public void Should_Match_Password_For_Valid_Hash()
{
var firstPassword = "******";
var firstPasswordAsHash = _passwordHasher.HashPassword(firstPassword);
Assert.True(_passwordHasher.PasswordMatches(firstPassword, firstPasswordAsHash));
}
public async Task <User> Authenticate(string email, string password)
{
var user = await _authRepository.FindByEmailAsync(email);
if (user == null || !_passwordHasher.PasswordMatches(password, user.Password))
{
return(null);
}
return(user);
}
public async Task <EmployeeResponse> Handle(EmployeeUpdateRequest request, CancellationToken cancellationToken)
{
var employee = await _context.Employees.FindByGuidAsync(request.EmployeeId, cancellationToken);
if (employee == null)
{
throw new BadRequestException(); // employee to update not found
}
employee.Birthday = request.Birthday;
employee.Email = request.Email;
employee.Firstname = request.Firstname;
employee.Lastname = request.Lastname;
// set new password only if the current and new pw are provided and the current password entered is correct
if (!string.IsNullOrEmpty(request.CurrentPassword) &&
!string.IsNullOrEmpty(request.NewPassword) &&
_hasher.PasswordMatches(request.CurrentPassword, employee.Password))
{
employee.Password = _hasher.HashPassword(request.NewPassword);
}
await _context.SaveChangesAsync(cancellationToken);
return(_mapper.Map <Employee, EmployeeResponse>(employee));
}
public async Task <ServiceResponse <AuthenticatedUserDTO> > AuthenticateUserAsync(PostUserDTO UserCredentials)
{
var user = await _userRepository.FindByEmailAsync(UserCredentials.Email);
if (user == null)
{
var errorMessage = $"Password or login is incorrect";
Log.Error(errorMessage);
return(new ServiceResponse <AuthenticatedUserDTO> {
Message = errorMessage, Success = false
});
}
if (!_passwordHasher.PasswordMatches(UserCredentials.Password, user.Password))
{
var errorMessage = $"Password or login is incorrect";
Log.Error(errorMessage);
return(new ServiceResponse <AuthenticatedUserDTO> {
Message = errorMessage, Success = false
});
}
var token = GenerateJwtToken(user);
var authenticatedUserDTO = _mapper.Map <AuthenticatedUserDTO>(user);
authenticatedUserDTO.Token = token;
return(new ServiceResponse <AuthenticatedUserDTO> {
Data = authenticatedUserDTO
});
}
public async Task <TokenResponse> CreateAccessTokenAsync(string email, string password)
{
var user = await _userService.FindByEmailAsync(email);
if (user == null || !_passwordHasher.PasswordMatches(password, user.Password))
{
return(new TokenResponse(false, "Invalid credentials.", null));
}
var token = _tokenHandler.CreateAccessToken(user);
return(new TokenResponse(true, null, token));
}
public async Task <GenericResponse <AccessToken> > CreateAccessTokenAsync(string email, string password)
{
var user = await _userService.FindByEmailAsync(email);
if (user == null || !_passwordHasher.PasswordMatches(password, user.Password))
{
return(new GenericResponse <AccessToken>("Invalid credentials."));
}
var token = _tokenHandler.CreateAccessToken(user);
return(new GenericResponse <AccessToken>(token));
}
public async Task <BaseResponse <AccessToken> > CreateAccessToken(string username, string password)
{
var user = await _userService.FindFirstOrDefault(u => u.Username.Equals(username));
if (user == null || !_passwordHasher.PasswordMatches(password, user.Password))
{
return(new BaseResponse <AccessToken>("Invalid credentials"));
}
var token = _tokenHandler.CreateAccessToken(user);
return(new BaseResponse <AccessToken>(token));
}
public UserAccessDTO Authenticate(string username, string password, string Con)
{
var user = objUserAccess.CheckUser(username, password, Con);
// var encrypt = _passwordHasher.HashPassword("K@pilit$12345");
//var decry = _passwordHasher.Decrypt(encrypt);
// return null if user not found
if (user == null && user.pPassword.Length > 0 || !_passwordHasher.PasswordMatches(password, user.pPassword))
{
return(null);
}
if (user.pOtpAuthentication)
{
var Status = objUserAccess.SendOTP(Con, user.pMobile, Convert.ToString(user.pUserID), user.pEmail);
}
else
{
// authentication successful so generate jwt token
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.pRoleid.ToString())
}),
Expires = DateTime.UtcNow.AddMinutes(180),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.pToken = tokenHandler.WriteToken(token);
// remove password before returning
user.pPassword = null;
}
return(user);
}
/// <summary>
/// Creates an Jwt for an employee if credentials are correct
/// </summary>
/// <param name="request"></param>
/// <param name="cancellationToken"></param>
/// <returns>token or null when credentials are invalid</returns>
public async Task <TokenResponse> Handle(EmployeeLoginRequest request, CancellationToken cancellationToken)
{
// Load only the needed data from employee for initial check (without roles etc)
Employee requestedEmployee = await _context.Employees
.Select(e => new Employee()
{
Guid = e.Guid,
Username = e.Username,
Password = e.Password
})
.FirstOrDefaultAsync(e => string.Equals(request.Username, e.Username, StringComparison.InvariantCultureIgnoreCase), cancellationToken);
if (requestedEmployee == null)
{
_logger.LogWarning($"Failed login attempt with username: {request.Username}");
throw new BadRequestException("The provided username or password is invalid");
}
if (!_hasher.PasswordMatches(request.Password, requestedEmployee.Password))
{
_logger.LogWarning($"Failed login attempt with username: {request.Username}");
throw new BadRequestException("The provided username or password is invalid");
}
// Reload the employee with all his roles (department and self asigned)
requestedEmployee = _context.Employees
.Include(e => e.Roles)
.ThenInclude(r => r.Role)
.Include(e => e.Department)
.ThenInclude(d => d.Roles)
.ThenInclude(r => r.Role)
.FirstOrDefault(e => e.Guid == requestedEmployee.Guid);
var rolesFromUser = requestedEmployee.Roles.Select(r => r.Role);
var rolesFromDepartment = requestedEmployee.Department?.Roles?.Select(r => r?.Role);
// add roles from employees department
rolesFromUser = rolesFromDepartment != null &&
rolesFromDepartment.Count() > 0 ? rolesFromUser.Concat(rolesFromDepartment) : rolesFromUser;
var token = _tokenGenerator.CreateToken(requestedEmployee, rolesFromUser);
return(new TokenResponse()
{
Token = token
});
}
/// <summary>
/// Creates an access token
/// </summary>
/// <param name="name"></param>
/// <param name="password"></param>
/// <returns>
/// Unsuccessful TokenResponse if the credentials are invalid;
/// Successful TokenRepsonse with the access token
/// </returns>
public async Task <TokenResponse> CreateAccessTokenAsync(string name, string password)
{
// check if the user exists and the password hash matches the password hash in the db
var user = await _userService.GetUserByNameAsync(name);
if (!user.Success || !_passwordHasher.PasswordMatches(password, user.User.Password))
{
return(new TokenResponse("Invalid credentials"));
}
// create the access token
var token = _tokenHandler.CreateAccessToken(user.User);
return(new TokenResponse(token));
}
public async Task <TokenResponse> CreateAccessTokenAsync(string email, string password)
{
var customer = await _dbContext
.Customer
.FirstAsync(c => c.Email == email);
if (customer == null || !_passwordHasher.PasswordMatches(password, customer.Password))
{
return(new TokenResponse(false, "Invalid credentials.", null));
}
var token = _tokenHandler.CreateAccessToken(customer);
return(new TokenResponse(true, null, token));
}
public async Task <bool> UpdatePasswordAsync(string email, string oldPassword, string newPassword)
{
var existingUser = await FindByEmailAsync(email);
if (existingUser == null || !_passwordHasher.PasswordMatches(oldPassword, existingUser.Password))
{
return(false);
}
existingUser.Password = _passwordHasher.HashPassword(newPassword);
_unitOfWork.UserRepository.Update(existingUser);
await _unitOfWork.SaveAsync();
return(true);
}
public async Task <string> Authentificate(string email, string password)
{
User user = await _unitOfWork.UserRepository.FindAsync(u => u.Email == email);
if (user == null || !_passwordHasher.PasswordMatches(password, user.Password))
{
return(null);
}
var token = new JwtSecurityToken(
issuer: _tokenOptions.Issuer,
audience: _tokenOptions.Audience,
claims: GetClaims(user),
expires: DateTime.UtcNow.AddSeconds(_tokenOptions.AccessTokenExpiration),
notBefore: DateTime.UtcNow,
signingCredentials: _signingConfigurations.SigningCredentials
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
//Create access token by validating the Username and Password.
public TokenResponse CreateAccessToken(string userName, string password)
{
var customer = _accountService.FindCustomerByUserName(userName);
if (customer == null || !_passwordHasher.PasswordMatches(password, customer.Password))
{
return(new TokenResponse(false, "Invalid UserName or Password.", null, null));
}
else
{
var token = _tokenHandler.BuildAccessToken(customer);
if (customer.LoginStatus == false)
{
var updated_customer = _accountService.LoginCustomer(customer);
return(new TokenResponse(true, "Logged in Successfully.", token, updated_customer));
}
else
{
return(new TokenResponse(true, "Logged in Successfully.", token, customer));;
}
}
}
public bool IsValidPassword(string providedPassword, string passwordHash)
{
return(_passwordHasher.PasswordMatches(providedPassword, passwordHash));
}
