public async Task <IActionResult> Authenticate(string login, string password)
{
if (String.IsNullOrEmpty(login) || String.IsNullOrEmpty(password))
{
return(BadRequest());
}
try
{
var identity = await GetIdentity(login, password);
if (identity == null)
{
return(BadRequest(new { errorText = "Invalid username or password." }));
}
var response = JWT.Create(identity);
return(Ok(response));
}
catch (Exception err)
{
return(BadRequest(err.Message));
}
}
public IActionResult Login()
{
var user = Database.GetUser(Guid.Parse(User.Claims.FirstOrDefault(c => c.Type == "uid").Value));
return(Ok(new {
user = user,
token = JWT.Create(user).Serialize(),
}));
}
[MTest] public void Create()
{
var newData = new SampleTokenData("1234567890", "John Doe", true);
var key = "secret";
var newToken = JWT.Create(newData, key);
Assert(newToken == VALID_TOKEN_STR, "signature not match.");
}
public UserModule(IUnitOfWork unitOfWork, IOptions <Secrets> secrets)
{
_unitOfWork = unitOfWork;
_secrets = secrets.Value;
Get("/public/users", _ => {
return(_unitOfWork.UserRepository.GetAllUsers().Select(x => new DTO.User()
{
Email = x.Email, UserId = x.Id
}));
});
Post("/public/users", args => {
DTO.LoginCredentials user = this.Bind();
if (_unitOfWork.UserRepository.GetUser(user.Email) == null)
{
User userToAdd = new User();
//Do hashing here
string password = user.Password;
Tuple <string, string> result = PasswordHash.hash(password);
userToAdd.PasswordHash = result.Item1;
userToAdd.Salt = result.Item2;
userToAdd.Email = user.Email;
_unitOfWork.UserRepository.Create(userToAdd);
_unitOfWork.Save();
return(HttpStatusCode.OK);
}
else
{
return(HttpStatusCode.Unauthorized);
}
});
Post("/public/users/login", args => {
DTO.LoginCredentials user = this.Bind <DTO.LoginCredentials>();
User fromDb = _unitOfWork.UserRepository.GetUser(user.Email);
if (fromDb != null && PasswordHash.verify(user.Password, fromDb.PasswordHash, fromDb.Salt))
{
Dictionary <string, object> claims = new Dictionary <string, object>();
claims.Add("email", fromDb.Email);
claims.Add("userId", fromDb.Id);
return(JWT.Create(_secrets, claims));
}
else
{
return(HttpStatusCode.Unauthorized);
}
});
}
public IActionResult Login([FromBody] LoginToken login)
{
User user;
try {
user = Database.GetUser(login);
} catch (Exception e) {
return(BadRequest(e.Message));
}
return(Ok(new {
user = user,
token = JWT.Create(user).Serialize()
}));
}
public void TestVerifyWorks()
{
Secrets settings = new Secrets()
{
SecretKey = "Hello, World"
};
Dictionary <string, object> claims = new Dictionary <string, object>();
claims.Add("email", "*****@*****.**");
string token = JWT.Create(settings, claims);
Assert.True(JWT.Verify(settings, token));
string badToken = "P" + token;
Assert.False(JWT.Verify(settings, badToken));
}