/// <summary>
/// Create login for user. Throws exceptions if invalid, username exists or fails
/// </summary>
public static void CreateLoginForUser(User user, string name, string pwdhash, RmLoginSettings settings, RmContext context)
{
if (user == null || String.IsNullOrWhiteSpace(name) || String.IsNullOrWhiteSpace(pwdhash))
{
throw new ArgumentNullException();
}
var existing = context.UserLogins.FirstOrDefault(u => u.Name == name);
if (existing != null)
{
throw new Exception("username exists");
}
var hash = HashFromPwdHash(pwdhash, settings);
var login = new UserLogin
{
Name = name,
Hash = hash,
UserId = user.UserId
};
try
{
context.UserLogins.Add(login);
context.SaveChanges();
}
catch (Exception ex)
{
throw new Exception("operation failed", ex);
}
}
private static string HashFromPwdHash(string pwdhash, RmLoginSettings settings)
{
return(CryptoHelper.GetMd5String(
CryptoHelper.GetMd5String(pwdhash + settings.HashSalt) + settings.HashSalt
));
}
public static bool LoginWithCredentials(ISession session, string name, string pwdhash, RmLoginSettings settings, RmContext context)
{
var hash = HashFromPwdHash(pwdhash, settings);
var login = context.UserLogins.Include(u => u.User).FirstOrDefault(u => u.Name == name && u.Hash == hash);
if (login?.User != null)
{
AssignUser(session, login.User);
return(true);
}
return(false);
}
public static string ThirdPartyLogin(string itsc, string timestr, string hash, RmLoginSettings settings, RmContext context)
{
// verify third party identity
DateTime time;
if (!DateTime.TryParseExact(timestr, "yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture,
DateTimeStyles.None, out time))
{
return("R_INVALID_TIME");
}
var diff = (DateTime.UtcNow - time).TotalSeconds;
if (diff < 0)
{
return("R_FUTURE_TIME");
}
else if (diff > 10)
{
return("R_TIME_EXPIRED");
}
var target = CryptoHelper.GetMd5String(itsc + timestr + settings.ThirdPartyPsk);
if (hash != target)
{
return("R_HASH_REJECTED");
}
lock (_loginHashLock)
{
if (_acceptedHashes.Contains(hash))
{
return("R_REPLAY");
}
_acceptedHashes.Add(hash);
}
var token = GenerateToken();
lock (_loginEntryLock)
{
var tuple = _thirdPartyLogins.FirstOrDefault(t => t.Item2 == itsc);
if (tuple != null)
{
_thirdPartyLogins.Remove(tuple);
}
tuple = new Tuple <DateTime, string, string>(time, itsc, token);
_thirdPartyLogins.Add(tuple);
}
return(token);
}
public ApiUserController(RmContext context, IOptions <RmSettings> options, IOptions <RmLoginSettings> loginOptions) : base(context, options)
{
_loginSettings = loginOptions.Value;
}
