private bool IsCardTester(PaymentForm pf, string from)
{
if (!Util.IsHosted || !pf.CreditCard.HasValue())
{
return(false);
}
var hash = Pbkdf2Hasher.HashString(pf.CreditCard);
CurrentDatabase.InsertIpLog(Request.UserHostAddress, hash);
if (pf.IsProblemUser())
{
return(LogRogueUser("Problem User", from));
}
var iscardtester = ConfigurationManager.AppSettings["IsCardTester"];
if (!iscardtester.HasValue())
{
return(false);
}
var result = CurrentDatabase.Connection.ExecuteScalar <string>(iscardtester, new { ip = Request.UserHostAddress });
if (result.Equal("OK"))
{
return(false);
}
return(LogRogueUser(result, from));
}
public ValidateResult Validate(string credentialTypeCode, string identifier, string secret)
{
CredentialType credentialType = _context.CredentialType.FirstOrDefault(ct => ct.Code.ToLower() == credentialTypeCode.ToLower());
if (credentialType == null)
{
return(new ValidateResult(success: false, error: ValidateResultError.CredentialTypeNotFound));
}
Credential credential = _context.Credential.FirstOrDefault(c => c.CredentialTypeId == credentialType.Id && c.Identifier == identifier);
if (credential == null)
{
return(new ValidateResult(success: false, error: ValidateResultError.CredentialNotFound));
}
if (!string.IsNullOrEmpty(secret))
{
byte[] salt = Convert.FromBase64String(credential.Extra);
string hash = Pbkdf2Hasher.ComputeHash(secret, salt);
if (credential.Secret != hash)
{
return(new ValidateResult(success: false, error: ValidateResultError.SecretNotValid));
}
}
return(new ValidateResult(user: _context.Users.Find(credential.UserId), success: true));
}
public SignUpResult SignUp(UserModel user, string credentialTypeCode, string identifier, string secret)
{
_context.Users.Add(user);
_context.SaveChanges();
CredentialType credentialType = _context.CredentialType.FirstOrDefault(ct => ct.Code.ToLower() == credentialTypeCode.ToLower());
if (credentialType == null)
{
return(new SignUpResult(success: false, error: SignUpResultError.CredentialTypeNotFound));
}
Credential credential = new Credential();
credential.UserId = user.ID;
credential.CredentialTypeId = credentialType.Id;
credential.Identifier = identifier;
if (!string.IsNullOrEmpty(secret))
{
byte[] salt = Pbkdf2Hasher.GenerateRandomSalt();
string hash = Pbkdf2Hasher.ComputeHash(secret, salt);
credential.Secret = hash;
credential.Extra = Convert.ToBase64String(salt);
}
_context.Credential.Add(credential);
_context.SaveChanges();
return(new SignUpResult(user: user, success: true));
}
private bool IsCardTester(PaymentForm pf, string from)
{
if (!Util.IsHosted || !pf.CreditCard.HasValue())
{
return(false);
}
var hash = Pbkdf2Hasher.HashString(pf.CreditCard);
var db = DbUtil.Db;
db.InsertIpLog(HttpContextFactory.Current.Request.UserHostAddress, hash);
if (pf.IsProblemUser())
{
return(OnlineRegController.LogRogueUser("Problem User", from));
}
var iscardtester = ConfigurationManager.AppSettings["IsCardTester"];
if (!iscardtester.HasValue())
{
return(false);
}
var result = db.Connection.ExecuteScalar <string>(iscardtester, new { ip = HttpContextFactory.Current.Request.UserHostAddress });
if (result.Equal("OK"))
{
return(false);
}
return(OnlineRegController.LogRogueUser(result, from));
}
public ChangeSecretResult ChangeSecret(string credentialTypeCode, string identifier, string secret)
{
CredentialType credentialType = _context.CredentialType.FirstOrDefault(ct => ct.Code.ToLower() == credentialTypeCode.ToLower());
if (credentialType == null)
{
return(new ChangeSecretResult(success: false, error: ChangeSecretResultError.CredentialTypeNotFound));
}
Credential credential = _context.Credential.FirstOrDefault(c => c.CredentialTypeId == credentialType.Id && c.Identifier == identifier);
if (credential == null)
{
return(new ChangeSecretResult(success: false, error: ChangeSecretResultError.CredentialNotFound));
}
byte[] salt = Pbkdf2Hasher.GenerateRandomSalt();
string hash = Pbkdf2Hasher.ComputeHash(secret, salt);
credential.Secret = hash;
credential.Extra = Convert.ToBase64String(salt);
_context.Credential.Update(credential);
_context.SaveChanges();
return(new ChangeSecretResult(success: true));
}
public Credential Map(CredentialFilter filter, Credential credential, CreateOrEditViewModel createOrEdit)
{
if (credential.Id == 0)
{
credential.UserId = (int)filter.User.Id;
}
credential.CredentialTypeId = createOrEdit.CredentialTypeId;
credential.Identifier = createOrEdit.Identifier;
if (!string.IsNullOrEmpty(createOrEdit.Secret))
{
if (createOrEdit.ApplyPbkdf2HashingToSecret)
{
byte[] salt = Pbkdf2Hasher.GenerateRandomSalt();
string hash = Pbkdf2Hasher.ComputeHash(createOrEdit.Secret, salt);
credential.Secret = hash;
credential.Extra = Convert.ToBase64String(salt);
}
else
{
credential.Secret = createOrEdit.Secret;
}
}
return(credential);
}
/// <summary>
/// Enable: app__NoAccountLocalhost
/// </summary>
/// <param name="context"></param>
public async Task Invoke(HttpContext context)
{
var isHostLocal = IsLocalhost.IsHostLocalHost(context.Connection.LocalIpAddress, context.Connection.RemoteIpAddress);
var isApiCall = context.Request.Path.HasValue && (context.Request.Path.Value.StartsWith("/api") ||
context.Request.Path.Value.StartsWith("/realtime"));
var isFromLogoutCall = context.Request.QueryString.HasValue &&
context.Request.QueryString.Value.Contains("fromLogout");
if (isHostLocal && !context.User.Identity.IsAuthenticated && !isApiCall && !isFromLogoutCall)
{
var userManager = (IUserManager)context.RequestServices.GetService(typeof(IUserManager));
var user = userManager.GetUser("email", Identifier);
if (user == null)
{
var newPassword = Convert.ToBase64String(
Pbkdf2Hasher.GenerateRandomSalt());
await userManager.SignUpAsync(string.Empty,
"email", Identifier, newPassword + newPassword);
user = userManager.GetUser("email", Identifier);
}
await userManager.SignIn(context, user, true);
}
await _next.Invoke(context);
}
public ChangeSecretResult ChangeSecret(string credentialTypeCode, string identifier, string secret)
{
var credentialType = _dbContext.CredentialTypes.FirstOrDefault(
ct => ct.Code.ToLower().Equals(credentialTypeCode.ToLower()));
if (credentialType == null)
{
return(new ChangeSecretResult(success: false, error: ChangeSecretResultError.CredentialTypeNotFound));
}
Credential credential = _dbContext.Credentials.TagWith("ChangeSecret").FirstOrDefault(
c => c.CredentialTypeId == credentialType.Id && c.Identifier == identifier);
if (credential == null)
{
return(new ChangeSecretResult(success: false, error: ChangeSecretResultError.CredentialNotFound));
}
var salt = Pbkdf2Hasher.GenerateRandomSalt();
var hash = Pbkdf2Hasher.ComputeHash(secret, salt);
credential.Secret = hash;
credential.Extra = Convert.ToBase64String(salt);
_dbContext.Credentials.Update(credential);
_dbContext.SaveChanges();
if (IsCacheEnabled())
{
_cache.Set(CredentialCacheKey(credentialType, identifier),
credential, new TimeSpan(99, 0, 0));
}
return(new ChangeSecretResult(success: true));
}
public static void Initialize(TestContext testContext)
{
ApplicationUserValidator = new ApplicationUserValidator();
FollowerValidator = new FollowerValidator();
CredentialValidator = new CredentialValidator();
CredentialTypeValidator = new CredentialTypeValidator();
RoleValidator = new RoleValidator();
UserRoleValidator = new UserRoleValidator();
RolePermissionValidator = new RolePermissionValidator();
PermissionValidator = new PermissionValidator();
Hasher = new Pbkdf2Hasher();
SaltGenerator = new RandomSaltGenerator();
}
public IActionResult ChangePassword(ChangeSecretDto model)
{
var currentUser = _partnerManager.GetPartnerById(this.HttpContext.User.Identity.Name);
if (currentUser.Status.Id > 2)
{
return(Unauthorized(new ApiResponse(-3100, "Sorry, your account is not in correct state")));
}
if (currentUser.LockTime > DateTime.Now)
{
return(Unauthorized(new ApiResponse(-3101, $"Sorry, your account is suspended for {Utility.HowMuchLeftTime(currentUser.LockTime)}")));
}
if (!System.Text.RegularExpressions.Regex.IsMatch(model.newSecret.ToString(), "^[0-9]{4,6}$"))
{
return(BadRequest(new ApiResponse(-3102, $"Sorry, new secret was invalid")));
}
byte[] salt = Convert.FromBase64String(currentUser.Extra);
string hash = Pbkdf2Hasher.ComputeHash(model.oldSecret.ToString(), salt);
if (currentUser.Pwd != hash)
{
return(BadRequest(new ApiResponse(-3103, "Sorry, incorrect credentials")));
}
byte[] newSalt = Pbkdf2Hasher.GenerateRandomSalt();
string newHash = Pbkdf2Hasher.ComputeHash(model.newSecret.ToString(), newSalt);
var changeSecret = new ChangeSecretHistory();
changeSecret.CreatedBy.Id = currentUser.Id;
changeSecret.CreatedBy.Account = currentUser.Account;
changeSecret.AccessChannel.Id = "api";
changeSecret.OldSalt = currentUser.Extra;
changeSecret.OldHash = currentUser.Pwd;
changeSecret.NewSalt = Convert.ToBase64String(newSalt);
changeSecret.NewHash = newHash;
changeSecret.ChangeType.Id = "change";
changeSecret.NotifyBy.Id = "none";
changeSecret.PartAppUser.Id = currentUser.Id;
changeSecret.PartAppUser.Account = currentUser.Account;
var result = new ChangeSecretHistoryRepo(_db, _partnerManager, null).Create(changeSecret);
//var result = _partnerManager.ChangePwd(currentUser.Account, currentUser.Id, model.newSecret.ToString(), false);
if (!result.Success)
{
return(BadRequest(new ApiResponse(-3104, $"Sorry, change secrect was failed, please try later")));
}
return(Ok(new ApiResponse(0, $"Changed successfully")));
}
public static void Initialize(TestContext testContext)
{
MemeValidator = new MemeValidator();
ApplicationUserValidator = new ApplicationUserValidator();
FollowerValidator = new FollowerValidator();
CredentialValidator = new CredentialValidator();
CredentialTypeValidator = new CredentialTypeValidator();
RoleValidator = new RoleValidator();
UserRoleValidator = new UserRoleValidator();
RolePermissionValidator = new RolePermissionValidator();
PermissionValidator = new PermissionValidator();
MemeFetcherService = new LocalMemeFetcherService();
SharedMemeValidator = new SharedMemeValidator();
CommentValidator = new CommentValidator();
Hasher = new Pbkdf2Hasher();
SaltGenerator = new RandomSaltGenerator();
}
/// <summary>
/// Is the username and password combination correct
/// </summary>
/// <param name="credentialTypeCode">default: email</param>
/// <param name="identifier">email</param>
/// <param name="secret">password</param>
/// <returns>status</returns>
public async Task <ValidateResult> ValidateAsync(string credentialTypeCode,
string identifier, string secret)
{
var credentialType = CachedCredentialType(credentialTypeCode);
if (credentialType == null)
{
return(new ValidateResult(success: false, error: ValidateResultError.CredentialTypeNotFound));
}
var credential = CachedCredential(credentialType, identifier);
if (credential == null)
{
return(new ValidateResult(success: false, error: ValidateResultError.CredentialNotFound));
}
// No Password
if (string.IsNullOrWhiteSpace(secret))
{
return(new ValidateResult(success: false, error: ValidateResultError.SecretNotValid));
}
var userData = (await AllUsersAsync()).FirstOrDefault(p => p.Id == credential.UserId);
if (userData == null)
{
return(new ValidateResult(success: false, error: ValidateResultError.UserNotFound));
}
if (userData.LockoutEnabled && userData.LockoutEnd >= DateTime.UtcNow)
{
return(new ValidateResult(success: false, error: ValidateResultError.Lockout));
}
// To compare the secret
byte[] salt = Convert.FromBase64String(credential.Extra);
string hashedPassword = Pbkdf2Hasher.ComputeHash(secret, salt);
if (credential.Secret == hashedPassword)
{
return(await ResetAndSuccess(userData.AccessFailedCount, credential.UserId, userData));
}
return(await SetLockIfFailedCountIsToHigh(credential.UserId));
}
public Credential Map(CreateOrEditViewModel createOrEdit)
{
Credential credential = new Credential();
if (createOrEdit.Id != null)
{
credential = this.RequestHandler.Storage.GetRepository <ICredentialRepository>().WithKey((int)createOrEdit.Id);
}
else
{
credential.UserId = createOrEdit.UserId;
}
credential.CredentialTypeId = createOrEdit.CredentialTypeId;
credential.Identifier = createOrEdit.Identifier;
if (!string.IsNullOrEmpty(createOrEdit.Secret))
{
if (createOrEdit.ApplyPbkdf2HashingToSecret)
{
byte[] salt = Pbkdf2Hasher.GenerateRandomSalt();
string hash = Pbkdf2Hasher.ComputeHash(createOrEdit.Secret, salt);
credential.Secret = hash;
credential.Extra = Convert.ToBase64String(salt);
}
else
{
credential.Secret = createOrEdit.Secret;
}
}
return(credential);
}
public ActionResult <UserDto> Login(LoginDto loginDto)
{
var remoteIpAddress = Request.HttpContext.Connection.RemoteIpAddress;
var partnerResult = this._partnerManager.Validate(loginDto.UserId);
if (!partnerResult.Success)
{
var response = Unauthorized(new ApiResponse(401));
_apiDbLog.Create(new ApiLogFile {
Data = JsonSerializer.Serialize(response), Action = "login", Ip = remoteIpAddress.ToString(),
Level = 0, User = loginDto.UserId
});
return(response);
}
if (new ApiIPBlacklistRepo(_db).isBlacklisted(remoteIpAddress.ToString()))
{
var response = Unauthorized(new ApiResponse(401));
_apiDbLog.Create(new ApiLogFile {
Data = $" blacklist ip {JsonSerializer.Serialize(response)}", Action = "login", Ip = remoteIpAddress.ToString(), Level = 0, User = loginDto.UserId
});
return(Unauthorized(new ApiResponse(401)));
}
if (partnerResult.Partner.IPAddress != remoteIpAddress.ToString())
{
new ApiIPBlacklistRepo(_db).Create(new ApiIPBlacklist {
IPAddress = remoteIpAddress.ToString()
});
return(Unauthorized(new ApiResponse(401)));
}
if (partnerResult.Partner.Status.Id > 2)
{
return(Unauthorized(new ApiResponse(401, "Sorry, your account is not in correct state")));
}
if (partnerResult.Partner.LockTime > DateTime.Now)
{
return(Unauthorized(new ApiResponse(401, $"Sorry, your account is suspended for {Utility.HowMuchLeftTime(partnerResult.Partner.LockTime)}")));
}
byte[] salt = Convert.FromBase64String(partnerResult.Partner.Extra);
string hash = Pbkdf2Hasher.ComputeHash(loginDto.Password, salt);
if (partnerResult.Partner.Pwd != hash)
{
bool lockAccount = partnerResult.Partner.WrongPwdAttempts >= 2;
_partnerManager.IncreaseWrongPwdAttempts(partnerResult.Partner.Id, lockAccount);
return(BadRequest(new ApiResponse(400, "Sorry, incorrect credentials")));
}
_partnerManager.PreSuccessLogin(partnerResult.Partner.Id);
var user = new AppUser
{
Account = partnerResult.Partner.Account,
Id = partnerResult.Partner.Id,
Name = partnerResult.Partner.Name
};
return(new UserDto
{
Id = user.Id,
Token = _tokenService.CreateToken(user),
Account = user.Account
});
}
/// <summary>
/// Add a new user, including Roles and UserRoles
/// </summary>
/// <param name="name">Nice Name, default string.Emthy</param>
/// <param name="credentialTypeCode">default is: Email</param>
/// <param name="identifier">an email address, e.g. [email protected]</param>
/// <param name="secret">Password</param>
/// <returns>result object</returns>
public async Task <SignUpResult> SignUpAsync(string name,
string credentialTypeCode, string identifier, string secret)
{
var credentialType = await AddDefaultCredentialType(credentialTypeCode);
var roles = AddDefaultRoles();
AddDefaultPermissions();
AddDefaultRolePermissions();
if (string.IsNullOrEmpty(identifier) || string.IsNullOrEmpty(secret))
{
return(new SignUpResult(success: false, error: SignUpResultError.NullString));
}
// The email is stored in the Credentials database
var user = Exist(identifier);
if (user == null)
{
// Check if user not already exist
var createdDate = DateTime.UtcNow;
user = new User
{
Name = name,
Created = createdDate
};
await _dbContext.Users.AddAsync(user);
await _dbContext.SaveChangesAsync();
await AddUserToCache(user);
// to get the Id
user = await _dbContext.Users.FirstOrDefaultAsync(p => p.Created == createdDate);
if (user == null)
{
throw new AggregateException("user should not be null");
}
}
// Add a user role based on a user id
AddToRole(user, roles.FirstOrDefault(p => p.Code == _appSettings.AccountRegisterDefaultRole.ToString()));
if (credentialType == null)
{
return(new SignUpResult(success: false, error: SignUpResultError.CredentialTypeNotFound));
}
var credential = await _dbContext.Credentials.FirstOrDefaultAsync(p => p.Identifier == identifier);
if (credential != null)
{
return(new SignUpResult(user: user, success: true));
}
// Check if credential not already exist
credential = new Credential
{
UserId = user.Id,
CredentialTypeId = credentialType.Id,
Identifier = identifier
};
byte[] salt = Pbkdf2Hasher.GenerateRandomSalt();
string hash = Pbkdf2Hasher.ComputeHash(secret, salt);
credential.Secret = hash;
credential.Extra = Convert.ToBase64String(salt);
await _dbContext.Credentials.AddAsync(credential);
await _dbContext.SaveChangesAsync();
return(new SignUpResult(user: user, success: true));
}
