public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request. - Logout");
string session_token = req.Query["token"]; //Get Session token from POST
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
session_token = session_token ?? data?.token; //get the token if serialized
GenerateResponses Gr = new GenerateResponses();
if (string.IsNullOrEmpty(session_token))
{
Gr.BadRequest("Token Empty");
}
try
{
DatabaseConnector DBconn = new DatabaseConnector(); //Create object to connect to Database
SqlConnection connection = DBconn.connector("Users"); //connect to User database
//Command to delete tokens which are expired
SqlCommand command = new SqlCommand("update Users set session_token=null where session_token=@token", connection);
//Add value to the token
command.Parameters.AddWithValue("@token", session_token);
connection.Open();
command.ExecuteNonQuery();
connection.Close();
return(Gr.OkResponse("Token invalidated")); //Invalidate Token on logout
}catch (Exception e)
{
Console.WriteLine(e.ToString());
return(Gr.BadRequest("Token Not invalidated"));
}
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
Token tk_1 = new Token();
tk_1.GenerateToken();
string uname = req.Query["uname"]; // get username
string pswrd = req.Query["pswrd"]; // get password
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
uname = uname ?? data?.uname;
pswrd = pswrd ?? data?.pswrd;
string username = null;
string pswrd_hash = null;
string salt = null;
string flag = null;
GenerateResponses Gr = new GenerateResponses(); // Initializing response generator
SqlDataReader reader; //Sql Data Reaeder
byte[] Hash; // Store hash bytes
SHA256 sha256 = SHA256.Create(); // SHA256 generator
Encoding enc = Encoding.UTF8; // Encoding method
StringBuilder hashbuilder = new StringBuilder(); // hash string builder
//check if uname or pswrd is null
if (string.IsNullOrEmpty(uname) || string.IsNullOrEmpty(pswrd))
{
return(new BadRequestObjectResult("Password or Username Empty"));
}
DatabaseConnector DB_Con = new DatabaseConnector(); //Object for database connector
SqlConnection connection = DB_Con.connector("Users"); //Returns a DB connection
//If connection is not established, send internal server error
if (connection == null)
{
return(Gr.InternalServerError("Internal server error cannot connect to Database")); // Ends if connection to database cannot be established
}
connection.Open(); // Open connection to database
// SQL query to get username
SqlCommand sqlCommand = new SqlCommand("select username, password_hash, salt, flag from Users where username=@uname", connection);
sqlCommand.Parameters.AddWithValue("@uname", uname);
reader = sqlCommand.ExecuteReader(); // Execute query and read data
// Get username and password
while (reader.Read())
{
username = reader[0].ToString();
pswrd_hash = reader[1].ToString();
salt = reader[2].ToString();
flag = reader[3].ToString();
}
connection.Close(); // Close connection to database
Hash = sha256.ComputeHash(enc.GetBytes(pswrd + salt)); // Compute SHA256 hash for password
// Convert each value in the hash byte to hex and put inside hashbuilder
foreach (var h in Hash)
{
hashbuilder.Append(h.ToString("x2"));
}
// get the SHA256 hex for the hash
pswrd = hashbuilder.ToString();
// Check if username is empty
if (string.IsNullOrEmpty(username))
{
return(Gr.BadRequest("Entered Username doesn't exist"));
}
// Check the password with password hash and generate token
if (pswrd == pswrd_hash)
{
Token tk = new Token(); // Init token class
string token = tk.GenerateToken(); // Generate token and store
//bool token_val = tk.IsTokenValid(token); // check if token is valid
DatabaseConnector DBConn = new DatabaseConnector();
SqlConnection conn = DBConn.connector("Users");
//
SqlCommand cmd = new SqlCommand("update Users set session_token=@token where username=@uname ", conn);
cmd.Parameters.AddWithValue("@uname", username);
cmd.Parameters.AddWithValue("@token", token);
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
string[] DataToReturn = { token.ToString(), flag.ToString() };
var json = JsonConvert.SerializeObject(DataToReturn);
return(Gr.OkResponse(json)); // return token value if token is valid
}
else
{
return(Gr.BadRequest("username or password incorrect")); // return if password is incorrect
}
}
