public static UsernamePasswordPair Create(string usernameLine, string passwordLine)
    {
        UsernamePasswordPair pair = new UsernamePasswordPair();

        pair.Username = usernameLine?.Split('\t')[1];
        pair.Password = passwordLine?.Split('\t')[1];
        pair.HasValue = !string.IsNullOrEmpty(pair.Username) &&
                        !string.IsNullOrEmpty(pair.Password);
        return(pair);
    }
Ejemplo n.º 2
0
        public ActionResult Post([FromBody] UsernamePasswordPair auth)
        {
            AuthenticationService svc = new AuthenticationService();

            User user = svc.Authenticate(auth);

            if (user.Id != 0)
            {
                return(Ok(user));
            }
            else
            {
                return(Unauthorized());
            }
        }
Ejemplo n.º 3
0
        private void AuthenticateUser(HttpListenerContext con, out byte[] message)
        {
            string data          = "";
            bool   dataAvaliable = true;
            bool   validationOK  = true;
            uint   uid           = 0;

            while (dataAvaliable)
            {
                char c = (char)con.Request.InputStream.ReadByte();
                if (c != (char)UInt16.MaxValue)
                {
                    data += c;
                }
                else
                {
                    dataAvaliable = false;
                    con.Request.InputStream.Close();
                }
            }
            UsernamePasswordPair uandp = new UsernamePasswordPair();

            try
            {
                uandp = JsonConvert.DeserializeObject <UsernamePasswordPair>(data);
            }
            catch (JsonException) {
                con.Response.StatusCode = 406;
                validationOK            = false;
            }

            if (!uandp.Equals(default(UsernamePasswordPair)))
            {
                if (uandp.username.Length <= 4 || uandp.username.Length > 128)
                {
                    validationOK = false;
                }
                else if (uandp.password.Length <= 4 || uandp.password.Length > 128)
                {
                    validationOK = false;
                }

                DbDataReader reader = DBHelper.ExecuteReader(
                    "SELECT id,password FROM user WHERE username = @username",
                    new Dictionary <string, object> {
                    { "@username", uandp.username }
                },
                    true);
                if (reader.HasRows)
                {
                    reader.Read();
                    uid = (uint)reader.GetInt32(0);
                    string passsalt  = (string)reader.GetValue(1);
                    string salt      = passsalt.Substring(0, 64);
                    string checkhash = HashPassword(uandp.password, salt);
                    if (checkhash != passsalt)
                    {
                        validationOK = false;
                    }
                }
                else
                {
                    validationOK = false;
                }
                reader.Close();

                if (!validationOK)
                {
                    message = System.Text.UTF8Encoding.Default.GetBytes("{\"error\":\"Wrong Username/Password\"}");
                    con.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
                }
                else
                {
                    SessionObject session = new SessionObject();
                    session.agent     = con.Request.UserAgent;
                    session.host      = con.Request.RemoteEndPoint.Address.ToString();
                    session.timestamp = Util.GetEpoch();
                    session.token     = GenerateToken();
                    session.uid       = uid;
                    currentSessions.Add(session.token, session);
                    con.Response.StatusCode = (int)HttpStatusCode.OK;

                    //TokenReply reply;
                    //reply.token = session.token;
                    con.Response.Cookies.Add(new Cookie("sToken", session.token));
                    con.Response.ContentType = "text/plain";
                    message = System.Text.UTF8Encoding.Default.GetBytes("Ok");
                    DBHelper.ExecuteQuery("INSERT INTO accesslog VALUES(now(),@uid,@host)",
                                          new Dictionary <string, object> {
                        { "@uid", uid },
                        { "@host", session.host }
                    });

                    //Now we wait a little bit to throw off any brute forcers.
                    Thread.Sleep(new Random(DateTime.Now.Millisecond).Next(0, 250));
                }
            }
            else
            {
                message = System.Text.UTF8Encoding.Default.GetBytes("{\"error\":\"Invalid JSON\"}");
                con.Response.StatusCode = (int)HttpStatusCode.BadRequest;
            }
        }