/// <summary>Asynchronously authenticates the request.</summary>
/// <returns>The task that completes the authentication.</returns>
/// <param name="context">The authentication context.</param>
/// <param name="cancellationToken">The cancellation token.</param>
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
HttpRequestMessage request = context.Request;
if (request == null)
{
throw new InvalidOperationException("Request must not be null");
}
if (context.ActionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().Count > 0)
{
return;
}
if (context.Request.Headers.Authorization == null)
{
Unauthorized(context);
return;
}
try
{
var authHeader = request.Headers.Authorization.Parameter;
var accessToken = JsonConvert.DeserializeObject <AccessToken>(AccessTokenGenerator.DecryptToken(authHeader));
string cacheToken = RedisHelper.StringGet($"{SystemPlatform.FiiiCoinWork}:Investor:{accessToken.Username}");
if (authHeader == cacheToken)
{
var bc = new InvestorAccountComponent();
InvestorAccount account = bc.GetByUsername(accessToken.Username);
if (account.Status == AccountStatus.Locked)
{
AccountLocked(context);
return;
}
string lan = context.Request.Headers.AcceptLanguage.FirstOrDefault()?.Value ?? "en";
RedisHelper.StringSet($"{SystemPlatform.FiiiCoinWork}:Language:{account.Username}", lan);
SetSecurityPrincipal(ref context, account);
}
else
{
Unauthorized(context);
}
}
catch (Exception)
{
Unauthorized(context);
}
}
public AccountInfoDTO GetUserInfo(InvestorAccount investor)
{
return(new AccountInfoDTO
{
Username = investor.Username,
InvestorName = investor.InvestorName,
Cellphone = GetMaskedCellphone("", investor.Cellphone),
IsResetPassword = investor.IsUpdatePassword,
IsResetPIN = investor.IsUpdatePin
});
}
public void ModifyPIN(InvestorAccount investor, string oldPIN, string newPIN)
{
string plainNewPIN = AES128.Decrypt(newPIN, AES128.DefaultKey);
if (PasswordHasher.VerifyHashedPassword(investor.PIN, plainNewPIN))
{
throw new CommonException(ReasonCode.PIN_MUST_BE_DIFFERENT, R.新旧Pin码不能一致);
}
VerifyPIN(investor, oldPIN);
new InvestorAccountDAC().UpdatePIN(investor.Id, PasswordHasher.HashPassword(plainNewPIN));
new InvestorAccountDAC().UpdatePINStatus(investor.Id, 1);
}
private SignonDTO IssueAccessToken(InvestorAccount user)
{
var accessToken = AccessTokenGenerator.IssueToken(user.Username);
var keyLoginToken = $"{SystemPlatform.FiiiCoinWork}:Investor:{user.Username}";
RedisHelper.StringSet(keyLoginToken, accessToken, TimeSpan.FromSeconds(AccessTokenGenerator.EXPIRY_TIME));
return(new SignonDTO
{
AccessToken = accessToken
});
}
public void ModifyPassword(InvestorAccount investor, string oldPassword, string newPassword)
{
string plainNewPassword = AES128.Decrypt(newPassword, AES128.DefaultKey);
string plainOldPassword = AES128.Decrypt(oldPassword, AES128.DefaultKey);
if (!PasswordHasher.VerifyHashedPassword(investor.Password, plainOldPassword))
{
throw new CommonException(ReasonCode.WRONG_OLD_PASSWORD_ENTERRED, R.原密码不正确);
}
if (PasswordHasher.VerifyHashedPassword(investor.Password, plainNewPassword))
{
throw new CommonException(ReasonCode.WRONG_OLD_PASSWORD_ENTERRED, R.新旧密码不能一致);
}
new InvestorAccountDAC().UpdatePassword(investor.Id, PasswordHasher.HashPassword(plainNewPassword));
new InvestorAccountDAC().UpdatePasswordStatus(investor.Id, 1);
}
public SignonDTO Login(string username, string password)
{
InvestorAccount user = CheckUser(username, password);
return(IssueAccessToken(user));
}
public string VerifyPIN(InvestorAccount investor, string encryptPin)
{
new SecurityComponent().InvestorVerifyPin(investor, encryptPin);
return(new SecurityVerification(SystemPlatform.FiiiCoinWork).GenegeToken(SecurityMethod.Pin));
}
public TransferResult Transfer(InvestorAccount account, int countryId, string cellphone, decimal amount, string pinToken)
{
new SecurityVerification(SystemPlatform.FiiiCoinWork).VerifyToken(pinToken, SecurityMethod.Pin);
CountryDAC countryDac = new CountryDAC();
UserAccountDAC userAccountDac = new UserAccountDAC();
Country country = countryDac.GetById(countryId);
if (country == null)
{
throw new CommonException(ReasonCode.GENERAL_ERROR, R.AccountNotExist);
}
UserAccount userAccount = userAccountDac.GetByCountryIdAndCellphone(countryId, cellphone);
if (userAccount == null)
{
throw new CommonException(ReasonCode.GENERAL_ERROR, R.AccountNotExist);
}
InvestorAccountDAC accountDac = new InvestorAccountDAC();
if (account.Balance < amount)
{
throw new CommonException(ReasonCode.GENERAL_ERROR, R.余额不足);
}
UserWalletDAC userWalletDac = new UserWalletDAC();
UserWallet userWallet = userWalletDac.GetByAccountId(userAccount.Id, FiiiCoinUtility.Cryptocurrency.Id);
InvestorOrder investorOrder;
UserDeposit userDeposit;
using (var scope = new TransactionScope())
{
if (userWallet == null)
{
userWallet = new UserWalletComponent().GenerateWallet(userAccount.Id, FiiiCoinUtility.Cryptocurrency.Id);
}
accountDac.Decrease(account.Id, amount);
investorOrder = new InvestorOrderDAC().Insert(new InvestorOrder
{
Id = Guid.NewGuid(),
OrderNo = CreateOrderNo(),
TransactionType = InvestorTransactionType.Transfer,
Status = 1,
InverstorAccountId = account.Id,
UserAccountId = userAccount.Id,
CryptoId = FiiiCoinUtility.Cryptocurrency.Id,
CryptoAmount = amount,
Timestamp = DateTime.UtcNow
});
new InvestorWalletStatementDAC().Insert(new InvestorWalletStatement
{
Id = Guid.NewGuid(),
InvestorId = account.Id,
TagAccountId = userAccount.Id,
Action = InvestorTransactionType.Transfer,
Amount = -amount,
Balance = account.Balance - amount,
Timestamp = DateTime.UtcNow
});
// 2018-06-26: new rules IncreaseFrozen -> Increase
userWalletDac.Increase(userWallet.Id, amount);
userDeposit = new UserDepositDAC().Insert(new UserDeposit
{
UserAccountId = userAccount.Id,
UserWalletId = userWallet.Id,
FromAddress = null,
FromTag = null,
ToAddress = null,
ToTag = null,
Amount = amount,
Status = TransactionStatus.Confirmed,
Timestamp = DateTime.UtcNow,
OrderNo = CreateOrderNo(),
TransactionId = account.Id.ToString(),
SelfPlatform = true,
RequestId = null
});
scope.Complete();
}
InvestorMSMQ.PubUserDeposit(userDeposit.Id, 0);
return(new TransferResult
{
OrderId = investorOrder.Id,
OrderNo = investorOrder.OrderNo,
TargetAccount = GetMaskedCellphone(country.PhoneCode, userAccount.Cellphone),
Timestamp = DateTime.UtcNow.ToUnixTime()
});
}
public string GetBanlance(InvestorAccount account)
{
return((account?.Balance ?? 0).ToString(FiiiCoinUtility.Cryptocurrency.DecimalPlace));
}
public string GetTotalAssets(InvestorAccount account)
{
return((account?.Balance ?? 0).ToString(2));
}
private void SetSecurityPrincipal(ref HttpAuthenticationContext context, InvestorAccount account)
{
UserIdentity identity = new UserIdentity(account);
context.Principal = new UserPrincipal(identity);
}
public UserIdentity(InvestorAccount user)
{
User = user;
}
