public static string ValidateUser(LoginCredentialsModel user) /* Switch the empty string to authorization thingie :) */
{
if (string.IsNullOrWhiteSpace(user.Username) || string.IsNullOrWhiteSpace(user.Password))
{
return(null);
}
using (var con = GetConnection())
{
using (var cmd = con.CreateCommand())
{
cmd.CommandText = $"SELECT password FROM {DBCredentials.DB_userTable} WHERE username = '******'";
string passhash = (string)cmd.ExecuteScalar();
if (VerifyPassword(user.Password, passhash))
{
var auth = GenerateUserAuthToken();
loggedInUsers.Add(auth, GetUser(user.Username));
return(auth);
}
else
{
return(null);
}
}
}
}
public VendorModel ValidateUser(LoginCredentialsModel loginVm)
{
using (Conn)
{
string query = "SELECT Vendor.ID,FRST_NME,LAST_NME,EMAIL,PHNE,BSNS_NME,USR_NME,PSWD,Address,CITY FROM Vendor left join Address on USER_ID = Vendor.ID where USR_NME = @USR_NME and Type ='Vendor'and Vendor.IsActive = 1";
return(Conn.QueryFirstOrDefault <VendorModel>(query, new { USR_NME = loginVm.Username }));
}
}
//User Validation
public AdminModel ValidateUser(LoginCredentialsModel credentials)
{
using (Conn)
{
string query = @"SELECT * FROM Admin WHERE Username = @Username and IsActive = 1";
return(Conn.QueryFirstOrDefault <AdminModel>(query, new { credentials.Username }));
}
}
//User Validation***
public CustomerModel ValidateUser(LoginCredentialsModel credentials)
{
using (Conn)
{
string query = @"SELECT Customer.ID,FRST_NME,LAST_NME,EMAIL,PHNE,USR_NME,PSWD,Address,CITY FROM Customer
left join Address on USER_ID = Customer.ID WHERE USR_NME = @Username and Type ='Customer' and Customer.IsActive = 1";
return(Conn.QueryFirstOrDefault <CustomerModel>(query, new { credentials.Username }));
}
}
public async Task <IActionResult> CreateToken([FromBody] LoginCredentialsModel model)
{
try
{
var user = await _userMgr.FindByNameAsync(model.Username);
if (user != null)
{
var pass = await _userMgr.CheckPasswordAsync(user, model.Password);
if (/*_hasher.VerifyHashedPassword(user, user.PasswordHash, model.Password) == PasswordVerificationResult.Success*/ pass)
{
var userClaims = await _userMgr.GetClaimsAsync(user);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.GivenName, user.FirstName),
new Claim(JwtRegisteredClaimNames.FamilyName, user.LastName),
new Claim(JwtRegisteredClaimNames.Email, user.Email)
}.Union(userClaims);
var key = _config.GetSection("Tokens:key").Value;
var iss = _config.GetSection("Tokens:Issuer").Value;
var aud = _config.GetSection("Tokens:Audience").Value;
var symKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key));
var creds = new SigningCredentials(symKey, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: iss,
audience: aud,
claims: claims,
expires: DateTime.UtcNow.AddDays(1),
signingCredentials: creds
);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
expiration = token.ValidTo
}));
}
}
return(BadRequest("Invalid credentials."));
}
catch (Exception e)
{
_logger.LogError($"Exception thrown while creating JWT: {e}");
///TODO Handle exception
return(BadRequest("Failed to generate token"));
}
}
public void SaveCredentials(LoginCredentialsModel loginCredentialsModel)
{
UserConnectionRepository.DropTable <LoginCredentialsModel>();
UserConnectionRepository.CreateTable <LoginCredentialsModel>();
UserConnectionRepository.Insert(new LoginCredentialsModel()
{
Login = loginCredentialsModel.Login,
Password = loginCredentialsModel.Password
});
}
private async Task <bool> IsValidUser(LoginCredentialsModel credentials)
{
var user = await userManager.FindByNameAsync(credentials.UserName);
if (user != null)
{
return(await userManager.CheckPasswordAsync(user, credentials.Password));
}
return(false);
}
public IActionResult Authenticate([FromBody] LoginCredentialsModel model)
{
var user = _userService.Authenticate(model.Username, model.Password);
if (user == null)
{
return(BadRequest(new { message = "Username or password is incorrect" }));
}
return(Ok(user));
}
public void CreateAndRemoveUser()
{
LoginCredentialsModel u = new LoginCredentialsModel
{
Username = $"Test User {Rand.Next(int.MaxValue)}",
Password = "******"
};
var user = ProcrastinatorCore.CreateUser(u);
Assert.IsNotNull(ProcrastinatorCore.ValidateUser(u));
ProcrastinatorCore.RemoveUser(user.Id);
}
private void UpdateCredentials(Guid employerId, LoginCredentials credentials, string loginId, string password, string confirmPassword, bool useLinkedInProfile)
{
if (credentials == null)
{
if (!string.IsNullOrEmpty(loginId) || !string.IsNullOrEmpty(password) || !string.IsNullOrEmpty(confirmPassword))
{
// No existing credentials but trying to create some.
var credentialsModel = new LoginCredentialsModel {
LoginId = loginId, Password = password, ConfirmPassword = confirmPassword
};
credentialsModel.Validate();
_loginCredentialsCommand.CreateCredentials(employerId, new LoginCredentials {
LoginId = loginId, PasswordHash = LoginCredentials.HashToString(password)
});
}
}
else
{
if (loginId != credentials.LoginId)
{
// Cannot remove the login id.
if (string.IsNullOrEmpty(loginId))
{
throw new ValidationErrorsException(new RequiredValidationError("LoginId"));
}
// Check not trying to someone else's login id.
if (_loginCredentialsQuery.DoCredentialsExist(new LoginCredentials {
LoginId = loginId
}))
{
throw new DuplicateUserException();
}
// Update the credentials.
credentials.LoginId = loginId;
_loginCredentialsCommand.UpdateCredentials(employerId, credentials, employerId);
}
// If not wanting to use LinkedIn any more then remove the profile.
if (!useLinkedInProfile)
{
_linkedInCommand.DeleteProfile(employerId);
}
}
}
public VendorModel Login(LoginCredentialsModel loginVm)
{
VendorModel vendorVm = vendordao.ValidateUser(loginVm);
if (vendorVm != null)
{
if (PasswordHasher.ValidatePassword(loginVm.Password, vendorVm.PSWD))
{
return(vendorVm);
}
}
return(null);
}
//User Login
public CustomerModel Login(LoginCredentialsModel credentials)
{
CustomerModel customer = customerDao.ValidateUser(credentials);
if (customer != null)
{
if (PasswordHasher.ValidatePassword(credentials.Password, customer.PSWD))
{
return(customer);
}
}
return(null);
}
public HttpResponseMessage Login([FromBody] LoginCredentialsModel credentials)
{
if (credentials != null && !string.IsNullOrEmpty(credentials.Username))
{
CustomerModel customer = customerManager.Login(credentials);
if (customer == null)
{
var message = string.Format("Credentials are invalid!");
return(Request.CreateResponse(HttpStatusCode.NotFound, message));
}
return(Request.CreateResponse(HttpStatusCode.OK, customer));
}
return(Request.CreateErrorResponse(HttpStatusCode.NotAcceptable, "Invalid Credentials. No matching user found!"));
}
public void TokenControllerShouldReturnATokenForValidCredentials()
{
var authController = new AuthController(new Logger <AuthController>(new LoggerFactory()), userManager.Object, mockConfig.Object);
var userCred = new LoginCredentialsModel {
Username = "******", Password = "******"
};
var result = authController.CreateToken(userCred).Result;
Assert.IsType <OkObjectResult>(result);
Assert.Equal(200, ((OkObjectResult)result).StatusCode);
Assert.NotNull(((OkObjectResult)result).Value);
}
public AdminModel Login(LoginCredentialsModel credentials)
{
//string hashed = PasswordHasher.HashPassword(credentials.Password);
AdminModel admin = adminDao.ValidateUser(credentials);
if (admin != null)
{
if (PasswordHasher.ValidatePassword(credentials.Password, admin.Password))
{
return(admin);
}
}
return(null);
}
public HttpResponseMessage Login([FromBody] LoginCredentialsModel loginVm)
{
//vendorManager.resetPass();
if (loginVm != null && !string.IsNullOrEmpty(loginVm.Username))
{
VendorModel vendor = vendorManager.Login(loginVm);
if (vendor == null)
{
var message = string.Format("user credential are invalid");
return(Request.CreateResponse(HttpStatusCode.NotFound, message));
}
return(Request.CreateResponse(HttpStatusCode.OK, vendor));
}
return(Request.CreateErrorResponse(HttpStatusCode.NotAcceptable, "invalid request"));
}
internal static string ValidateUser(LoginCredentialsModel login)
{
login.Username = Sanitize(login.Username);
//var userInfo = Users.Find(u => u.GetValue("username").Equals(login.Username)).First();
var userInfo = Users.Find("{ username : '******'}").FirstOrDefault();
if (userInfo == null || userInfo.IsBsonNull)
{
return(null);
}
if (VerifyPassword(login.Password, userInfo.GetValue("passHash").AsString))
{
return(GetApiKey(userInfo.GetValue("id").AsString));
}
return(null);
}
public async Task <ActionResult> Login(LoginCredentialsModel model)
{
if (!ModelState.IsValid)
{
return(this.Fail(ModelState));
}
// add your other custom logic here
if (someLogic)
{
return(this.Success("your-message", additionalParams));
}
else
{
return(this.Fail("custom-error-message", additionalParams));
}
}
public void TokenControllerShouldRespondWithBadRequestForInvalidUser()
{
var authController = new AuthController(new Logger <AuthController>(new LoggerFactory()), userManager.Object, mockConfig.Object);
userManager.Setup(x => x.FindByNameAsync(It.IsAny <string>())).Returns(Task.FromResult(default(PlanningUser)));
var userCred = new LoginCredentialsModel {
Username = "******", Password = "******"
};
var result = authController.CreateToken(userCred).Result;
Assert.IsType <BadRequestObjectResult>(result);
Assert.Equal(400, ((BadRequestObjectResult)result).StatusCode);
Assert.Equal("Invalid credentials.", ((BadRequestObjectResult)result).Value);
}
public void TokenControllerShouldRespondWithBadRequestForInternalErros()
{
var authController = new AuthController(new Logger <AuthController>(new LoggerFactory()), userManager.Object, mockConfig.Object);
userManager.Setup(x => x.FindByNameAsync(It.IsAny <string>())).Throws(new Exception());
var userCred = new LoginCredentialsModel {
Username = "******", Password = "******"
};
var result = authController.CreateToken(userCred).Result;
Assert.IsType <BadRequestObjectResult>(result);
Assert.Equal(400, ((BadRequestObjectResult)result).StatusCode);
Assert.Equal("Failed to generate token", ((BadRequestObjectResult)result).Value);
}
/// <summary>
/// Create a new User
/// </summary>
/// <param name="user">User info</param>
/// <returns>Created User</returns>
public static User CreateUser(LoginCredentialsModel user)
{
using (var con = GetConnection())
{
using (var cmd = con.CreateCommand())
{
User newUser = new User(user.Username)
{
Id = GenerateID()
};
cmd.CommandText = $"INSERT INTO {DBCredentials.DB_userTable} VALUES ('{newUser.Id}', '{Uri.EscapeDataString(user.Username)}', '{HashPassword(user.Password)}', '{{{string.Join(",", newUser.Claims)}}}')";
cmd.ExecuteNonQuery();
return(newUser);
}
}
}
public async Task <IActionResult> Login(LoginCredentialsModel credentials)
{
var user = await _databaseContext.Users.FirstOrDefaultAsync(item => item.Username == credentials.Username);
if (user != null && Bcr.BCrypt.Verify(credentials.Password, user.Password))
{
const string issuer = "minitwit";
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, user.ID.ToString(), ClaimValueTypes.Integer, issuer),
new Claim(ClaimTypes.Name, user.Username, ClaimValueTypes.String, issuer),
new Claim(ClaimTypes.Email, user.Email, ClaimValueTypes.Email, issuer),
new Claim(ClaimTypes.Role, AuthRoles.Registered, ClaimValueTypes.String, issuer)
};
if (user.Username.Equals("admin", StringComparison.OrdinalIgnoreCase))
{
claims.Add(new Claim(ClaimTypes.Role, AuthRoles.Administrator, ClaimValueTypes.String, issuer));
}
var properties = new AuthenticationProperties
{
AllowRefresh = true,
IssuedUtc = DateTimeOffset.UtcNow
};
const string scheme = CookieAuthenticationDefaults.AuthenticationScheme;
var identity = new ClaimsIdentity(claims, scheme);
await HttpContext.SignInAsync(scheme, new ClaimsPrincipal(identity), properties);
return(RedirectToAction("UserTimeline", "Timeline", new { user.Username }));
}
ViewData["title"] = "Login";
ViewData["messages"] = new List <string>
{
"Invalid login credentials"
};
_logger.LogWarning($"Login failed using username: {credentials.Username}.");
return(View());
}
internal static bool RegisterUser(LoginCredentialsModel login, string token = null)
{
Console.WriteLine($"Creating new User: {login.Username} Token: {token}");
bool requireToken = true;
if (token == null)
{
requireToken = false;
}
try
{
UserModel referer = new UserModel(login.Username, "");
if (requireToken)
{
referer = ValidateRegistrationToken(token);
}
if (referer != null)
{
var userID = GetNewID();
var newUser = new BsonDocument
{
{ "username", Sanitize(login.Username) },
{ "id", userID },
{ "passHash", HashPassword(login.Password) },
{ "claims", new BsonArray(new string[0]) },
{ "apiKeys", new BsonArray(new string[0]) },
{ "regTokens", new BsonArray(new string[0]) },
};
Users.InsertOne(newUser);
if (requireToken)
{
RemoveRegToken(token);
}
return(true);
}
return(false);
}catch (Exception e)
{
Console.WriteLine(e.ToString());
return(false);
}
}
public async Task <IActionResult> Login([FromBody] LoginCredentialsModel credentials)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var isValid = await IsValidUser(credentials);
if (!isValid)
{
return(BadRequest("provided credentials are not valid"));
}
var user = await userManager.FindByNameAsync(credentials.UserName);
var token = jwtTokenFactory.CreateToken(user);
return(Ok(token));
}
public AuthModule() : base("/auth")
{
Post("/login", p =>
{
LoginCredentialsModel user = this.Bind <LoginCredentialsModel>();
if (user == null)
{
return new Response {
StatusCode = HttpStatusCode.Unauthorized
}
}
;
string apiKey = AobaCore.ValidateUser(user);
if (apiKey == null)
{
return new Response {
StatusCode = HttpStatusCode.Unauthorized
}
}
;
if (user.AuthMode == AuthMode.API)
{
return(Response.AsJson(new { jwt = AobaCore.GetJWT(apiKey, 365) }));
}
else
{
var token = AobaCore.GetJWT(apiKey);
return(new Response().WithHeader("Authorization", $"Bearer {token}").WithCookie("token", token));
}
});
Get("/logout", _ =>
{
return(new Response().WithCookie("token", ""));
});
Post("/register/{token}", p =>
{
LoginCredentialsModel user = this.Bind <LoginCredentialsModel>();
var token = (string)p.token;
if (!string.IsNullOrWhiteSpace(token) && AobaCore.RegisterUser(user, token.Replace(' ', '+')))
{
return(new Response {
StatusCode = HttpStatusCode.OK
});
}
else
{
return new Response {
StatusCode = HttpStatusCode.Unauthorized
}
};
});
Post("/checkuser", p =>
{
return((AobaCore.UserExists(Request.Body.AsString())) ? new Response {
StatusCode = HttpStatusCode.NotAcceptable
} : new Response {
StatusCode = HttpStatusCode.OK
});
});
}
