public HttpResponseMessage Login([FromBody] UserLoginModel userLogin)
{
try
{
using (var db = new OnlineMusicEntities())
{
bool success = false;
var user = (from u in db.Users
where u.Username.ToLower() == userLogin.Username.ToLower()
select u).FirstOrDefault();
if (user != null)
{
// Prevent if user is blocked
if (user.Blocked)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
MemoryCacher cache = new MemoryCacher();
string cachePassword = cache.Get(user.Username) != null ? (string)cache.Get(user.Username) : String.Empty;
success = HashingPassword.ValidatePassword(userLogin.Password, user.Password);
if (!success)
{
success = !String.IsNullOrEmpty(cachePassword) && HashingPassword.ValidatePassword(userLogin.Password, cachePassword);
if (success)
{
Notification notification = new Notification()
{
Title = "Đăng nhập với mật khẩu tạm thời",
Message = "Bạn vừa đăng nhập bằng mật khẩu tạm thời của mình vào " + DateTime.Now.ToString() +
"\nNếu đây không phải là bạn, khuyên cáo bạn nên đổi lại mật khẩu của mình",
UserId = user.Id,
IsMark = false,
CreatedAt = DateTime.Now,
Action = NotificationAction.LOGIN_TEMPORARILY
};
db.Notifications.Add(notification);
db.SaveChanges();
}
}
}
if (success)
{
return(Request.CreateResponse(HttpStatusCode.OK, new UserModel {
User = user
}));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message));
}
}
public async Task <IActionResult> Register(RegisterModel model)
{
if (ModelState.IsValid)
{
User user = await _context.Users.FirstOrDefaultAsync(u => u.Email == model.Email);
if (user == null)
{
// добавляем пользователя в бд
user = new User {
Email = model.Email, Password = HashingPassword.GetHashPassword(model.Password)
};
Role userRole = await _context.Roles.FirstOrDefaultAsync(r => r.Name == "user");
if (userRole != null)
{
user.Role = userRole;
}
_context.Users.Add(user);
await _context.SaveChangesAsync();
await Authenticate(user); // аутентификация
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError("", "Некорректные логин и(или) пароль");
}
}
return(View(model));
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Entity <Player>()
.HasOne(p => p.Tournament)
.WithMany(t => t.Players)
.OnDelete(DeleteBehavior.SetNull);
modelBuilder.Entity <Location>()
.HasOne(p => p.Tournament)
.WithMany(t => t.Locations)
.OnDelete(DeleteBehavior.SetNull);
string adminRoleName = "admin";
string userRoleName = "user";
string adminEmail = "*****@*****.**";
string adminPassword = HashingPassword.GetHashPassword("123456");
Role adminRole = new Role {
Id = 1, Name = adminRoleName
};
Role userRole = new Role {
Id = 2, Name = userRoleName
};
User adminUser = new User {
Id = 1, Email = adminEmail, Password = adminPassword, RoleId = adminRole.Id
};
modelBuilder.Entity <Role>().HasData(new Role[] { adminRole, userRole });
modelBuilder.Entity <User>().HasData(new User[] { adminUser });
base.OnModelCreating(modelBuilder);
}
private User[] fillUsers(User admin, int userRoleId)
{
var users = new User[31];
users[0] = admin;
Random random = new Random();
for (int i = 0; i < 30; i++)
{
int randomDay = random.Next(1, 28);
int randomMonth = random.Next(1, 12);
int randomYear = random.Next(1990, 2000);
User user = new User
{
Id = 2 + i,
Name = "MockName" + i,
Surname = "MockSurname" + i,
Birthday = new DateTime(randomYear, randomMonth, randomDay),
Email = "MockEmail" + i + "@mail.ru",
Password = HashingPassword.GetHashPassword("123456"),
RoleId = userRoleId
};
users[i + 1] = user;
}
return(users);
}
public void TestGetHashPasswordWhenOnlyLettersResultCorrectHash()
{
var password = "******";
var hash = GetHash(password);
var newPassword = HashingPassword.GetHashPassword(password);
Assert.AreEqual(hash, newPassword);
}
public void TestGetHashPasswordWhenMixSimbolResultCorrectHash()
{
var password = "******";
var hash = GetHash(password);
var newPassword = HashingPassword.GetHashPassword(password);
Assert.AreEqual(hash, newPassword);
}
public void TestGetHashPasswordWhenOnlyNumberResultCorrectHash()
{
HashingPassword.Init();
var password = "******";
var hash = GetHash(password);
var newPassword = HashingPassword.GetHashPassword(password);
Assert.AreEqual(hash, newPassword);
}
public void TestIsValidPasswordWhenPasswordNotEqulasResultFalse()
{
var password = "******";
var hash = HashingPassword.GetHashPassword(password);
bool isEqulas = HashingPassword.IsValidPassword(hash, password);
Assert.True(isEqulas);
}
/// <summary>
/// private method generating PwHash from user salt
/// </summary>
/// <param name="account"></param>
/// <returns></returns>
private bool LoginPwCheck(Account account)
{
var user = GotUser(account);
using (var pwHash = new HashingPassword())
{
pwHash.salt = CustomCoder.StringToByteArray(user.Salt);
var ExistUser = pwHash.LoginHash(account);
return((ExistUser.SaltedPwHash == user.SaltedPwHash) ? true : false);
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (var db = new OnlineMusicEntities())
{
var user = (from u in db.Users
where u.Username.ToLower() == context.UserName.ToLower()
select u).FirstOrDefault();
MemoryCacher cache = new MemoryCacher();
string cachePassword = string.Empty;
if (user != null && cache.Get(user.Username) != null)
{
cachePassword = (string)cache.Get(user.Username);
}
if (user != null && (HashingPassword.ValidatePassword(context.Password, user.Password) || (!String.IsNullOrEmpty(cachePassword) && HashingPassword.ValidatePassword(context.Password, cachePassword))))
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, user.Id.ToString()));
if (user.RoleId == (int)RoleManager.Administrator)
{
identity.AddClaim(new Claim(ClaimTypes.Role, "Administrator"));
identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
}
else if (user.RoleId == (int)RoleManager.Admin)
{
identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
}
else if (user.RoleId == (int)RoleManager.VIP)
{
identity.AddClaim(new Claim(ClaimTypes.Role, "VIP"));
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
}
else if (user.RoleId == (int)RoleManager.User)
{
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
}
else
{
return;
}
context.Validated(identity);
}
else
{
context.SetError("Invalid Grant", "Provided username and password is incorrect");
return;
}
}
}
public async Task <ActionResult> Login(LoginModel model)
{
await HttpContext.SignOutAsync();
var kek1 = User;
if (ModelState.IsValid)
{
User user = null;
var hashPassword = HashingPassword.GetHashPassword(model.password);
user = _users.GetAllUsers.FirstOrDefault(item => item.email == model.email && item.password == hashPassword);
if (user != null)
{
await HttpContext.SignOutAsync();
string userRoleString;
if (user.role == 0)
{
userRoleString = "User";
}
else
{
userRoleString = "Admin";
}
var listClaims = new List <Claim>()
{
new Claim(ClaimTypes.Name, user.name),
new Claim(ClaimTypes.Email, user.email),
new Claim(ClaimTypes.Role, userRoleString),
};
var claimIndentity = new ClaimsIdentity(listClaims, "Claims");
var userPrincipal = new ClaimsPrincipal(new[] { claimIndentity });
await HttpContext.SignInAsync(userPrincipal);
_logger.LogInformation($"LOG Succecc auth for {user.name}");
ViewBag.message = "Успешная авторизация.";
return(Redirect("/Home/Index"));
}
else
{
ModelState.AddModelError("error", "Неверный логин или пароль!");
}
}
return(View(model));
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Entity <User>()
.HasMany(c => c.Chats)
.WithOne(e => e.User);
modelBuilder.Entity <Chat>()
.HasMany(c => c.Messages)
.WithOne(e => e.Chat);
modelBuilder.Entity <Chat>()
.HasMany(c => c.ChatMembers)
.WithOne(e => e.Chat);
modelBuilder.Entity <User>()
.HasMany(c => c.ChatMembers)
.WithOne(e => e.User);
string adminRoleName = "admin";
string userRoleName = "user";
string name = "Mike";
string surname = "Chernikov";
DateTime birthDay = new DateTime(1997, 09, 18);
string adminEmail = "*****@*****.**";
string adminPassword = HashingPassword.GetHashPassword("123456");
Role adminRole = new Role {
Id = 1, Name = adminRoleName
};
Role userRole = new Role {
Id = 2, Name = userRoleName
};
User adminUser = new User {
Id = 1,
Name = name,
Surname = surname,
Birthday = birthDay,
Email = adminEmail,
Password = adminPassword,
RoleId = adminRole.Id
};
modelBuilder.Entity <Role>().HasData(new Role[] { adminRole, userRole });
var users = fillUsers(adminUser, userRole.Id);
modelBuilder.Entity <User>().HasData(users);
base.OnModelCreating(modelBuilder);
}
public void CreateUser(RegisterModel model)
{
var hashPassowrd = HashingPassword.GetHashPassword(model.password);
_appDBContent.User.Add(new User
{
email = model.email,
password = hashPassowrd,
role = 0,
name = model.name
});
_appDBContent.SaveChanges();
}
public User GetCredentials(string login, string password)
{
password = HashingPassword.HashPassword(password);
using (UserRepository repository = new UserRepository())
{
User user = repository.Get((u => u.Login == login && u.Password == password)).FirstOrDefault();
if (user != null)
{
user.Password = String.Empty;
return(user);
}
return(null);
}
}
public async Task <IActionResult> Create([Bind("Id,Email,Password,RoleId")] User user)
{
initDataView();
if (ModelState.IsValid)
{
user.Password = HashingPassword.GetHashPassword(user.Password);
_context.Add(user);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
ViewData["RoleId"] = new SelectList(_context.Roles, "Id", "Id", user.RoleId);
return(View(user));
}
private bool CreateHash(string password, string storedPass)
{
string storedPassword = storedPass;
byte[] hashByte = Convert.FromBase64String(storedPassword);
HashingPassword hash = new HashingPassword(hashByte);
if (hash.VerifyPassword(password))
{
return(true);
}
return(false);
}
public HttpResponseMessage ChangePassword([FromUri] int id, PasswordModel passwordModel)
{
var identity = (ClaimsIdentity)User.Identity;
if (identity.Name != id.ToString())
{
return(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "Invalid Token"));
}
using (var db = new OnlineMusicEntities())
{
try
{
var user = (from u in db.Users
where u.Id == id
select u).FirstOrDefault();
if (user == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, $"Tài khoản với id={id} không tồn tại"));
}
else
{
MemoryCacher cache = new MemoryCacher();
string cachePassword = cache.Get(user.Username) != null ? (string)cache.Get(user.Username) : String.Empty;
bool isValid = HashingPassword.ValidatePassword(passwordModel.OldPassword, user.Password);
if (!isValid)
{
// Try check cache password
isValid = !String.IsNullOrEmpty(cachePassword) && HashingPassword.ValidatePassword(passwordModel.OldPassword, cachePassword);
}
if (!isValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "Mật khẩu cũ không đúng"));
}
else
{
user.Password = HashingPassword.HashPassword(passwordModel.NewPassword);
cache.Delete(user.Username);
db.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK));
}
}
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message));
}
}
}
public async Task <User> Login(string userName, string password)
{
var user = await DataContext.Users.FirstOrDefaultAsync(x => x.UserName.ToLower() == userName.ToLower());
if (user == null)
{
return(null);
}
if (!HashingPassword.checkPassword(password, user.PasswordHash, user.PasswordSalt))
{
return(null);
}
return(user);
}
public EditPersonalViewModel()
{
_model = new Model();
ResetVis = false;
_p1 = string.Empty;
_p2 = string.Empty;
old_name = _name;
old_lastname = _lastname;
old_phone = _phone;
old_pos = _pos;
old_fullname = _fullname;
hashing = new HashingPassword();
FullName = (_name + " " + _lastname);
}
public HttpResponseMessage Add(HttpRequestMessage request, User user)
{
try
{
using (UserRepository rep = new UserRepository())
{
user.Password = HashingPassword.HashPassword(user.Password);
rep.Add(user);
rep.SaveAll();
}
user.Password = null;
return(request.CreateResponse <User>(HttpStatusCode.OK, user));
}
catch (Exception e)
{
return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "Não foi possível inserir usuário [" + e.Message + "]"));
}
}
private void BtnRegister_Click(object sender, RoutedEventArgs e)
{
Database database = new Database();
string userFolder = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().GetName().CodeBase) + "\\Users\\" + BoxUsername.Text;
userFolder = new Uri(userFolder).LocalPath;
Directory.CreateDirectory(userFolder);
if (!database.Write(new User(BoxUsername.Text, HashingPassword.Hash(BoxPassword.Password), BoxCertPath.Text, userFolder)))
{
MessageBox.Show("Failed register. Username already exists.");
}
else
{
MessageBox.Show("Register success.");
}
}
public HttpResponseMessage Update(HttpRequestMessage request, User user, int?modifyPWd)
{
try
{
using (UserRepository rep = new UserRepository())
{
if (modifyPWd != null && modifyPWd == 1)
{
user.Password = HashingPassword.HashPassword(user.Password);
}
rep.Update(user);
rep.SaveAll();
}
return(request.CreateResponse <User>(HttpStatusCode.Accepted, user));
}
catch (Exception e)
{
return(request.CreateErrorResponse(HttpStatusCode.BadRequest, e.Message));
}
}
public async Task <bool> Register(User user, string password)
{
try
{
byte[] passwordHash, passwordSalt;
HashingPassword.CreatePassword(password, out passwordHash, out passwordSalt);
user.PasswordHash = passwordHash;
user.PasswordSalt = passwordSalt;
await DataContext.Users.AddAsync(user);
await DataContext.SaveChangesAsync();
return(true);
}
catch
{
return(false);
}
}
private void BtnLogin_Click(object sender, RoutedEventArgs e)
{
Database database = new Database();
User loggedUser = database.Read(BoxUsername.Text, HashingPassword.Hash(BoxPassword.Password), BoxCertPath.Text);
if (loggedUser == null)
{
MessageBox.Show("Failed login.");
}
else
{
MessageBox.Show("Login succesfull.");
MessageBoxResult result = MessageBox.Show("Do you want to enter decryption mode?",
"Confirmation",
MessageBoxButton.YesNo,
MessageBoxImage.Question);
Hide();
if (result == MessageBoxResult.No)
{
EncryptionWindow encryptionWindow = new EncryptionWindow
{
LoggedUser = loggedUser,
AvailableUsers = database.ReadAll()
};
encryptionWindow.Fill();
encryptionWindow.Show();
}
else
{
DecryptionWindow decryptionWindow = new DecryptionWindow
{
LoggedUser = loggedUser,
AvailableUsers = database.ReadAll()
};
decryptionWindow.Fill();
decryptionWindow.Show();
}
}
}
public static void Main(string[] args)
{
HashingPassword.Init();
var host = CreateWebHostBuilder(args).Build();
using (var scope = host.Services.CreateScope())
{
var services = scope.ServiceProvider;
try
{
var context = services.GetRequiredService <ApplicationContext>();
DbInitializer.Initialize(context);
}
catch (Exception ex)
{
var logger = services.GetRequiredService <ILogger <Program> >();
logger.LogError(ex, "An error occurred while seeding the database.");
}
}
host.Run();
}
public EditPersonalViewModel(int id)
{
_model = new Model();
ResetVis = false;
_p1 = string.Empty;
_p2 = string.Empty;
hashing = new HashingPassword();
Id = id;
Staff item = _model.db.StaffSet.Find(Id);
if (item.Id == Id)
{
_name = item.FirstName;
_lastname = item.LastName;
_phone = item.phone_number;
_login = item.login;
_password = item.password;
Cur_pos = item.Staff_Pos;
_pos = item.Staff_Pos.Position;
_cur_secretword = item.secret_word;
}
old_name = _name;
old_lastname = _lastname;
old_phone = _phone;
old_pos = _pos;
old_fullname = _fullname;
old_login = _login;
old_password = _password;
staff_Pos = _model.db.Staff_PosSet.ToList();
FullName = (_name + " " + _lastname);
}
public void TestInitClass()
{
HashingPassword.Init();
}
public CustomerRepository(DbContext context) : base(context)
{
_hashing = new HashingPassword();
}
public HttpResponseMessage RecoveryPassword([FromBody] UserModel user)
{
try
{
using (var db = new OnlineMusicEntities())
{
var userData = (from u in db.Users
where u.Username.ToLower() == user.Username.ToLower() && u.Email.ToLower() == user.Email.ToLower()
select u).FirstOrDefault();
if (userData == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "Email sử dụng không trùng khớp với tài khoản"));
}
MemoryCacher cache = new MemoryCacher();
if (cache.Get(userData.Username) == null)
{
// Recovery password for user
var rand = new Random();
byte[] randomBytes = Encoding.UTF8.GetBytes(rand.Next(100000, 999999).ToString());
string newPassword = Convert.ToBase64String(randomBytes);
string subject = "Recovery password in Musikai";
string htmlBody = String.Format(@"<html><body>
<h1>Hello, {0}</h1>
<p style=""font-size: 30px"">Your temporary password is <em>{1}</em></p>
<p style=""font-size: 27px"">The password is temporary and will expire within 3 days</p>
<p style=""font-size: 25px""><strong>We recommend you change your own password after you login</strong></p>
</body></html>", userData.Username, newPassword);
if (PostEmail.Send(userData.Email, subject, htmlBody))
{
newPassword = Convert.ToBase64String(Encoding.UTF8.GetBytes(newPassword));
string encryptedPassword = HashingPassword.HashPassword(newPassword);
cache.Add(userData.Username, encryptedPassword, DateTimeOffset.Now.AddDays(3));
Notification notification = new Notification()
{
Title = "Phục hồi mật khẩu",
Message = "Mật khẩu tạm thời của bạn đã được gửi tới email. Sau khi đăng nhập khuyên cáo bạn nên thay đổi mật khẩu của mình",
UserId = userData.Id,
IsMark = false,
CreatedAt = DateTime.Now,
Action = NotificationAction.RECOVERY_PASSWORD
};
db.Notifications.Add(notification);
db.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK, "Mật khẩu khôi phục đã được gửi tới email " + userData.Email));
}
else
{
return(Request.CreateResponse(HttpStatusCode.InternalServerError));
}
}
else
{
return(Request.CreateResponse(HttpStatusCode.OK, "Mật khẩu phục hồi đã gửi tới email"));
}
}
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.StackTrace));
}
}
public void Setup()
{
HashingPassword.Init();
}
