private void SeedData(ModelBuilder modelBuilder) { if (!System.Diagnostics.Debugger.IsAttached) { System.Diagnostics.Debugger.Launch(); } var test = modelBuilder.Entity <User>().HasData( new User { Id = 30, FirstName = "test", LastName = "user", Email = "*****@*****.**", CreatedAt = DateTime.UtcNow, IsActive = true, PasswordHash = BC.HashPassword("123456") } ); //var testuser = Users.FirstOrDefault(); modelBuilder.Entity <Post>().HasData( new Post { Id = 30, Title = "Post 1", Content = "Content post 1", CreatedAt = DateTime.UtcNow, LastModifiedAt = DateTime.UtcNow, UserId = 30 } ); }
public async Task <ActionResult <dynamic> > Put( [FromServices] DataContext context, [FromBody] User model, int userId ) { //Verificar se dados seguem model if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var user = await context.user.Where(x => x.id == userId).SingleOrDefaultAsync(); //verificar se usuario realmente existe if (user == null) { return(BadRequest(new { messsage = "Usuario não cadastrado!" })); } //atualizar dados do usuario user.name = model.name; user.password = BC.HashPassword(model.password); await context.SaveChangesAsync(); return(model); }
public IActionResult Login(string username, string password) { if (username == null || password == null) { ViewBag.Message = "Brugernavn og kodeord skal udfyldes"; return(View()); } var user = _context.User.FirstOrDefault(u => u.Username == username); if (user == null) { ViewBag.Message = "Ukendt brugernavn"; return(View()); } else { if (BC.Verify(password, user.Password)) { HttpContext.Session.SetInt32("UserId", user.Id); return(Redirect("/home/Todos")); } else { ViewBag.Message = "Forkert brugernavn eller kodeord"; return(View()); } } }
public IActionResult Register(User user) { user.Password = BC.HashPassword(user.Password); _context.User.Add(user); _context.SaveChanges(); return(Redirect("/home/login")); }
public async Task Create(User user) { string passwordHash = BC.HashPassword(user.Password); user.Password = passwordHash; await _context.Users.InsertOneAsync(user); }
public async Task <IActionResult> Login([FromForm] AccessDto data) { try { var users = await _userRepository.Get(u => !u.IsDeleted); var user = users.FirstOrDefault(u => u.Email == data.Email || u.Dni == data.Dni); if (user == null) { return(Unauthorized(new { Message = "Incorrect user or password" })); } if (!Bcrypt.Verify(data.Password, user.Password ?? string.Empty)) { return(Unauthorized(new { Message = "Incorrect user or password" })); } _httpContextAccessor.HttpContext.Session.SetString("UserId", user.Id.ToString()); _httpContextAccessor.HttpContext.Session.SetString("User_FullName", user.FullName); return(RedirectToAction(nameof(Index))); } catch (Exception e) { return(BadRequest(new { Message = "Error.", Data = e.Message })); } }
public async Task Register(RegisterRequest model, string origin) { // validate if (await _accountRepository.FindByEmail(model.Email) != null) { // send already registered error in email to prevent account enumeration sendAlreadyRegisteredEmail(model.Email, origin); return; } // map model to new account object var account = _mapper.Map <Account>(model); // first registered account is an admin var isFirstAccount = await _accountRepository.GetCount() == 0; account.Role = isFirstAccount ? Role.Admin : Role.User; account.Created = DateTime.UtcNow; account.VerificationToken = randomTokenString(); // hash password account.PasswordHash = BC.HashPassword(model.Password); // save account await _accountRepository.Add(account); // send email sendVerificationEmail(account, origin); }
public LoginResponse login([FromBody] LoginModel model, string ipAcesso) { var usuario = _context.Usuarios.SingleOrDefault(x => x.Email == model.Email); if (usuario == null || BC.Verify(BC.HashPassword(model.Senha), usuario.SenhaHash)) { throw new AppException("Email ou Senha estar Incorreto!"); } //!usuario.IsVerificado var JwtToken = generateJwtToken(usuario); var refreshToken = generateRefreshToken(ipAcesso); usuario.RecarregarToken.Add(refreshToken); _context.Update(usuario); _context.SaveChanges(); if (usuario.Role == Role.Auxi) { usuario.Id = _context.Auxiliars.SingleOrDefault(a => a.IdUsuario == usuario.Id).Id; } var reponse = _mapper.Map <LoginResponse>(usuario); reponse.jwtToken = JwtToken; reponse.RecarregarToken = refreshToken.Token; return(reponse); }
public async Task <IActionResult> ForgetPassword(int id, Account account) { if (id != account.Id) { return(BadRequest()); } // hash password String passwordHash = BC.HashPassword(account.Password); account.Password = passwordHash; _context.Entry(account).State = EntityState.Modified; try { await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!AccountExists(account.Id)) { return(NotFound()); } else { throw; } } return(CreatedAtAction("GetAccount", new { id = account.Id }, account)); }
public IActionResult Update(int id, GetUserVM dataVM) { if (ModelState.IsValid) { var getData = _context.Users.Include("Role").SingleOrDefault(x => x.Id == id); getData.Name = dataVM.Name; getData.Email = dataVM.Email; if (dataVM.Password != null) { if (!Bcrypt.Verify(dataVM.Password, getData.Password)) { getData.Password = Bcrypt.HashPassword(dataVM.Password); } } if (dataVM.RoleName != null) { var getRoleID = _context.Roles.SingleOrDefault(x => x.RoleName == dataVM.RoleName); getData.RoleId = getRoleID.RoleId; } _context.Users.Update(getData); _context.SaveChanges(); return(Ok("Successfully Updated")); } return(BadRequest("Not Successfully")); }
public async Task <IActionResult> Register([FromBody] RegisterPayload registerPayload) { try { var existingUserWithMail = _db.Users .Any(u => u.Email == registerPayload.Email); if (existingUserWithMail) { // return message that this mail is taken } var userToCreate = new User { Email = registerPayload.Email, FirstName = registerPayload.FirstName, LastName = registerPayload.LastName, PasswordHash = BC.HashPassword(registerPayload.Password), Role = "SimpleUser", }; _db.Users.Add(userToCreate); _db.SaveChanges(); return(Ok(new { status = true, user = userToCreate })); } catch (Exception) { return(new StatusCodeResult(StatusCodes.Status500InternalServerError)); } }
public static String HashGenerated(String value) { String salt = Bcrypt.GenerateSalt(); String hash = Bcrypt.HashPassword(value, salt); return(hash); }
public async Task <AuthenticateResponse> AuthenticateAsync(AuthenticateRequest model, string ipAddress) { Account account = await _context.Accounts.SingleOrDefaultAsync(x => x.Email == model.Email); if (account == null || !account.IsVerified || !BC.Verify(model.Password, account.PasswordHashed)) { throw new ApiProblemDetailsException("Username or password is incorrect", StatusCodes.Status401Unauthorized); } ; // authentication successful so generate jwt and refresh tokens string jwtToken = GenerateJwtToken(account); var refreshToken = GenerateRefreshToken(ipAddress); account.RefreshTokens.Add(refreshToken); // remove old refresh tokens from account RemoveOldRefreshTokens(account); // save changes to db _context.Update(account); await _context.SaveChangesAsync(); var response = _mapper.Map <AuthenticateResponse>(account); response.JwtToken = jwtToken; response.RefreshToken = refreshToken.Token; response.Expires = DateTime.Now.AddMinutes(_jwtSettings.DurationInMinutes); return(response); }
public AuthenticateResponse Authenticate(AuthenticateRequest model, string ipAddress) { var account = _context.Accounts.SingleOrDefault(x => x.Email == model.Email); if (account == null || !account.IsVerified || !BC.Verify(model.Password, account.PasswordHash)) { throw new AppException("Email or password is incorrect"); } // authentication successful so generate jwt and refresh tokens var jwtToken = generateJwtToken(account); var refreshToken = generateRefreshToken(ipAddress); account.RefreshTokens.Add(refreshToken); // remove old refresh tokens from account removeOldRefreshTokens(account); // save changes to db _context.Update(account); _context.SaveChanges(); var response = _mapper.Map <AuthenticateResponse>(account); response.JwtToken = jwtToken; response.RefreshToken = refreshToken.Token; return(response); }
public bool Verify(string plainText, string hash, string salt) { var saltedText = salt + plainText; var encryptedText = _encryptionService.Encrypt(saltedText); return(BCryptHasher.EnhancedVerify(encryptedText, hash)); }
public async Task <ActionResult> PutUser([FromBody] UserDTO userDto, Guid userId, Guid tenantId) { if (await _tenantRepo.GetById(tenantId) == null) { return(BadRequest("Invalid tenant id")); } if (await _repository.GetById(userId) == null) { return(BadRequest("Invalid user id")); } if (!ModelState.IsValid) { return(BadRequest("User not updated properly")); } userDto.Password = BC.HashPassword(userDto.Password); User user = await _repository.GetById(userId); user.Username = userDto.Username; user.Password = userDto.Password; user.Role = userDto.Role; user.Email = userDto.Email; await _repository.Update(user); return(Ok("User Updated Successfully..")); }
public AuthenticateAccountResponse Register(RegisterAccountRequest request) { if (_context.Accounts.Any(x => x.EmailAddress == request.EmailAddress)) { // There is already an account with given email address throw new AccountAlreadyExistsException(); } // Create new account object from the request model var account = new Account() { UserFullName = request.UserFullName, EmailAddress = request.EmailAddress, PasswordHash = BC.HashPassword(request.Password) }; // Save account _context.Accounts.Add(account); _context.SaveChanges(); // Create a response that includes the access token var response = new AuthenticateAccountResponse { AccountId = account.AccountId, UserFullName = account.UserFullName, EmailAddress = account.EmailAddress, AccessToken = GenerateJsonWebToken(account) }; return(response); }
public async Task <ActionResult <User> > UserLogin([FromBody] LoginDTO loginDto, Guid tenantId) { if (await _tenantRepo.GetById(tenantId) == null) { return(BadRequest("Invalid tenant id")); } if (!ModelState.IsValid) { return(BadRequest("Email or password is invalid")); } User user = await _repository.FirstOrDefault(x => x.Email == loginDto.Email && x.TenantId == tenantId); if (user == null) { return(BadRequest("Email or password is invalid")); } if (!BC.Verify(loginDto.Password, user.Password)) { return(BadRequest("Email or password is invalid")); } var token = _tokenManager.CreateToken(user); return(Ok(token)); }
public AccountResponse Update(string id, UpdateRequest model) { var account = accountRepository.GetById(ObjectId.Parse(id)); if (account.Email != model.Email && accountRepository.GetAll().SingleOrDefault(x => x.Email == model.Email) != null) { throw new NotImplementedException(); } { throw new Exception($"Email {model.Email} has been taken"); } // hash password if it was entered if (!string.IsNullOrEmpty(model.Password)) { account.PasswordHash = BC.HashPassword(model.Password); } // copy model to account and save mapper.Map(model, account); account.Updated = DateTime.UtcNow; accountRepository.Update(account, account.Id); return(mapper.Map <AccountResponse>(account)); }
public async Task Register(RegisterRequest model, string origin) { if (accountRepository.GetAll().SingleOrDefault(x => x.Email == model.Email) != null) { await sendAlreadyRegisteredEmail(model.Email, origin); throw new Exception($"Email {model.Email} has been registered"); } var account = mapper.Map <Account>(model); var isFirstAccount = !accountRepository.GetAll().Any(); account.Role = isFirstAccount ? Role.Admin : Role.User; account.Created = DateTime.UtcNow; // hash password account.PasswordHash = BC.HashPassword(model.Password); await accountRepository.AddAsync(account); if (model.IsExternalRegister == true) { account.VerificationToken = string.Empty; account.Verified = DateTime.Now; await accountRepository.UpdateAsync(account, account.Id); return; } account.VerificationToken = Extension.randomOTPString(); await accountRepository.UpdateAsync(account, account.Id); await sendVerificationEmail(account, origin); }
public async Task <ActionResult <Account> > PostAccount(Account account) { account.IsActive = true; account.RoleId = 1; account.IsHD = true; // hash password String passwordHash = BC.HashPassword(account.Password); account.Password = passwordHash; _context.Accounts.Add(account); await _context.SaveChangesAsync(); int id = account.Id; account.User.CreatedDate = DateTime.Now; account.User.LastLogOnDate = DateTime.Now; account.User.Gender = true; account.User.PubishFree = 3; _context.Users.Add(account.User); await _context.SaveChangesAsync(); return(CreatedAtAction("GetAccount", new { id = account.Id }, account)); }
public void Register(RegisterRequest model, string origin) { // validate if (_context.Accounts.Any(x => x.Email == model.Email)) { // send already registered error in email to prevent account enumeration sendAlreadyRegisteredEmail(model.Email, origin); return; } // map model to new account object var account = _mapper.Map <Account>(model); // first registered account is an admin var isFirstAccount = _context.Accounts.Count() == 0; account.Role = isFirstAccount ? Role.Admin : Role.User; account.Created = DateTime.UtcNow; account.VerificationToken = randomTokenString(); // hash password account.PasswordHash = BC.HashPassword(model.Password); // save account _context.Accounts.Add(account); _context.SaveChanges(); // send email sendVerificationEmail(account, origin); }
/// <summary> /// Checks if given login information is correct and returns value /// </summary> /// <param name="name">Username input</param> /// <param name="pwd">Password input</param> /// <returns>true if given login infomation is correct</returns> private bool CheckLoginInfo(string name, char[] pwd) { try { string query = "SELECT password FROM user WHERE @name LIKE username"; MySqlCommand cmd = new MySqlCommand(query, Connection) { CommandTimeout = 60 }; Connect(); cmd.Parameters.AddWithValue("@name", name); cmd.Prepare(); string retVal = cmd.ExecuteScalar() == null ? "." : cmd.ExecuteScalar().ToString(); CloseConnection(); return(!retVal.Equals(".") && Hash.CheckPassword(GetStringFromChar(pwd), retVal)); } catch (Exception ex) { Buchhaltung.Log(ex.Message); Buchhaltung.SaveErrorMsg(ex); } return(false); }
public void VerifyPassword(string password, string passwordHash) { if (!BC.Verify(password, passwordHash)) { throw new MainException(ErrorCode.NotFound, "User could not be found"); } }
public async Task <IActionResult> ChangePassword(string newPassword, string confirmPassword) { var userId = HttpContext.Session.GetInt32("UserId"); if (userId == null) { return(Redirect("/login/login")); } User user = await _dbContext.Users.FirstOrDefaultAsync(u => u.UserId == userId); if (user != null && user.UserId == userId) { if (!string.IsNullOrWhiteSpace(newPassword) && !string.IsNullOrWhiteSpace(confirmPassword)) { if (newPassword == confirmPassword) { user.Password = BC.HashPassword(confirmPassword); } } _dbContext.Update(user); _dbContext.SaveChanges(); } return(Redirect("/")); }
public async Task <IActionResult> Register([FromForm] AccessDto data) { try { var user = await _userRepository.Get(u => !u.IsDeleted && u.Email == data.Email || u.Dni == data.Dni); if (user.Any()) { return(BadRequest(new { Message = "Existing user" })); } await _userRepository.Insert(new User { Id = new Guid(), FullName = data.FullName, Dni = data.Dni, Role = await _roleRepository.GetById(RoleEnum.Standard), Email = data.Email, Password = Bcrypt.HashPassword(data.Password) }); await _userRepository.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); } catch (Exception ex) { return(BadRequest(new { Message = "Error.", Data = ex.Message })); } }
public async Task <Account> RegisterAsync(RegisterRequest model) { // validate if (await _context.Accounts.AnyAsync(x => x.Email == model.Email)) { throw new ApiProblemDetailsException("Email already exists.", StatusCodes.Status422UnprocessableEntity); } if (await _context.Accounts.AnyAsync(x => x.Username == model.Username)) { throw new ApiProblemDetailsException("Username already exists.", StatusCodes.Status422UnprocessableEntity); } // map model to new account object Account account = _mapper.Map <Account>(model); account.Role = AccountRole.Basic; account.CreatedAt = DateTime.UtcNow; account.VerificationToken = RandomTokenString(); // hash password account.PasswordHashed = BC.HashPassword(model.Password); // save account _context.Accounts.Add(account); await _context.SaveChangesAsync(); return(account); }
public IActionResult Login(string username, string password) { if (username == null || password == null) { ViewBag.Message = "Please fill out both forms"; return(View()); } string email = _protector.Protect(username); User user = _context.User.FirstOrDefault(u => u.Username == username || u.Email == email); if (user == null) { ViewBag.Message = "No such user exists (or wrong password)"; return(View()); } else { if (!BC.Verify(password, user.Password)) { ViewBag.Message = "Wrong password (or unknown user)"; return(View()); } else { HttpContext.Session.SetInt32("UserId", user.Id); Console.WriteLine($"User {user.Username} logged in"); return(Redirect("/")); } } }
public IActionResult Create(GetUserVM getUserVM) { var getUser = _context.Users.Where(x => x.Email == getUserVM.Email); if (getUser.Count() == 0) { if (ModelState.IsValid) { var getRoleId = _context.Roles.SingleOrDefault(x => x.RoleName == getUserVM.RoleName); var usr = new User { Name = getUserVM.Name, Email = getUserVM.Email, Password = Bcrypt.HashPassword(getUserVM.Password), RoleId = getRoleId.RoleId, VerifyCode = null, CreateDate = DateTimeOffset.Now, isDelete = false }; _context.Users.Add(usr); _context.SaveChanges(); return(Ok("Successfully Created")); } return(BadRequest("Not Successfully")); } return(BadRequest("Email Already Exists ")); }
public async Task <IActionResult> CheckLogin(LoginViewModel emp) { var checkLogin = await _employeeService.CheckLogin(emp.Username); if (checkLogin != null && BC.Verify(emp.Password, checkLogin.Password)) { string tokenKey = _appSettings.SerectKey; var tokenHandler = new JwtSecurityTokenHandler(); var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenKey)); var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); var tokenDescripter = new SecurityTokenDescriptor { Issuer = "NgocSy", Audience = "NgocSy", Subject = new ClaimsIdentity(new Claim[] { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), //Id of JWT new Claim("Id", checkLogin.Id.ToString()), new Claim(ClaimTypes.Role, checkLogin.IdRoleNavigation.NameRole.ToString()) }), Expires = DateTime.UtcNow.AddHours(1), SigningCredentials = credentials }; var token = tokenHandler.CreateToken(tokenDescripter); return(Ok(tokenHandler.WriteToken(token))); } return(BadRequest(new { message = "Fail login!" })); }
public bool UpdatePassword(int userId, string password) { var update = false; //security check var emailAddr = email; if(S.Server.resetPass == true && userId == 1) { //securely change admin password //get admin email address from database var parameters = new List<SqlParameter>(); parameters.Add(new SqlParameter("$userId", userId.ToString(), 0, enumSqlParameterType.isNumber)); emailAddr = (string)S.Sql.ExecuteScalar("EXEC GetUserEmail @userId=$userId", parameters); if (emailAddr != "" && emailAddr != null) { update = true; } } if(update == true) { var bCrypt = new BCrypt.Net.BCrypt(); var encrypted = BCrypt.Net.BCrypt.HashPassword(password, S.Server.bcrypt_workfactor); var sqlUser = new SqlQueries.User(S); sqlUser.UpdatePassword(userId, encrypted); S.Server.resetPass = false; } return false; }
public string EncryptPassword(string password) { BCrypt.Net.BCrypt bCrypt = new BCrypt.Net.BCrypt(); password = BCrypt.Net.BCrypt.HashPassword(password, BCrypt.Net.BCrypt.GenerateSalt(6)); return password; }