refactor: cleaned and removed duplicate endpoints in auth, roles, users and accounts endpoints

Author: kelvink96

Controllers/AccountController.cs

@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using AdminHubApi.Dtos.Auth;
 using AdminHubApi.Dtos.UserManagement;
 using AdminHubApi.Entities;
 using AdminHubApi.Interfaces;
@@ -9,22 +10,27 @@
 namespace AdminHubApi.Controllers;
 
 [ApiController]
-[Route("api/[controller]")]
-[Authorize] // Requires authentication
+[Route("api/account")]
+[Authorize] // Everything here requires authentication
 public class AccountController : ControllerBase
 {
     private readonly IUserService _userService;
     private readonly UserManager<ApplicationUser> _userManager;
+    private readonly IUserClaimsService _userClaimsService;
 
     public AccountController(
         IUserService userService,
-        UserManager<ApplicationUser> userManager)
+        UserManager<ApplicationUser> userManager,
+        IUserClaimsService userClaimsService)
     {
         _userService = userService;
         _userManager = userManager;
+        _userClaimsService = userClaimsService;
     }
 
-    // GET api/account/profile
+    /// <summary>
+    /// Get the current user's profile
+    /// </summary>
     [HttpGet("profile")]
     public async Task<IActionResult> GetProfile()
     {
@@ -39,7 +45,9 @@ public async Task<IActionResult> GetProfile()
         return Ok(response);
     }
 
-    // PUT api/account/profile
+    /// <summary>
+    /// Update the current user's profile
+    /// </summary>
     [HttpPut("profile")]
     public async Task<IActionResult> UpdateProfile([FromBody] UpdateUserDto model)
     {
@@ -58,18 +66,49 @@ public async Task<IActionResult> UpdateProfile([FromBody] UpdateUserDto model)
         return Ok(response);
     }
 
-    // POST api/account/change-password
+    /// <summary>
+    /// Change the current user's password
+    /// </summary>
     [HttpPost("change-password")]
-    public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordDto model)
+    public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequestDto model)
+    {
+        if (!ModelState.IsValid)
+            return BadRequest(ModelState);
+
+        var userId = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
+        if (string.IsNullOrEmpty(userId))
+            return Unauthorized();
+
+        var user = await _userManager.FindByIdAsync(userId);
+        if (user == null)
+            return NotFound();
+
+        var result = await _userManager.ChangePasswordAsync(user, model.CurrentPassword, model.NewPassword);
+
+        if (!result.Succeeded)
+            return BadRequest(new { 
+                message = "Password change failed",
+                errors = result.Errors.Select(e => e.Description)
+            });
+
+        return Ok(new { message = "Password changed successfully" });
+    }
+    
+    /// <summary>
+    /// Get the current user's claims
+    /// </summary>
+    [HttpGet("claims")]
+    public async Task<IActionResult> GetMyClaims()
     {
         var userId = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
         if (string.IsNullOrEmpty(userId))
             return Unauthorized();
 
-        var response = await _userService.ChangePasswordAsync(userId, model);
-        if (!response.Succeeded)
-            return BadRequest(response);
-            
-        return Ok(response);
+        var claims = await _userClaimsService.GetUserClaimsAsync(userId);
+        
+        return Ok(new
+        {
+            Claims = claims.Select(c => new { Type = c.Type, Value = c.Value })
+        });
     }
 }

Controllers/AuthController.cs

@@ -1,16 +1,15 @@
-using AdminHubApi.Dtos.Auth;
+using System.Security.Claims;
+using AdminHubApi.Dtos.Auth;
 using AdminHubApi.Entities;
 using AdminHubApi.Interfaces;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
-using System.Security.Claims;
 
 namespace AdminHubApi.Controllers;
 
 [ApiController]
-[Route("/api/auth")]
+[Route("api/auth")]
 public class AuthController : ControllerBase
 {
     private readonly UserManager<ApplicationUser> _userManager;
@@ -33,32 +32,28 @@ public AuthController(
         _jwtSettings = jwtSettings.Value;
     }
 
+    /// <summary>
+    /// Login with username and password
+    /// </summary>
     [HttpPost("login")]
     public async Task<IActionResult> Login([FromBody] AuthRequestDto request)
     {
-        // Check if model is valid
         if (!ModelState.IsValid)
             return BadRequest(ModelState);
 
-        // Check if user exists
         var user = await _userManager.FindByNameAsync(request.Username);
 
         if (user == null)
             return Unauthorized(new { message = "Username or password is incorrect" });
 
-        // Verify password
         var result = await _signinManager.CheckPasswordSignInAsync(user, request.Password, false);
 
-        if (!result.Succeeded) // FIXED: Check for NOT succeeded
+        if (!result.Succeeded)
             return Unauthorized(new { message = "Username or password is incorrect" });
 
-        // Get user roles
         var userRoles = await _userManager.GetRolesAsync(user);
-
-        // Generate token
         var token = await _tokenService.GenerateJwtTokenAsync(user, userRoles);
 
-        // Return token and user info
         return Ok(new AuthResponseDto
         {
             Token = token,
@@ -68,30 +63,28 @@ public async Task<IActionResult> Login([FromBody] AuthRequestDto request)
         });
     }
 
+    /// <summary>
+    /// Register a new user
+    /// </summary>
     [HttpPost("register")]
     public async Task<IActionResult> Register([FromBody] RegisterRequestDto request)
     {
-        // Check if model is valid
         if (!ModelState.IsValid)
             return BadRequest(ModelState);
 
-        // Check if username already exists
         if (await _userManager.FindByNameAsync(request.Username) != null)
             return BadRequest(new { message = "Username already exists" });
 
-        // Check if email already exists
         if (await _userManager.FindByEmailAsync(request.Email) != null)
             return BadRequest(new { message = "Email already exists" });
 
-        // Create new user
         var user = new ApplicationUser
         {
             UserName = request.Username,
             Email = request.Email,
             SecurityStamp = Guid.NewGuid().ToString()
         };
 
-        // Add user to database
         var result = await _userManager.CreateAsync(user, request.Password);
 
         if (!result.Succeeded)
@@ -100,7 +93,6 @@ public async Task<IActionResult> Register([FromBody] RegisterRequestDto request)
                 errors = result.Errors.Select(e => e.Description)
             });
 
-        // Add user to default role
         if (!await _roleManager.RoleExistsAsync("User"))
             await _roleManager.CreateAsync(new IdentityRole("User"));
 
@@ -109,63 +101,11 @@ public async Task<IActionResult> Register([FromBody] RegisterRequestDto request)
         return Ok(new { message = "User registered successfully" });
     }
 
-    [HttpGet("me")]
-    [Authorize]
-    public async Task<IActionResult> GetCurrentUser()
-    {
-        var userId = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
-        
-        if (string.IsNullOrEmpty(userId))
-            return Unauthorized();
-
-        var user = await _userManager.FindByIdAsync(userId);
-        
-        if (user == null)
-            return NotFound();
-
-        var roles = await _userManager.GetRolesAsync(user);
-        var claims = await _userManager.GetClaimsAsync(user);
-
-        return Ok(new
-        {
-            Id = user.Id,
-            Username = user.UserName,
-            Email = user.Email,
-            Roles = roles,
-            Claims = claims.Select(c => new { Type = c.Type, Value = c.Value })
-        });
-    }
-
-    [HttpPost("change-password")]
-    [Authorize]
-    public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequestDto request)
-    {
-        if (!ModelState.IsValid)
-            return BadRequest(ModelState);
-
-        var userId = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
-        
-        if (string.IsNullOrEmpty(userId))
-            return Unauthorized();
-
-        var user = await _userManager.FindByIdAsync(userId);
-        
-        if (user == null)
-            return NotFound();
-
-        var result = await _userManager.ChangePasswordAsync(user, request.CurrentPassword, request.NewPassword);
-
-        if (!result.Succeeded)
-            return BadRequest(new { 
-                message = "Password change failed",
-                errors = result.Errors.Select(e => e.Description)
-            });
-
-        return Ok(new { message = "Password changed successfully" });
-    }
-
+    /// <summary>
+    /// Request a password reset link
+    /// </summary>
     [HttpPost("forgot-password")]
-    public async Task<IActionResult> ForgotPassword([FromBody] ChangePasswordRequestDto request)
+    public async Task<IActionResult> ForgotPassword([FromBody] ForgotPasswordRequestDto request)
     {
         if (!ModelState.IsValid)
             return BadRequest(ModelState);
@@ -176,7 +116,6 @@ public async Task<IActionResult> ForgotPassword([FromBody] ChangePasswordRequest
         if (user == null)
             return Ok(new { message = "If your email is registered, you will receive a password reset link" });
 
-        // Generate password reset token
         var token = await _userManager.GeneratePasswordResetTokenAsync(user);
 
         // In a real app, you would send an email with the token
@@ -188,6 +127,9 @@ public async Task<IActionResult> ForgotPassword([FromBody] ChangePasswordRequest
         });
     }
 
+    /// <summary>
+    /// Reset password using token
+    /// </summary>
     [HttpPost("reset-password")]
     public async Task<IActionResult> ResetPassword([FromBody] ResetPasswordRequestDto request)
     {
@@ -210,6 +152,9 @@ public async Task<IActionResult> ResetPassword([FromBody] ResetPasswordRequestDt
         return Ok(new { message = "Password reset successful" });
     }
 
+    /// <summary>
+    /// Refresh an authentication token
+    /// </summary>
     [HttpPost("refresh-token")]
     public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDto request)
     {