public async Task <ActionResult> Logout([FromBody] UserIdentifiedDTO userIdentifiedDTO) { string username = userIdentifiedDTO.Username; string authTokenString = userIdentifiedDTO.AuthToken; Account accountToFind = _smallPostersContext.Accounts.FirstOrDefault(a => a.Username == username); if (accountToFind == null) { return(StatusCode(StatusCodes.Status400BadRequest)); } string hashedAuthTokenString = HashPair.Generate(authTokenString, accountToFind.Salt); AuthToken authToken = _smallPostersContext.AuthTokens.FirstOrDefault (a => a.HashedValue == hashedAuthTokenString && a.AccountId == accountToFind.Id); if (authToken == null) { return(StatusCode(StatusCodes.Status404NotFound)); } else { authToken.IsValid = false; await _smallPostersContext.SaveChangesAsync(); return(StatusCode(StatusCodes.Status200OK)); } }
public async Task <IActionResult> Create([Bind("ID,Username,Password,ConfirmPassword, Name,Avatar,RememberToken, Roles, Permissions")] UserViewModel userViewModel, IFormFile Avatar) { User user = userViewModel.GetEntity(); if (ModelState.IsValid) { //上传头像 long size = Avatar.Length; await _storage.Put(Avatar, "images/avatar"); string url = _storage.GetFileUrl(); if (url.Length > 0) { user.Avatar = url; } HashPair hashPair = Encrypt.Password(userViewModel.Password); user.Password = hashPair.Hashed; user.Salt = hashPair.Salt; _context.Add(user); rbac.AddUserRoles(user, userViewModel.Roles); rbac.AddUserPermissions(user, userViewModel.Permissions); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); } else { GetErrorListFromModelState(ModelState); } return(Create()); }
public async Task <ActionResult <UserIdentifiedDTO> > Login([FromBody] UserLoginDTO userRegisterDTO) { string username = userRegisterDTO.Username; string password = userRegisterDTO.Password; Models.Account accountToFind = _smallPostersContext.Accounts.FirstOrDefault(a => a.Username == username); if (accountToFind == null) { return(StatusCode(StatusCodes.Status401Unauthorized)); } string passwordHash = HashPair.Generate(password, accountToFind.Salt); if (accountToFind.PasswordHash == passwordHash) { string authTokenString = HashPair.Generate(TokenGenerator.GetUniqueKey(TokenSize), accountToFind.Salt); string hashedAuthTokenString = HashPair.Generate(authTokenString, accountToFind.Salt); Models.AuthToken authToken = new Models.AuthToken(hashedAuthTokenString, accountToFind); _smallPostersContext.AuthTokens.Add(authToken); await _smallPostersContext.SaveChangesAsync(); return(new UserIdentifiedDTO { Username = username, AuthToken = authTokenString, IsAdmin = accountToFind.IsAdmin }); } else { return(StatusCode(StatusCodes.Status401Unauthorized)); } }
public Account(string name, string password, bool isAdmin) { Username = name; HashPair hashedPassword = HashPair.Generate(password); PasswordHash = hashedPassword.Hash; Salt = hashedPassword.Salt; IsAdmin = isAdmin; Ads = new List <Ad>(); AuthTokens = new List <AuthToken>(); }
public async Task <Account> GetUser(string username, string authTokenString) { Models.Account accountToFind = _smallPostersContext.Accounts.FirstOrDefault (a => a.Username == username); if (accountToFind == null) { return(null); } string hashedToken = HashPair.Generate(authTokenString, accountToFind.Salt); AuthToken authTokenToFind = await _smallPostersContext.AuthTokens.FirstOrDefaultAsync (a => a.IsValid == true && a.HashedValue == hashedToken); if (authTokenToFind == null) { return(null); } return(accountToFind); }
private Object EvalHashLiteral(HashLiteral hash, Environment env) { var pairs = new Dictionary <HashKey, HashPair>(); foreach (var kvp in hash.Pairs) { var key = this.Eval(kvp.Key, env); if (this.IsError(key)) { return(key); } var hashKey = key as Hashable; if (hashKey == null) { return(new Error() { Message = $"Unusable as hash key: {key.Type}" }); } var value = this.Eval(kvp.Value, env); if (this.IsError(value)) { return(value); } var hashed = hashKey.HashKey(); pairs[hashed] = new HashPair() { Key = key, Value = value }; } return(new Hash() { Pairs = pairs }); }
private Object EvalHashIndexExpression(Object left, Object index) { var hash = left as Hash; var key = index as Hashable; if (key == null) { return(new Error() { Message = $"Unusable as hash key: {index.Type}" }); } HashPair pair = null; if (hash.Pairs.TryGetValue(key.HashKey(), out pair)) { return(pair.Value); } return(Null); }
public ActionResult <UserIdentifiedDTO> Register([FromBody] UserRegisterDTO userRegisterDTO) { string username = userRegisterDTO.Username; string password = userRegisterDTO.Password; if (_smallPostersContext.Accounts.Any(a => a.Username == username)) { return(StatusCode(StatusCodes.Status409Conflict)); } Models.Account accountToAdd = new Models.Account(username, password, false); _smallPostersContext.Accounts.Add(accountToAdd); _smallPostersContext.SaveChanges(); string authTokenString = HashPair.Generate(TokenGenerator.GetUniqueKey(TokenSize), accountToAdd.Salt); string hashedAuthTokenString = HashPair.Generate(authTokenString, accountToAdd.Salt); Models.AuthToken authToken = new Models.AuthToken(hashedAuthTokenString, accountToAdd); _smallPostersContext.AuthTokens.Add(authToken); _smallPostersContext.SaveChanges(); return(new UserIdentifiedDTO { Username = username, AuthToken = authTokenString, IsAdmin = accountToAdd.IsAdmin }); }
public async Task <IActionResult> Edit(int id, [Bind("ID,Username,Password,ConfirmPassword, Name,Avatar,RememberToken, Roles, Permissions")] UserViewModel userViewModel, IFormFile Avatar) { User user = userViewModel.GetEntity(); if (id != user.ID) { return(NotFound()); } if (ModelState.IsValid) { try { var oldUser = _context.User.Find(id); //修改头像 if (Avatar != null) { //上传头像 long size = Avatar.Length; await _storage.Put(Avatar, "images/avatar"); string url = _storage.GetFileUrl(); if (url.Length > 0) { user.Avatar = url; } } else { user.Avatar = oldUser.Avatar; } //修改密码 if (oldUser.Password != user.Password) { HashPair hash = Encrypt.Password(user.Password); user.Password = hash.Hashed; user.Salt = hash.Salt; } _context.Entry(oldUser).CurrentValues.SetValues(user); //更新用户信息 //编辑用户权限 rbac.RemoveUserAuthorities(user); //删除旧权限 rbac.AddUserRoles(user, userViewModel.Roles); //增添新用户角色对应关系 rbac.AddUserPermissions(user, userViewModel.Permissions); //添加新用户权限对应关系 await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!UserExists(user.ID)) { return(NotFound()); } else { throw; } } return(RedirectToAction(nameof(Index))); } else { GetErrorListFromModelState(ModelState); } return(await Edit(id)); }