public async Task <ActionResult> Logout([FromBody] UserIdentifiedDTO userIdentifiedDTO)
{
string username = userIdentifiedDTO.Username;
string authTokenString = userIdentifiedDTO.AuthToken;
Account accountToFind = _smallPostersContext.Accounts.FirstOrDefault(a => a.Username == username);
if (accountToFind == null)
{
return(StatusCode(StatusCodes.Status400BadRequest));
}
string hashedAuthTokenString = HashPair.Generate(authTokenString, accountToFind.Salt);
AuthToken authToken = _smallPostersContext.AuthTokens.FirstOrDefault
(a => a.HashedValue == hashedAuthTokenString && a.AccountId == accountToFind.Id);
if (authToken == null)
{
return(StatusCode(StatusCodes.Status404NotFound));
}
else
{
authToken.IsValid = false;
await _smallPostersContext.SaveChangesAsync();
return(StatusCode(StatusCodes.Status200OK));
}
}
public async Task <IActionResult> Create([Bind("ID,Username,Password,ConfirmPassword, Name,Avatar,RememberToken, Roles, Permissions")] UserViewModel userViewModel, IFormFile Avatar)
{
User user = userViewModel.GetEntity();
if (ModelState.IsValid)
{
//上传头像
long size = Avatar.Length;
await _storage.Put(Avatar, "images/avatar");
string url = _storage.GetFileUrl();
if (url.Length > 0)
{
user.Avatar = url;
}
HashPair hashPair = Encrypt.Password(userViewModel.Password);
user.Password = hashPair.Hashed;
user.Salt = hashPair.Salt;
_context.Add(user);
rbac.AddUserRoles(user, userViewModel.Roles);
rbac.AddUserPermissions(user, userViewModel.Permissions);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
else
{
GetErrorListFromModelState(ModelState);
}
return(Create());
}
public async Task <ActionResult <UserIdentifiedDTO> > Login([FromBody] UserLoginDTO userRegisterDTO)
{
string username = userRegisterDTO.Username;
string password = userRegisterDTO.Password;
Models.Account accountToFind = _smallPostersContext.Accounts.FirstOrDefault(a => a.Username == username);
if (accountToFind == null)
{
return(StatusCode(StatusCodes.Status401Unauthorized));
}
string passwordHash = HashPair.Generate(password, accountToFind.Salt);
if (accountToFind.PasswordHash == passwordHash)
{
string authTokenString = HashPair.Generate(TokenGenerator.GetUniqueKey(TokenSize), accountToFind.Salt);
string hashedAuthTokenString = HashPair.Generate(authTokenString, accountToFind.Salt);
Models.AuthToken authToken = new Models.AuthToken(hashedAuthTokenString, accountToFind);
_smallPostersContext.AuthTokens.Add(authToken);
await _smallPostersContext.SaveChangesAsync();
return(new UserIdentifiedDTO {
Username = username, AuthToken = authTokenString, IsAdmin = accountToFind.IsAdmin
});
}
else
{
return(StatusCode(StatusCodes.Status401Unauthorized));
}
}
public Account(string name, string password, bool isAdmin)
{
Username = name;
HashPair hashedPassword = HashPair.Generate(password);
PasswordHash = hashedPassword.Hash;
Salt = hashedPassword.Salt;
IsAdmin = isAdmin;
Ads = new List <Ad>();
AuthTokens = new List <AuthToken>();
}
public async Task <Account> GetUser(string username, string authTokenString)
{
Models.Account accountToFind = _smallPostersContext.Accounts.FirstOrDefault
(a => a.Username == username);
if (accountToFind == null)
{
return(null);
}
string hashedToken = HashPair.Generate(authTokenString, accountToFind.Salt);
AuthToken authTokenToFind = await _smallPostersContext.AuthTokens.FirstOrDefaultAsync
(a => a.IsValid == true && a.HashedValue == hashedToken);
if (authTokenToFind == null)
{
return(null);
}
return(accountToFind);
}
private Object EvalHashLiteral(HashLiteral hash, Environment env)
{
var pairs = new Dictionary <HashKey, HashPair>();
foreach (var kvp in hash.Pairs)
{
var key = this.Eval(kvp.Key, env);
if (this.IsError(key))
{
return(key);
}
var hashKey = key as Hashable;
if (hashKey == null)
{
return(new Error()
{
Message = $"Unusable as hash key: {key.Type}"
});
}
var value = this.Eval(kvp.Value, env);
if (this.IsError(value))
{
return(value);
}
var hashed = hashKey.HashKey();
pairs[hashed] = new HashPair()
{
Key = key, Value = value
};
}
return(new Hash()
{
Pairs = pairs
});
}
private Object EvalHashIndexExpression(Object left, Object index)
{
var hash = left as Hash;
var key = index as Hashable;
if (key == null)
{
return(new Error()
{
Message = $"Unusable as hash key: {index.Type}"
});
}
HashPair pair = null;
if (hash.Pairs.TryGetValue(key.HashKey(), out pair))
{
return(pair.Value);
}
return(Null);
}
public ActionResult <UserIdentifiedDTO> Register([FromBody] UserRegisterDTO userRegisterDTO)
{
string username = userRegisterDTO.Username;
string password = userRegisterDTO.Password;
if (_smallPostersContext.Accounts.Any(a => a.Username == username))
{
return(StatusCode(StatusCodes.Status409Conflict));
}
Models.Account accountToAdd = new Models.Account(username, password, false);
_smallPostersContext.Accounts.Add(accountToAdd);
_smallPostersContext.SaveChanges();
string authTokenString = HashPair.Generate(TokenGenerator.GetUniqueKey(TokenSize), accountToAdd.Salt);
string hashedAuthTokenString = HashPair.Generate(authTokenString, accountToAdd.Salt);
Models.AuthToken authToken = new Models.AuthToken(hashedAuthTokenString, accountToAdd);
_smallPostersContext.AuthTokens.Add(authToken);
_smallPostersContext.SaveChanges();
return(new UserIdentifiedDTO {
Username = username, AuthToken = authTokenString, IsAdmin = accountToAdd.IsAdmin
});
}
public async Task <IActionResult> Edit(int id, [Bind("ID,Username,Password,ConfirmPassword, Name,Avatar,RememberToken, Roles, Permissions")] UserViewModel userViewModel, IFormFile Avatar)
{
User user = userViewModel.GetEntity();
if (id != user.ID)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
var oldUser = _context.User.Find(id);
//修改头像
if (Avatar != null)
{
//上传头像
long size = Avatar.Length;
await _storage.Put(Avatar, "images/avatar");
string url = _storage.GetFileUrl();
if (url.Length > 0)
{
user.Avatar = url;
}
}
else
{
user.Avatar = oldUser.Avatar;
}
//修改密码
if (oldUser.Password != user.Password)
{
HashPair hash = Encrypt.Password(user.Password);
user.Password = hash.Hashed;
user.Salt = hash.Salt;
}
_context.Entry(oldUser).CurrentValues.SetValues(user); //更新用户信息
//编辑用户权限
rbac.RemoveUserAuthorities(user); //删除旧权限
rbac.AddUserRoles(user, userViewModel.Roles); //增添新用户角色对应关系
rbac.AddUserPermissions(user, userViewModel.Permissions); //添加新用户权限对应关系
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(user.ID))
{
return(NotFound());
}
else
{
throw;
}
}
return(RedirectToAction(nameof(Index)));
}
else
{
GetErrorListFromModelState(ModelState);
}
return(await Edit(id));
}