Code clean up

-- WEB API --
-Added server side validation
-Code refactor
-Added XML comment blocks
-Updated swagger

-- WEB CLIENT --
-Adjusted pascal case variables to camel case
-Added logout on created() in home/login

Author: jioo

WebApi/Controllers/AccountsController.cs

@@ -19,83 +19,71 @@ namespace WebApi.Controllers
     [Route("api/[controller]")]
     public class AccountsController : ControllerBase
     {
-        private readonly IRepository<Employee> _repo;
-        private readonly IEmployeeService _service;
         private readonly UserManager<User> _manager;
+        private readonly IEmployeeService _service;
         private readonly IMapper _mapper;
 
         public AccountsController(
-            IRepository<Employee> repo,
             UserManager<User> manager,
             IEmployeeService service,
             IMapper mapper)
         {
-            _repo = repo;
-            _service = service;
             _manager = manager;
+            _service = service;
             _mapper = mapper;
         }
 
         // POST: api/accounts/register
         [HttpPost("register")]
         public async Task<IActionResult> Register([FromBody]RegisterViewModel model)
         {
-            if (!ModelState.IsValid)
+            var isCardExist = await _service.isCardExist(Guid.Empty, model.CardNo);
+            if (isCardExist)
             {
-                return BadRequest("Invalid Request!");
+                return BadRequest("Card No. is already in use");
             }
 
-            if (await _service.isCardExist(Guid.Empty, model.CardNo))
+            var isUsernameExist = await _manager.FindByNameAsync(model.UserName);
+            if(isUsernameExist != null)
             {
-                return BadRequest("Card No. is already in use");
+                return BadRequest($"Username {model.UserName} is already taken");
             }
 
             // Create user account
             var user = new User { UserName = model.UserName };
             var result = await _manager.CreateAsync(user, model.Password);
             await _manager.AddToRoleAsync(user, "Employee");
 
-            if (!result.Succeeded) return new BadRequestObjectResult("Username \'" + model.UserName + "\' is already taken");
-
-            try
-            {
-                // Synchronize account to customer
-                var emp = new Employee
-                {
-                    IdentityId = user.Id,
-                    Identity = user,
-                    FullName = model.FullName,
-                    CardNo = model.CardNo,
-                    Position = model.Position
-                };
+            // Check if account is successfully registered
+            if (!result.Succeeded) return new BadRequestObjectResult("Unable to register account");
 
-                _repo.Context.Insert(emp);
-                await _repo.SaveAsync();
-                return new OkObjectResult(JsonConvert.SerializeObject(emp, new JsonSerializerSettings { Formatting = Formatting.Indented }));
-            }
-            catch (Exception ex)
+            // Synchronize new account to employee information
+            var syncResult = await _service.AddAsync(new EmployeeViewModel
             {
-                throw ex;
-            }
+                IdentityId = user.Id,
+                Identity = user,
+                FullName = model.FullName,
+                CardNo = model.CardNo,
+                Position = model.Position
+            });
+            return new OkObjectResult(syncResult);
         }
 
         [Authorize]
         [HttpPost("change-password")]
-        public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordViewModel model)
+        public async Task<IActionResult> ChangePassword([FromBody]ChangePasswordViewModel model)
         {
-            if (!ModelState.IsValid)
-            {
-                return BadRequest("Invalid Request!");
-            }
-
+            // Check if Old password is correct
             var user = await _manager.FindByNameAsync(model.UserName);
-            var result = await _manager.ChangePasswordAsync(user, model.OldPassword, model.NewPassword);
-
-            if (!result.Succeeded)
+            if(!await _manager.CheckPasswordAsync(user, model.OldPassword))
             {
                 return BadRequest("Incorrect password");
             }
-
+            
+            // Change account password
+            var result = await _manager.ChangePasswordAsync(user, model.OldPassword, model.NewPassword);
+            if(!result.Succeeded) return BadRequest("Unable to change password");
+            
             return Ok();
         }
     }

WebApi/Controllers/AuthController.cs

@@ -26,8 +26,7 @@ public AuthController(
             RoleManager<IdentityRole> roleManager,
             IEmployeeService service,
             IJwtService jwtService,
-            IOptions<JwtIssuerOptions> jwtOptions
-            )
+            IOptions<JwtIssuerOptions> jwtOptions)
         {
             _userManager = userManager;
             _roleManager = roleManager;
@@ -40,21 +39,21 @@ IOptions<JwtIssuerOptions> jwtOptions
         [HttpPost("login")]
         public async Task<IActionResult> Login([FromBody]LoginViewModel model)
         {
-            if (!ModelState.IsValid)
-            {
-                return BadRequest("Invalid Request!");
-            }
-
+            // Check if password is correct
             var user = await _userManager.FindByNameAsync(model.UserName);
-            if (! await _userManager.CheckPasswordAsync(user, model.Password))
-            {
-                return BadRequest("Invalid username or password"); // user does not exist
-            }
+            if (!await _userManager.CheckPasswordAsync(user, model.Password)) 
+                return BadRequest("Invalid username or password"); 
 
+            // Get User Claims
             var identity = await GetClaimsIdentity(model.UserName, model.Password);
+
+            // Check if account does not exist
             if (identity == null) return BadRequest("Invalid username or password");
 
+            // Get employee information
             var employee = await _service.GetEmployeeByUserId(user.Id);
+
+            // Generate access token for authorization
             var jwt = await Tokens.GenerateJwt(identity, _jwtService, employee.Id, employee.FullName, model.UserName, _jwtOptions);
             return new OkObjectResult(jwt);
         }
@@ -83,26 +82,30 @@ public IActionResult IsEmployee()
             return Ok();
         }
 
+        #region Helpers
         private async Task<ClaimsIdentity> GetClaimsIdentity(string userName, string password)
         {
             if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password))
                 return await Task.FromResult<ClaimsIdentity>(null);
 
-            // get the user to verifty
+            // Get the user to verifty
             var userToVerify = await _userManager.FindByNameAsync(userName);
-            // get roles
+
+            // Get roles
             var roles = await _userManager.GetRolesAsync(userToVerify);
 
             if (userToVerify == null) return await Task.FromResult<ClaimsIdentity>(null);
 
-            // check the credentials
+            // Check the credentials
             if (await _userManager.CheckPasswordAsync(userToVerify, password))
             {
-                return await Task.FromResult(_jwtService.GenerateClaimsIdentity(userName, roles, userToVerify.Id));
+                // Generate Claims
+                return await Task.FromResult(_jwtService.GenerateRoleClaimsIdentity(roles));
             }
 
             // Credentials are invalid, or account doesn't exist
             return await Task.FromResult<ClaimsIdentity>(null);
         }
+        #endregion
     }
 }

WebApi/Controllers/ConfigController.cs

@@ -20,7 +20,6 @@ namespace WebApi.Controllers
     [ApiController]
     public class ConfigController : ControllerBase
     {
-        private JsonSerializerSettings settings = new JsonSerializerSettings { Formatting = Formatting.Indented };
         private readonly IConfigService _service;
         public ConfigController(IConfigService service)
         {
@@ -31,8 +30,7 @@ public ConfigController(IConfigService service)
         [HttpGet]
         public async Task<IActionResult> Index()
         {
-            var res = await _service.FirstOrDefaultAsync();
-            return new OkObjectResult( JsonConvert.SerializeObject(res, settings) );
+            return new OkObjectResult(await _service.FirstOrDefaultAsync());
         }
 
         // PUT api/config

WebApi/Controllers/EmployeeController.cs

@@ -20,7 +20,6 @@ namespace WebApi.Controllers
     [ApiController]
     public class EmployeeController : ControllerBase
     {
-        private JsonSerializerSettings settings = new JsonSerializerSettings { Formatting = Formatting.Indented };
         private readonly IEmployeeService _service;
 
         public EmployeeController(IEmployeeService service)
@@ -29,38 +28,31 @@ public EmployeeController(IEmployeeService service)
         }
 
         // GET api/employee
+        /// <summary>
+        /// List of employees
+        /// </summary>
         [HttpGet]
         public async Task<IActionResult> Index()
         {
-            var res = await _service.GetAllAsync();
-            return new OkObjectResult( JsonConvert.SerializeObject(res, settings) );
+            return new OkObjectResult(await _service.GetAllAsync());
         }
 
         // GET api/employee/id
         [HttpGet("{id:guid}")]
         public async Task<IActionResult> Find(Guid id)
         {
-            var res = await _service.FindAsync(id);
-            return new OkObjectResult( JsonConvert.SerializeObject(res, settings) );
+            return new OkObjectResult(await _service.FindAsync(id));
         }
 
-        
         // PUT api/employee
         [HttpPut]
-        public async Task<IActionResult> Update([FromBody]EmployeeViewModel model)
+        public async Task<IActionResult> Update(EmployeeViewModel model)
         {
-            if(!ModelState.IsValid)
-            {
-                return BadRequest("Invalid Request!");
-            }
-
-            if(await _service.isCardExist(model.Id, model.CardNo))
-            {
-                return BadRequest("Card No. is already in use");
-            }
+            // Check if Card No already exist
+            var isCardExist = await _service.isCardExist(model.Id, model.CardNo);
+            if(isCardExist) return BadRequest("Card No. is already in use");
 
-            var res = await _service.UpdateAsync(model);
-            return new OkObjectResult( JsonConvert.SerializeObject(res, settings) );
+            return new OkObjectResult(await _service.UpdateAsync(model));
         }
     }
 }

WebApi/Controllers/LogController.cs

@@ -36,45 +36,29 @@ public LogController(ILogService service, IHubContext<BroadcastHub> hubContext)
         [HttpGet]
         public async Task<IActionResult> Index()
         {
-            var res = await _service.GetAllAsync();
-            return new OkObjectResult(JsonConvert.SerializeObject(res, settings));
+            return new OkObjectResult(await _service.GetAllAsync());
         }
 
         // POST api/log
         [HttpPost]
         [AllowAnonymous]
         public async Task<IActionResult> Log([FromBody] LogInOutViewModel model)
         {
-            var user = await _service.CheckCardNo(model);
-            if (user.Id == Guid.Empty)
-            {
-                return BadRequest("Invalid username or password!");
-            }
+            // Validate card no. & password
+            var user = await _service.ValidateTimeInOutCredentials(model);
+            if (user.Id == Guid.Empty) return BadRequest("Invalid username or password!");
 
-            var res = await _service.Log(user);
-            await _hubContext.Clients.All.SendAsync("employee-logged"); // broadcast to web client
-            return new OkObjectResult(JsonConvert.SerializeObject(res, settings));
+            // Broadcast to web client
+            await _hubContext.Clients.All.SendAsync("employee-logged"); 
+            return new OkObjectResult(await _service.Log(user));
         }
 
         // PUT api/log
         [HttpPut]
         [Authorize(Roles = "Admin")]
         public async Task<IActionResult> Update([FromBody]LogEditViewModel model)
         {
-            try
-            {
-                if (!ModelState.IsValid)
-                {
-                    return BadRequest("Invalid Request!");
-                }
-
-                var res = await _service.UpdateAsync(model);
-                return new OkObjectResult(JsonConvert.SerializeObject(res, settings));
-            }
-            catch (Exception ex)
-            {
-                throw ex;
-            }
+            return new OkObjectResult(await _service.UpdateAsync(model));
         }
     }
 }