public IActionResult Log([FromForm] PersonViewModel personViewModel)
{
try
{
PersonLogin personLogin = _baseRepository.GetAllData()
.FirstOrDefault(p => p.UserName == personViewModel.UserName);
if (personLogin != null)
{
byte[] password = Encoding.ASCII.GetBytes(personViewModel.Password);
byte[] salt = personLogin.PasswordSalt;
byte[] encryptPass = EncryptionService.GenerateHash(password, salt);
if (personLogin.PasswordHash.SequenceEqual(encryptPass))
{
TempData.PutExt(nameof(PersonLogin), personLogin);
return(Redirect($"/User/UserIndex/{personLogin.Id}"));
}
}
}
catch (Exception)
{
ViewData[ErrorMessageConst.LoginErrorKey] = ErrorMessageConst.LoginError;
//TODO: criar método de extensão que salva em banco os logs de erro
}
ViewData[ErrorMessageConst.LoginErrorKey] = ErrorMessageConst.LoginError;
return(View("LoginIndex"));
}
public bool AuthenticateByUsername(string Username)
{
PersonLogin domainPersonLogin = null;
LDAPConfig objLDAPConfig = new LDAPConfig
{
IsConfigured = true,
IsAuthByPassword = true,
LDAPPath = "LDAP://JTINDIA.COM",
UserName = "******",
Password = "******",
ModifiedBy = 1,
ModifiedDate = new DateTime()
};
string userName = Username;
if (!string.IsNullOrWhiteSpace(userName))
{
// bool isValidLDAPUser = new LDAPAuthentication(objLDAPConfig.LDAPPath, objLDAPConfig.UserName, Encryption.DecryptText(objLDAPConfig.Password)).AuthenticateWithUserName(userName);
bool isValidLDAPUser = new LDAPAuthentication(objLDAPConfig.LDAPPath, objLDAPConfig.UserName, objLDAPConfig.Password).AuthenticateWithUserName(userName);
if (isValidLDAPUser)
{
domainPersonLogin = new PersonLogin
{
IsLDAPUser = true,
Password = "",
UserName = ""
};
}
}
return(true);
}
public void OnSuccess(Java.Lang.Object result)
{
login = new PersonLogin(firebaseAuth.CurrentUser.DisplayName, firebaseAuth.CurrentUser.Email, firebaseAuth.CurrentUser.PhotoUrl.Path);
Toast.MakeText(this, "Добро пожаловать, " + login.Name, ToastLength.Short).Show();
Preferences.Set("userName", PersonLogin.NameStatic);
Preferences.Set("userEmail", PersonLogin.EmailStatic);
Preferences.Set("userPhoto", PersonLogin.PhotoUrlStatic);
}
protected void Page_Load(object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
{
Response.Redirect("PersonList.aspx");
}
((Button)PersonLogin.FindControl("LoginButton")).Click += new System.EventHandler(PersonLogin_ServerClick);
}
public async Task <ActionResult> Login(PersonLogin userLogin)
{
try
{
return(StatusCode(200, await _personService.Login(userLogin, new Token())));
}
catch (EntityNotFound err)
{
return(StatusCode(401, new {
Message = err.Message
}));
}
}
public async Task<PersonJwt> Login(PersonLogin personLogin, IToken token)
{
IPerson loggedPerson;
if (personLogin.Document.Length >= 11)
loggedPerson = await personRepository.FindByDocumentAndPassword<User>(personLogin.Document, personLogin.Password, Convert.ToInt16(PersonRole.User));
else loggedPerson = await personRepository.FindByDocumentAndPassword<Operator>(personLogin.Document, personLogin.Password, Convert.ToInt16(PersonRole.Operator));
if (loggedPerson == null) throw new EntityNotFound("Documento e senha inválidos");
return new PersonJwt()
{
Id = loggedPerson.Id,
Name = loggedPerson.Name,
Document = loggedPerson.Document,
Role = loggedPerson.Role.ToString(),
Token = token.GerarToken(loggedPerson)
};
}
public async Task <IActionResult> Login([FromBody] PersonLogin person)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
var user = await _userManager.FindByNameAsync(person.UserName);
if (user != null)
{
var result = await _signinManager.PasswordSignInAsync(user, person.Password, false, false);
if (result.Succeeded)
{
return(Ok(result));
}
}
return(null);
}
public ActionResult Index([Bind(Include = "userName, password")] PersonLogin pl)
{
int res = db.usp_Login(pl.userName, pl.password);
int personKey = 0;
Message message = new Message();
if (res == -1)
{
message.messageText = "Invalid login.";
Response.AddHeader("Refresh", "3;url=login");
}
else
{
var pkey = (from r in db.People where r.PersonEmail.Equals(pl.userName) select r.PersonKey).FirstOrDefault();
var firstName = (from r in db.People where r.PersonEmail.Equals(pl.userName) select r.PersonFirstName).FirstOrDefault();
personKey = (int)pkey;
Session["PersonKey"] = personKey;
message.messageText = "Welcome " + (string)firstName;
}
return(View("Result", message));
}
public ActionResult Index([Bind(Include = "email, password")] PersonLogin pl)
{
int res = db.usp_Login(pl.email, pl.password);
int personKey = 0;
Message message = new Message();
bool isEmployee = false;
if (res == -1)
{
message.text = "Sorry, your email/password is incorrect. Please try it one more time.";
Response.AddHeader("Refresh", "3;url=login");
}
else
{
var personItem = (from r in db.People where r.PersonEmail.Equals(pl.email) select r).FirstOrDefault();
personKey = (int)personItem.PersonKey;
var firstName = personItem.PersonFirstName;
var emKey = (from e in db.Employees where e.PersonKey == personKey select e.EmployeeKey).FirstOrDefault();
isEmployee = ((int)emKey) == personKey;
//TODO: Not try with an employee account.
if (isEmployee)
{
message.text = String.Format("Welcome employee {0}, you can go to check the menu.", firstName);
//Response.AddHeader("Refresh", "3;url=product");
}
else
{
message.text = String.Format("Welcome customer {0}, get some delicous bakery with good price.", firstName);
Response.AddHeader("Refresh", "3;url=sales");
}
Session["PersonKey"] = personKey;
Session["isEmployee"] = isEmployee;
}
return(View("Result", message));
}
public IActionResult SaveAccount([FromForm] PersonViewModel PersonViewModel)
{
byte[] password = Encoding.ASCII.GetBytes(PersonViewModel.Password);
byte[] repeatPassword = Encoding.ASCII.GetBytes(PersonViewModel.RepeatPassword);
if (password.SequenceEqual(repeatPassword))
{
var collection = _baseRepository.GetAllData().ToList();
bool newUser = !collection.Exists(p => p.UserName == PersonViewModel.UserName);
//TODO: https://www.mking.net/blog/password-security-best-practices-with-examples-in-csharp
if (newUser)
{
byte[] salt = EncryptionService.GenerateSalt(10);
byte[] encryptPass = EncryptionService.GenerateHash(password, salt);
var personLogin = new PersonLogin
{
PasswordHash = encryptPass,
PasswordSalt = salt,
PasswordIterations = 10,
UserName = PersonViewModel.UserName,
};
_baseRepository.Add(personLogin);
//TODO: substituir depois para informações visuais mais precisas
// retirar os badrequest e por avisos de que determinado campo está errado ou que a conta já existe
return(Redirect("/Login/LoginIndex"));
}
}
return(new BadRequestResult());
}
public OperationStatus Enroll(EnrollmentRequest enrollmentRequest)
{
try
{
using (var unitOfWork = unitOfWorkFactory.CreateUnitOfWork())
{
// Verify that the provided enrollment data matches a person in the system
var personQueryable = unitOfWork.Persons.GetQueryable()
.Where(p =>
p.LastName == enrollmentRequest.LastName &&
p.Accounts.Any(a => a.Account.AccountNumber == enrollmentRequest.AccountNumber));
if (personQueryable.Any())
{
var person = personQueryable.First();
// Verify that the person does not already have an account
var personLoginQueryable = unitOfWork.PersonLogins.GetQueryable()
.Where(p => p.PersonID == person.PersonID);
if (personLoginQueryable.Any())
{
return(new OperationStatus {
Success = false, Messages = new List <string> {
"The holder of this account is already registered in the system."
}
});
}
else
{
// Verify that the username is not already used
personLoginQueryable = unitOfWork.PersonLogins.GetQueryable()
.Where(p => p.LoginID.ToLower() == enrollmentRequest.Username.ToLower());
if (personLoginQueryable.Any())
{
return(new OperationStatus {
Success = false, Messages = new List <string> {
"The username is already in use."
}
});
}
else
{
var passwordValidationStatus = PasswordUtils.ValidatePassword(enrollmentRequest.Password);
if (passwordValidationStatus.Success)
{
var personLogin = new PersonLogin();
personLogin.PersonID = person.PersonID;
personLogin.LoginID = enrollmentRequest.Username;
// The stored password will be a hash based on a salt and the password provided
var salt = PasswordUtils.CreateSalt(PASSWORD_SALT_SIZE);
personLogin.Salt = salt;
personLogin.HashedPassword = PasswordUtils.GenerateHashedPassword(enrollmentRequest.Password, salt);
unitOfWork.PersonLogins.Add(personLogin);
unitOfWork.Commit();
return(new OperationStatus {
Success = true
});
}
else
{
return(passwordValidationStatus);
}
}
}
}
else
{
return(new OperationStatus {
Success = false, Messages = new List <string> {
"There is no one in the system that matches the information provided"
}
});
}
}
}
catch (Exception e)
{
return(OperationStatus.CreateFromException("Error deleting person.", e));
}
}
