GenerateRefreshToken();