feat: username/password authentication for admin and merchant panels
CI/CD / CI · API (dotnet build + test) (push) Successful in 49s
CI/CD / CI · Admin API (dotnet build) (push) Successful in 42s
CI/CD / CI · Dashboard (tsc) (push) Successful in 1m8s
CI/CD / CI · Admin Web (tsc) (push) Successful in 37s
CI/CD / CI · Website (tsc) (push) Successful in 46s
CI/CD / CI · Koja (tsc) (push) Successful in 49s
CI/CD / Deploy · all services (push) Has been cancelled
CI/CD / CI · API (dotnet build + test) (push) Successful in 49s
CI/CD / CI · Admin API (dotnet build) (push) Successful in 42s
CI/CD / CI · Dashboard (tsc) (push) Successful in 1m8s
CI/CD / CI · Admin Web (tsc) (push) Successful in 37s
CI/CD / CI · Website (tsc) (push) Successful in 46s
CI/CD / CI · Koja (tsc) (push) Successful in 49s
CI/CD / Deploy · all services (push) Has been cancelled
- Add PasswordHasher utility (PBKDF2/SHA-256, 100k iterations)
- Add Username + PasswordHash fields to Employee and SystemAdmin entities
- EF migration: AddPasswordLogin (nullable columns on both tables)
- Meezi.API: POST /api/auth/login (employee password login, CHOOSE_CAFE support)
- Meezi.API: PUT/DELETE /api/cafes/{id}/employees/{id}/credentials (Owner/Manager only)
- Meezi.Admin.API: POST /api/admin/auth/login + PUT /api/admin/auth/password
- Dashboard login page: OTP / Password tabs
- Admin login page: OTP / Password tabs
- HR screen: new Credentials tab for setting employee username/password
- PlatformDataSeeder: ensure system admin + integration settings in production
- Trial countdown banner: updated deadline to 1 Tir 1405 (Jun 22)
- i18n: fa/en/ar updated for all new UI strings
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
@@ -38,6 +38,26 @@ public class AuthController : ControllerBase
|
||||
_verifyRegisterValidator = verifyRegisterValidator;
|
||||
}
|
||||
|
||||
[HttpPost("login")]
|
||||
[ProducesResponseType(typeof(ApiResponse<AuthTokenResponse>), StatusCodes.Status200OK)]
|
||||
public async Task<IActionResult> LoginWithPassword(
|
||||
[FromBody] LoginWithPasswordRequest request,
|
||||
CancellationToken cancellationToken)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(request.Username) || string.IsNullOrWhiteSpace(request.Password))
|
||||
return BadRequest(ValidationError("Username and password are required."));
|
||||
|
||||
var (success, data, code, message, choices) = await _authService.LoginWithPasswordAsync(request, cancellationToken);
|
||||
|
||||
if (!success && code == "CHOOSE_CAFE")
|
||||
return Ok(new ApiResponse<CafeChoicesResponse>(false, choices, new ApiError("CHOOSE_CAFE", "Please select a café to continue.")));
|
||||
|
||||
if (!success)
|
||||
return ErrorResult(code!, message!);
|
||||
|
||||
return Ok(new ApiResponse<AuthTokenResponse>(true, data));
|
||||
}
|
||||
|
||||
[HttpPost("send-otp")]
|
||||
[EnableRateLimiting("auth-otp")]
|
||||
[ProducesResponseType(typeof(ApiResponse<SendOtpResponse>), StatusCodes.Status200OK)]
|
||||
@@ -193,6 +213,9 @@ public class AuthController : ControllerBase
|
||||
return new ApiResponse<object>(false, null, new ApiError("VALIDATION_ERROR", first.ErrorMessage, first.PropertyName));
|
||||
}
|
||||
|
||||
private static ApiResponse<object> ValidationError(string message) =>
|
||||
new(false, null, new ApiError("VALIDATION_ERROR", message));
|
||||
|
||||
private IActionResult ErrorResult(string code, string message) => code switch
|
||||
{
|
||||
"RATE_LIMITED" => StatusCode(StatusCodes.Status429TooManyRequests,
|
||||
|
||||
@@ -1,9 +1,12 @@
|
||||
using FluentValidation;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Meezi.API.Models.Hr;
|
||||
using Meezi.API.Services;
|
||||
using Meezi.Core.Enums;
|
||||
using Meezi.Core.Interfaces;
|
||||
using Meezi.Core.Utilities;
|
||||
using Meezi.Infrastructure.Data;
|
||||
using Meezi.Shared;
|
||||
|
||||
namespace Meezi.API.Controllers;
|
||||
@@ -15,17 +18,20 @@ public class HrController : CafeApiControllerBase
|
||||
private readonly IValidator<CreateLeaveRequest> _leaveValidator;
|
||||
private readonly IValidator<ReviewLeaveRequest> _reviewValidator;
|
||||
private readonly IValidator<CreateSalaryRequest> _salaryValidator;
|
||||
private readonly AppDbContext _db;
|
||||
|
||||
public HrController(
|
||||
IHrService hr,
|
||||
IValidator<CreateLeaveRequest> leaveValidator,
|
||||
IValidator<ReviewLeaveRequest> reviewValidator,
|
||||
IValidator<CreateSalaryRequest> salaryValidator)
|
||||
IValidator<CreateSalaryRequest> salaryValidator,
|
||||
AppDbContext db)
|
||||
{
|
||||
_hr = hr;
|
||||
_leaveValidator = leaveValidator;
|
||||
_reviewValidator = reviewValidator;
|
||||
_salaryValidator = salaryValidator;
|
||||
_db = db;
|
||||
}
|
||||
|
||||
[HttpGet("employees")]
|
||||
@@ -201,4 +207,66 @@ public class HrController : CafeApiControllerBase
|
||||
if (data is null) return NotFoundError();
|
||||
return Ok(new ApiResponse<EmployeeSalaryDto>(true, data));
|
||||
}
|
||||
|
||||
/// <summary>Set or update username/password credentials for an employee. Owner/Manager only.</summary>
|
||||
[HttpPut("employees/{employeeId}/credentials")]
|
||||
public async Task<IActionResult> SetCredentials(
|
||||
string cafeId,
|
||||
string employeeId,
|
||||
[FromBody] SetEmployeeCredentialsRequest request,
|
||||
ITenantContext tenant,
|
||||
CancellationToken ct)
|
||||
{
|
||||
if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
|
||||
if (EnsureManager(tenant) is { } forbidden) return forbidden;
|
||||
|
||||
var username = request.Username.Trim().ToLowerInvariant();
|
||||
|
||||
if (string.IsNullOrWhiteSpace(username))
|
||||
return BadRequest(new ApiResponse<object>(false, null, new ApiError("VALIDATION_ERROR", "Username is required.", "Username")));
|
||||
|
||||
if (request.Password.Length < 8)
|
||||
return BadRequest(new ApiResponse<object>(false, null, new ApiError("VALIDATION_ERROR", "Password must be at least 8 characters.", "Password")));
|
||||
|
||||
var employee = await _db.Employees
|
||||
.FirstOrDefaultAsync(e => e.Id == employeeId && e.CafeId == cafeId && e.DeletedAt == null, ct);
|
||||
|
||||
if (employee is null) return NotFoundError();
|
||||
|
||||
// Check username uniqueness within the cafe (excluding the employee itself)
|
||||
var conflict = await _db.Employees
|
||||
.AnyAsync(e => e.CafeId == cafeId && e.Id != employeeId && e.DeletedAt == null
|
||||
&& e.Username != null && e.Username.ToLower() == username, ct);
|
||||
if (conflict)
|
||||
return Conflict(new ApiResponse<object>(false, null, new ApiError("USERNAME_TAKEN", "This username is already in use by another employee.")));
|
||||
|
||||
employee.Username = username;
|
||||
employee.PasswordHash = PasswordHasher.Hash(request.Password);
|
||||
await _db.SaveChangesAsync(ct);
|
||||
|
||||
return Ok(new ApiResponse<object>(true, null));
|
||||
}
|
||||
|
||||
/// <summary>Remove username/password credentials from an employee. Owner/Manager only.</summary>
|
||||
[HttpDelete("employees/{employeeId}/credentials")]
|
||||
public async Task<IActionResult> RemoveCredentials(
|
||||
string cafeId,
|
||||
string employeeId,
|
||||
ITenantContext tenant,
|
||||
CancellationToken ct)
|
||||
{
|
||||
if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
|
||||
if (EnsureManager(tenant) is { } forbidden) return forbidden;
|
||||
|
||||
var employee = await _db.Employees
|
||||
.FirstOrDefaultAsync(e => e.Id == employeeId && e.CafeId == cafeId && e.DeletedAt == null, ct);
|
||||
|
||||
if (employee is null) return NotFoundError();
|
||||
|
||||
employee.Username = null;
|
||||
employee.PasswordHash = null;
|
||||
await _db.SaveChangesAsync(ct);
|
||||
|
||||
return Ok(new ApiResponse<object>(true, null));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user