public async Task <IActionResult> ChangePassword(string password, string newPassword, string confirmPassword)
{
if (string.IsNullOrEmpty(password) ||
string.IsNullOrEmpty(newPassword) ||
newPassword.Length < 8 ||
newPassword != confirmPassword)
{
ModelState.AddModelError("Message", "Invalid Password");
return(View());
}
UserBasicData basicData = new UserBasicData();
if (await basicData.FromDBAsync(UserId) == false)
{
ModelState.AddModelError("Message", "Invalid Session");
return(View());
}
if (PasswordUtility.VerifyPassword(password, basicData.Password) == false)
{
ModelState.AddModelError("Message", "Invalid Password");
return(View());
}
var query = new DBQuery_User_Update_Password();
query.IN.UserId = UserId;
query.IN.Password = PasswordUtility.HashPassword(newPassword);
await DBThread.Instance.ReqQueryAsync(query);
return(RedirectToAction("Index", "Dashboard"));
}
public async ValueTask <OperationResult <IIdentityTicket> > VerifyAsync(string key, Ticket data, string scenario, CancellationToken cancellation = default)
{
if (string.IsNullOrWhiteSpace(data.Identity))
{
if (string.IsNullOrEmpty(key))
{
return(OperationResult.Fail(SecurityReasons.InvalidIdentity, "Missing identity."));
}
data.Identity = key;
}
//获取验证失败的解决器
var attempter = this.Attempter;
//确认验证失败是否超出限制数,如果超出则返回账号被禁用
if (attempter != null && !attempter.Verify(data.Identity, data.Namespace))
{
return(OperationResult.Fail(SecurityReasons.AccountSuspended));
}
//获取当前用户的密码及密码盐
var userId = this.GetPassword(data.Identity, data.Namespace, out var storedPassword, out var storedPasswordSalt, out var status, out _);
//如果帐户不存在则返回无效账户
if (userId == 0)
{
return(OperationResult.Fail(SecurityReasons.InvalidIdentity));
}
//如果账户状态异常则返回账户状态异常
if (status != UserStatus.Active)
{
return(OperationResult.Fail(SecurityReasons.AccountDisabled));
}
//密码校验失败则返回密码验证失败
if (!PasswordUtility.VerifyPassword(data.Password, storedPassword, storedPasswordSalt, "SHA1"))
{
//通知验证尝试失败
if (attempter != null)
{
attempter.Fail(data.Identity, data.Namespace);
}
return(OperationResult.Fail(SecurityReasons.InvalidPassword));
}
//通知验证尝试成功,即清空验证失败记录
if (attempter != null)
{
attempter.Done(data.Identity, data.Namespace);
}
return(OperationResult.Success <IIdentityTicket>(new Ticket(data.Namespace, data.Identity)));
}
public void VerifyPasswordTest()
{
string password = "******";
string salt = PasswordUtility.GenerateSalt(password.Length);
string hashPassword = PasswordUtility.HashPassword(PasswordUtility.SaltPassword(password, salt));
Assert.That(PasswordUtility.VerifyPassword(hashPassword, password, salt), Is.True);
Assert.That(PasswordUtility.VerifyPassword(hashPassword, "notmypassword", salt), Is.False);
}
// 로그인 처리
private async Task <ErrorCode> ProcessLoginAsync(string emailOrUserName, string password, int timeZoneOffsetFromUTC)
{
if (User.Identity.IsAuthenticated)
{
return(ErrorCode.AlreadyLoggedin);
}
if (emailOrUserName.Length < 2)
{
return(ErrorCode.InvalidUserName);
}
bool isEMail = emailOrUserName.Contains('@');
AccountBasicData basicData = new AccountBasicData();
if (isEMail)
{
if (await basicData.FromDBByEmailAsync(emailOrUserName) == false)
{
return(ErrorCode.InvalidEMail);
}
}
else
{
if (await basicData.FromDBByUserNameAsync(emailOrUserName) == false)
{
return(ErrorCode.InvalidUserName);
}
}
if (PasswordUtility.VerifyPassword(password, basicData.Password) == false)
{
return(ErrorCode.InvalidPassword);
}
var claims = new List <Claim>();
claims.Add(new Claim(ClaimTypes.SerialNumber, basicData.AccountDBKey.ToString()));
claims.Add(new Claim(ClaimTypes.GivenName, basicData.GivenName));
claims.Add(new Claim(ClaimTypes.Surname, basicData.SurName));
claims.Add(new Claim(ClaimTypes.Name, basicData.Username));
claims.Add(new Claim(ClaimTypes.Email, basicData.EMail));
claims.Add(new Claim("TimeZoneOffset", TimeSpan.FromMinutes(timeZoneOffsetFromUTC).ToString()));
var userIdentity = new ClaimsIdentity(claims, "login");
ClaimsPrincipal principal = new ClaimsPrincipal(userIdentity);
await HttpContext.SignInAsync(principal);
return(ErrorCode.Success);
}
// 로그인 처리
private async Task <ErrorCode> ProcessLoginAsync(string email, string password, int timeZoneOffsetFromUTC = 0)
{
if (User.Identity.IsAuthenticated)
{
return(ErrorCode.AlreadyLoggedin);
}
if (email.IsValidEmailAddress() == false)
{
return(ErrorCode.InvalidEMail);
}
UserBasicData basicData = new UserBasicData();
if (await basicData.FromDBByEmailAsync(email) == false)
{
return(ErrorCode.InvalidEMail);
}
if (PasswordUtility.VerifyPassword(password, basicData.Password) == false)
{
return(ErrorCode.InvalidPassword);
}
var claims = new List <Claim>();
claims.Add(new Claim(HenaClaimTypes.UserId, basicData.UserId.ToString()));
claims.Add(new Claim(HenaClaimTypes.GivenName, basicData.GivenName));
claims.Add(new Claim(HenaClaimTypes.Surname, basicData.SurName));
claims.Add(new Claim(HenaClaimTypes.Email, basicData.EMail));
claims.Add(new Claim(HenaClaimTypes.Language, basicData.Language));
claims.Add(new Claim(HenaClaimTypes.TimeZoneId, basicData.TimeZoneId));
claims.Add(new Claim(HenaClaimTypes.TimeZoneOffset, TimeSpan.FromMinutes(timeZoneOffsetFromUTC).ToString()));
var userIdentity = new ClaimsIdentity(claims, "login");
ClaimsPrincipal principal = new ClaimsPrincipal(userIdentity);
await HttpContext.SignInAsync(principal);
Response.Cookies.Delete(HenaClaimTypes.UserId);
Response.Cookies.Append(HenaClaimTypes.UserId, basicData.UserId.ToString());
return(ErrorCode.Success);
}
public IUserIdentity Authenticate(string identity, string password, string @namespace, string scene, ref IDictionary <string, object> parameters)
{
if (string.IsNullOrWhiteSpace(identity))
{
throw new ArgumentNullException(nameof(identity));
}
//创建验证上下文对象
var context = new AuthenticationContext(this, identity, @namespace, scene, parameters);
//激发“Authenticating”事件
this.OnAuthenticating(context);
//获取验证失败的解决器
var attempter = this.Attempter;
//确认验证失败是否超出限制数,如果超出则抛出账号被禁用的异常
if (attempter != null && !attempter.Verify(identity, @namespace))
{
//设置当前上下文的异常
context.Exception = new AuthenticationException(AuthenticationReason.AccountSuspended);
//激发“Authenticated”事件
this.OnAuthenticated(context);
//抛出异常
if (context.Exception != null)
{
throw context.Exception;
}
return(context.User);
}
//获取当前用户的密码及密码向量
var userId = this.GetPassword(identity, @namespace, out var storedPassword, out var storedPasswordSalt, out var status, out var statusTimestamp);
//如果帐户不存在,则抛出异常
if (userId == 0)
{
//设置当前上下文的异常
context.Exception = new AuthenticationException(AuthenticationReason.InvalidIdentity);
//激发“Authenticated”事件
this.OnAuthenticated(context);
//抛出异常
if (context.Exception != null)
{
throw context.Exception;
}
return(null);
}
switch (status)
{
case UserStatus.Unapproved:
//因为账户状态异常而抛出验证异常
context.Exception = new AuthenticationException(AuthenticationReason.AccountUnapproved);
//激发“Authenticated”事件
this.OnAuthenticated(context);
if (context.Exception != null)
{
throw context.Exception;
}
return(context.User);
case UserStatus.Disabled:
//因为账户状态异常而抛出验证异常
context.Exception = new AuthenticationException(AuthenticationReason.AccountDisabled);
//激发“Authenticated”事件
this.OnAuthenticated(context);
if (context.Exception != null)
{
throw context.Exception;
}
return(context.User);
}
//如果验证失败,则抛出异常
if (!PasswordUtility.VerifyPassword(password, storedPassword, storedPasswordSalt, "SHA1"))
{
//通知验证尝试失败
if (attempter != null)
{
attempter.Fail(identity, @namespace);
}
//密码校验失败则抛出验证异常
context.Exception = new AuthenticationException(AuthenticationReason.InvalidPassword);
//激发“Authenticated”事件
this.OnAuthenticated(context);
if (context.Exception != null)
{
throw context.Exception;
}
return(context.User);
}
//通知验证尝试成功,即清空验证失败记录
if (attempter != null)
{
attempter.Done(identity, @namespace);
}
//获取指定用户编号对应的用户对象
context.User = this.DataAccess.Select <IUser>(Condition.Equal(nameof(IUser.UserId), userId)).FirstOrDefault();
//设置凭证有效期的配置策略
if (this.Option != null)
{
context.Parameters["Credential:Option"] = this.Option;
}
//激发“Authenticated”事件
this.OnAuthenticated(context);
if (context.HasParameters)
{
parameters = context.Parameters;
}
//返回成功的验证结果
return(context.User);
}
