Ejemplo n.º 1
0
        public async Task <IActionResult> ChangePassword(ChangePasswordRequest req)
        {
            if (HttpContext.User.IsAnonymous())
            {
                return(Challenge());
            }
            if (!ModelState.IsValid)
            {
                return(View());
            }
            var user = await Db.Users
                       .SingleOrDefaultAsync(x => x.Id == HttpContext.User.GetUserId());

            byte[] newHash = AuthUtils.GetHashFor(req.OldPassword, user.PasswordSalt);
            if (!Enumerable.SequenceEqual(newHash, user.PasswordHash))
            {
                ModelState.AddModelError("", "Incorrect password");
                return(View());
            }
            user.PasswordSalt = AuthUtils.GetRandomData(64);
            user.PasswordHash = AuthUtils.GetHashFor(req.NewPassword, user.PasswordSalt);
            await Db.SaveChangesAsync();

            return(RedirectToAction("News", "Issue"));
        }
Ejemplo n.º 2
0
        public async Task <IActionResult> Register(RegisterRequest req, [FromQuery] string redirect = "")
        {
            if (!ModelState.IsValid)
            {
                return(View());
            }
            try
            {
                ViewData["RedirectTo"] = new PathString(redirect);
            }
            catch (ArgumentException)
            {
                ViewData["RedirectTo"] = new PathString("");
            }
            var user = await Db.Users.SingleOrDefaultAsync(x => x.Username == req.Username && x.FullName == req.FullName);

            if (user != null)
            {
                ModelState.AddModelError("", "User already exists");
                return(View());
            }
            Invite inv = await Db.Invites
                         .SingleAsync(x => x.Uid == req.InviteID);

            User newUser = new User()
            {
                RoleId       = inv.RoleId, // Anonymous role
                Username     = req.Username,
                FullName     = req.FullName,
                PasswordSalt = AuthUtils.GetRandomData(64)
            };

            newUser.PasswordHash = AuthUtils.GetHashFor(req.Password, newUser.PasswordSalt);
            await Db.AddAsync(newUser);

            Db.Remove(inv);
            await Db.SaveChangesAsync();

            var userIdentity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);

            userIdentity.AddClaims(new Claim[] {
                new Claim(ClaimTypes.PrimarySid, newUser.Id.ToString()),
                new Claim(ClaimTypes.NameIdentifier, newUser.Username),
                new Claim(ClaimTypes.Name, newUser.FullName),
                new Claim(ClaimTypes.Role, newUser.RoleId.ToString())
            });
            var principal = new ClaimsPrincipal(userIdentity);
            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);

            try
            {
                return(Redirect(new PathString(redirect)));
            }
            catch (ArgumentException)
            {
                return(RedirectToAction("News", "Issue"));
            }
        }
Ejemplo n.º 3
0
        public async Task <IActionResult> Login(LoginRequest req, [FromQuery] string redirect = "")
        {
            if (!ModelState.IsValid)
            {
                return(View());
            }
            try
            {
                ViewData["RedirectTo"] = new PathString(redirect);
            }
            catch (ArgumentException)
            {
                ViewData["RedirectTo"] = new PathString("");
            }
            var user = await Db.Users
                       .SingleOrDefaultAsync(x => x.Username == req.Username);

            if (user == null)
            {
                ModelState.AddModelError("", "User not found");
                return(View());
            }
            byte[] newHash = AuthUtils.GetHashFor(req.Password, user.PasswordSalt);
            if (!Enumerable.SequenceEqual(newHash, user.PasswordHash))
            {
                ModelState.AddModelError("", "Incorrect password");
                return(View());
            }
            var userIdentity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);

            userIdentity.AddClaims(new Claim[] {
                new Claim(ClaimTypes.PrimarySid, user.Id.ToString()),
                new Claim(ClaimTypes.NameIdentifier, user.Username),
                new Claim(ClaimTypes.Name, user.FullName)
            });
            var principal = new ClaimsPrincipal(userIdentity);
            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);

            try
            {
                return(Redirect(new PathString(redirect)));
            }
            catch (ArgumentException)
            {
                return(RedirectToAction("News", "Issue"));
            }
        }
Ejemplo n.º 4
0
        public static void BuildDb()
        {
            var cfg = new ConfigurationBuilder()
                      .AddJsonFile("appsettings.json")
                      .Build();

            var dbOpts = new DbContextOptionsBuilder <PBugContext>().UseMySql(cfg.GetConnectionString("Database"));

            using (var ctx = new PBugContext(dbOpts.Options))
            {
                var logger = LoggerFactory.Create(opts => opts.AddConsole()).CreateLogger("PBug");
                logger.LogInformation("Ensuring creation of DB");
                ctx.Database.EnsureCreated();
                if (!ctx.Users.Any())
                {
                    Role anonymous = new Role()
                    {
                        Name        = "Anonymous",
                        Permissions = ""
                    };

                    Role admin = new Role()
                    {
                        Name        = "Administrator",
                        Permissions = "**"
                    };

                    ctx.AddRange(anonymous, admin);


                    User system = new User()
                    {
                        Role     = admin,
                        Username = "******",
                        FullName = "PBug System"
                    };
                    string password = Convert.ToBase64String(AuthUtils.GetRandomData(64));
                    system.PasswordSalt = AuthUtils.GetRandomData(64);
                    system.PasswordHash = AuthUtils.GetHashFor(password, system.PasswordSalt);

                    ctx.Add(system);
                    ctx.SaveChanges();
                    File.WriteAllText("systempass.txt", password);
                    logger.LogInformation("Created database. System password is in systempass.txt", password);
                }
            }
        }