public IActionResult Post(LoginVM login) { try { var userExist = _context.Users.SingleOrDefault(u => u.UserName == login.UserName); if (BCrypt.Net.BCrypt.Verify(login.Password, userExist.PasswordHash)) { var role = _context.Roles.Where(r => r.UserRoles.Any(ur => ur.UserId == userExist.Id)).Select(r => r.Name).ToArray(); var name = _context.Biodatas.Single(b => b.Id == userExist.Id); LoginConfirmation loginConfirmation = new LoginConfirmation { Id = userExist.Id, UserName = userExist.UserName, Email = userExist.Email, Role = role, FirstName = name.FirstName, LastName = name.LastName, Phone = userExist.PhoneNumber }; var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Sub, _configuration["Jwt:Subject"]), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, DateTime.UtcNow.ToString()), new Claim("Id", loginConfirmation.Id), new Claim("UserName", loginConfirmation.UserName), new Claim("Email", loginConfirmation.Email), new Claim("Role", loginConfirmation.Role[0]), new Claim("FirstName", loginConfirmation.FirstName), new Claim("LastName", loginConfirmation.LastName), new Claim("Phone", loginConfirmation.Phone) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:Key"])); var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken(_configuration["Jwt:Issuer"], _configuration["Jwt:Audience"] , claims, expires: DateTime.UtcNow.AddSeconds(30), signingCredentials: signIn); return(Ok(new JwtSecurityTokenHandler().WriteToken(token))); } else { return(BadRequest("Wrong Password")); } } catch (Exception) { return(NotFound("Username does not exist")); } }
private void protocol(SslStream sslStream) { //sslStream.ReadTimeout = 5000; //sslStream.WriteTimeout = 5000; /* User authentication */ UserData userData = null; object req = null; req = Util.readObject(sslStream); if (req is LoginRequest) { var lr = (LoginRequest)req; log(Util.XmlSerializeToString(lr)); userData = serverData.users.Find(x => x.username == lr.username); if (userData==null) { log("Login failed: unknown user"); return; } LoginChallenge lc = new LoginChallenge() { passwordSalt = userData.passwordSalt }; Util.writeObject(sslStream, lc); log(Util.XmlSerializeToString(lc)); } else { log("Login failed: did not receive loginRequest"); return; } req = Util.readObject(sslStream); if (req is LoginResponse) { var lr = (LoginResponse)req; log(Util.XmlSerializeToString(lr)); if (lr.passwordHash != userData.passwordHash) { log("Login failed: different password hash"); } var lc = new LoginConfirmation() { encryptedPrivateKey = userData.encryptedPrivateKey, privateIV = userData.privateIV, KEKSalt = userData.KEKSalt }; foreach(var x in serverData.users) { lc.permission.Add(new UserPublicKey() { username = x.username, publicKey = x.publicKey}); } Util.writeObject(sslStream, lc); log(Util.XmlSerializeToString(lc)); } else { log("Login failed: did not receive loginRequest"); return; } log("Login successfull"); /* User is now authenticated. */ while (true) { req = Util.readObject(sslStream); if(req is ReadCalendarRequest) { ReadCalendarRequest read = (ReadCalendarRequest)req; var calendarName = read.calendarName; SecureCalendar sc = serverData.calendars.Find(c => c.name == calendarName); if(sc == null) { log("Read calendar invalid"); return; } var efek = sc.keys.Find(x => x.username == userData.username); if(efek == null) { log("Read calendar invlalid"); return; } Util.writeObject(sslStream, sc); log("Read successfull"); }else if(req is SecureCalendar) { SecureCalendar newCalendar = (SecureCalendar)req; SecureCalendar oldCalendar = serverData.calendars.Find(c => c.name == newCalendar.name); if (oldCalendar == null) { log("Write calendar invalid"); return; } var efek = oldCalendar.keys.Find(x => x.username == userData.username); if (efek == null) { log("Read calendar invlalid"); return; } serverData.calendars.Add(newCalendar); serverData.calendars.Remove(oldCalendar); log("Write successfull"); // TODO check if permitions where changed } else { var m = "null"; if (req != null) m = req.GetType().ToString(); logF("Protocol failed: received unexpected message type:{0}", m); } } }