Ejemplo n.º 1
0
        public static UserModel GetUserFromCookie(HttpRequest request)
        {
            if (!request.Cookies.TryGetValue(UserTokenKey, out var token))
            {
                return(null);
            }
            var ual  = new UserAccessLayer();
            var user = ual.GetUserByToken(token);

            if (user == null)
            {
                return(null);
            }

            var now = DateTime.Now;

            if (now > user.TokenDate)
            {
                return(null);
            }

            user.TokenDate = now.AddMinutes(ValidTokenDuration);
            ual.UpdateUser(user);

            return(user);
        }
Ejemplo n.º 2
0
        public async Task <ActionResult> Index(RegisterFormModel userInput)
        {
            if (StateHelper.GetUserFromCookie(Request) != null)
            {
                return(RedirectToAction(nameof(Index)));
            }

            if (!ModelState.IsValid || !userInput.IsValid())
            {
                return(View("Login"));
            }

            try
            {
                var ual  = new UserAccessLayer();
                var user = await ual.GetUserByUsername(userInput.Username);

                if (user == null)
                {
                    ViewData["Error"] = "Invalid username or password.";
                    return(View("Login"));
                }

                if (user.LoginAttempts > 3)
                {
                    ViewData["Error"] = "Account has been locked.";
                    return(View("Login"));
                }

                var passwordHash = Crypto.CalculateArgon2Hash(userInput.Password, user.HashSalt);
                if (!Crypto.SecureCompareByteArrays(passwordHash, user.PasswordHash))
                {
                    ViewData["Error"] = "Invalid username or password.";
                    user.LoginAttempts++;
                    await ual.UpdateUser(user);

                    return(View("Login"));
                }

                user.Token         = StateHelper.GenerateUniqueToken();
                user.TokenDate     = DateTime.Now.AddMinutes(StateHelper.ValidTokenDuration);
                user.LoginAttempts = 0;
                await ual.UpdateUser(user);

                StateHelper.SetUserCookie(user, Response);

                return(RedirectToAction(nameof(Index)));
            }
            catch
            {
                ViewData["Error"] = "An unknown error has occured.";
                return(View("Login"));
            }
        }
Ejemplo n.º 3
0
 public bool LogIn(string login, string password)
 {
     try
     {
         UserId = new UserAccessLayer().SelectId(login, password);
         return(true);
     }
     catch
     {
         return(false);
     }
 }
Ejemplo n.º 4
0
        public static string GenerateUniqueToken()
        {
            var ual = new UserAccessLayer();

            while (true)
            {
                var token = Crypto.GenerateRandomString(TokenLength);
                if (!ual.DoesTokenExist(token))
                {
                    return(token);
                }
            }
        }
Ejemplo n.º 5
0
        public async Task <ActionResult> Logout()
        {
            var user = StateHelper.GetUserFromCookie(Request);

            if (user == null)
            {
                return(View("Login"));
            }

            var ual = new UserAccessLayer();

            user.TokenDate = DateTime.Now;
            await ual.UpdateUser(user);

            return(View("Login"));
        }
Ejemplo n.º 6
0
        public async Task <ActionResult> Register(RegisterFormModel userInput)
        {
            if (StateHelper.GetUserFromCookie(Request) != null)
            {
                return(RedirectToAction(nameof(Index)));
            }
            if (!ModelState.IsValid || !userInput.IsValid())
            {
                return(View());
            }

            try
            {
                var ual = new UserAccessLayer();
                if (await ual.GetUserByUsername(userInput.Username) != null)
                {
                    ViewData["Error"] = "A user with that username already exists";
                    return(View());
                }

                if (userInput.Username.Length < 3)
                {
                    ViewData["Error"] = "Your username must have at least 3 characters";
                    return(View());
                }

                if (!Regex.IsMatch(userInput.Password, @"^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z\d]).{10,}$"))
                {
                    ViewData["Error"] =
                        "Your password must contain at least 1 number, 1 uppercase letter, 1 lowercase letter, 1 special character and must be at least 10 characters long.";
                    return(View());
                }

                if (userInput.Password.Length > 128)
                {
                    ViewData["Error"] = "Your password cannot be longer than 128 characters";
                    return(View());
                }

                var token        = StateHelper.GenerateUniqueToken();
                var hashSalt     = Crypto.GenerateRandomString(64);
                var passwordHash = Crypto.CalculateArgon2Hash(userInput.Password, hashSalt);
                var user         = new UserModel
                {
                    Username     = userInput.Username,
                    HashSalt     = hashSalt,
                    PasswordHash = passwordHash,
                    Token        = token,
                    TokenDate    = DateTime.Now.AddMinutes(StateHelper.ValidTokenDuration),
                    Role         = UserRole.User
                };

                if (!await ual.AddUser(user))
                {
                    return(View());
                }

                StateHelper.SetUserCookie(user, Response);
                return(RedirectToAction(nameof(Index)));
            }
            catch
            {
                ViewData["Error"] = "An unknown error has occured.";
                return(View());
            }
        }