public ISession Login(string username, string password)
{
Utility.Username_Check(username);
Utility.Password_Check(password);
using (var context = new SiteContext(_connectionString))
using (SHA256 sha256 = SHA256.Create())
{
var site = context.Sites.SingleOrDefault(a => a.SiteName == Name);
if (site is null)
throw new InvalidOperationException();
var user = site.Users.SingleOrDefault(a => a.Username == username);
if (user is null || user.Password != Utility.Hash(sha256,password))
return null;
var session = site.Sessions.SingleOrDefault(a => a.User.Username == username);
if (session is null)
{
var id = Guid.NewGuid().ToString();
var tupla = new SessionDb()
{
Id = id,
ValidUntil = _alarmClock.Now.AddSeconds(site.SessionExpirationTimeInSeconds),
User = user,
SiteName = Name
};
context.Sessions.Add(tupla);
context.SaveChanges();
return new Session(_connectionString, _alarmClock, tupla.Id, tupla.ValidUntil, new User(username, this, _connectionString, _alarmClock), this);
}
session.ValidUntil = _alarmClock.Now.AddSeconds(site.SessionExpirationTimeInSeconds);
context.SaveChanges();
return GetSession(session.Id);
}
}
public void Dispose()
{
if (null != SessionDb)
{
SessionDb.Dispose();
SessionDb = null;
}
}
public void Logout(SessionDb sessionDb)
{
context.Response.Cookies.Delete(AUTH_SESSION);
dbContext.Sessions.Remove(sessionDb);
// Fix: Currently we have to null out any refrences to sessions. Is there a way to say that references might be invalid?
var messages = dbContext.Messages.Include(x => x.Session).Where(x => x.Session.Id == sessionDb.Id).ToList();
dbContext.SaveChanges();
}
public long NewSession(int userId)
{
using (var transaction = _dbContext.Database.BeginTransaction())
{
var sessionDb = new SessionDb(userId)
{
Active = true
};
_dbContext.Sessions.Add(sessionDb);
_dbContext.SaveChanges();
transaction.Commit();
return(sessionDb.Id);
}
}
public void SetSession(SessionDb newSession)
{
if (newSession == null)
{
throw new Exception("Trying to set null session");
}
if (session != null)
{
throw new Exception("Session has already been set");
}
session = newSession;
}
private SessionDb GenerateSession(UserDb user)
{
var newRefreshKey = GetRandom(47);
var newRefreshSalt = GetRandom(17);
var newSessionKey = GetRandom(32);
var newSessionDb = new SessionDb
{
User = user,
Created = DateTime.UtcNow,
SessionKey = newSessionKey,
RefreshKey = GetRefreshKeyHashed(newRefreshKey, newRefreshSalt),
RefreshSalt = newRefreshSalt,
};
dbContext.Sessions.Add(newSessionDb);
dbContext.SaveChanges();
var newSessionDto = new SessionDto
{
Id = newSessionDb.Id,
SessionKey = Convert.ToBase64String(newSessionKey),
RefreshKey = Convert.ToBase64String(newRefreshKey),
};
var authOptions = new CookieOptions
{
MaxAge = TimeSpan.FromDays(61),
SameSite = SameSiteMode.Strict,
Secure = true,
HttpOnly = true,
};
var sessionJson = JsonSerializer.Serialize(newSessionDto);
var sessionJsonBytes = System.Text.Encoding.UTF8.GetBytes(sessionJson);
var sessionBase64 = Convert.ToBase64String(sessionJsonBytes);
context.Response.Cookies.Append(AUTH_SESSION, sessionBase64, authOptions);
return(newSessionDb);
}
