public async Task <User> TryLogin(UserManagement.Data.UserManagementContext _context)
{
if (string.IsNullOrEmpty(Username) || string.IsNullOrEmpty(Password))
{
return(null);
}
// set up LINQ for search
IQueryable <User> users = from u in _context.User select u;
// narrow down by username
var User = users.AsEnumerable().Where(
u => u.Username.Equals(this.Username)
).ToList();
if (!User.Any())
{
return(null);
}
if (User.Count > 1)
{
return(null);
}
var Account = User.Single();
Hasher hasher = new Hasher();
string tryPass = hasher.HashPassword(this.Password, Account.Salt, 100, 32);
// check if password matches
if (Account.Password == tryPass)
{
return(Account);
}
else
{
return(null);
}
}
public LoginModel(UserManagement.Data.UserManagementContext context)
{
_context = context;
}
public UsernameModel(UserManagement.Data.UserManagementContext context)
{
_context = context;
}
public PasswordModel(UserManagement.Data.UserManagementContext context)
{
_context = context;
}
public IndexModel(UserManagement.Data.UserManagementContext context)
{
_context = context;
}
public ActivateModel(UserManagement.Data.UserManagementContext context)
{
_context = context;
}
public async Task <bool> TrySignup(UserManagement.Data.UserManagementContext _context)
{
// verify all fields filled
if (string.IsNullOrEmpty(Email) || string.IsNullOrEmpty(Username) || string.IsNullOrEmpty(Password) ||
string.IsNullOrEmpty(FirstName) || string.IsNullOrEmpty(LastName))
{
return(false);
}
Username = Username.ToLower();
Email = Email.ToLower();
// make sure not already in use
if (_context.User.Count() > 0 && (_context.User.Any(u => u.Username == this.Username || u.Email == this.Email)))
{
return(false);
}
// verify questions
foreach (var q in SecurityQuestions)
{
if (string.IsNullOrEmpty(q.Question))
{
return(false);
}
q.QuestionID = _context.SecurityQuestion.Where(x => x.Question == q.Question).FirstOrDefault().QuestionID;
}
// verify answers
for (int i = 0; i < SecurityAnswers.Count(); i++)
{
var a = SecurityAnswers[i];
a.QuestionID = SecurityQuestions[i].QuestionID;
if (string.IsNullOrEmpty(a.Answer))
{
return(false);
}
}
// generate salt and password
Hasher hasher = new Hasher();
string Salt = hasher.GenerateSalt(32);
this.Password = hasher.HashPassword(this.Password, Salt, 100, 32);
User NewUser;
try
{
NewUser = new User
{
Username = this.Username
,
FirstName = this.FirstName
,
LastName = this.LastName
,
Email = this.Email
,
Salt = Salt
,
Password = this.Password
};
}
catch (Exception ex)
{
return(false);
}
// add user
await _context.User.AddAsync(
NewUser
);
await _context.SaveChangesAsync();
// get id to assign answer
int id = _context.User.FirstOrDefault(u => u.Username == NewUser.Username).UserID;
if (id < 1)
{
return(false);
}
// assign answers
foreach (SecurityAnswer a in SecurityAnswers)
{
await _context.SecurityAnswer.AddAsync(
new SecurityAnswer
{
UserID = id
//make matching easier
, Answer = a.Answer.ToLower().Replace(" ", "").Replace("\t", "").Replace("\n", "")
, QuestionID = a.QuestionID
}
);
}
await _context.SaveChangesAsync();
// misuse password hasher to make an activation URL
Salt = hasher.GenerateSalt(8);
string url;
do
{
int i = 0;
url = hasher.HashPassword("a" + id + DateTime.UtcNow, "", 10 + i, 8 + (i / 8));
} while (_context.ServiceToken.Any(t => t.URL == url));
// make activation token
ServiceToken newToken;
try
{
newToken = new ServiceToken {
UserID = id,
Action = "activate",
URL = url,
Creation = DateTime.UtcNow,
Expiration = DateTime.UtcNow.AddDays(365),
Resolved = false
};
}
catch (Exception ex)
{
return(false);
}
await _context.ServiceToken.AddAsync(newToken);
await _context.SaveChangesAsync();
return(true);
}
