public User Authenticate(string username, string password)
{
username = username.Normalize();
password = password.Normalize();
List <Dictionary <string, string> > records = DB.Query($"SELECT * FROM user WHERE name = '{username}'");
if (records.Count == 0)
{
return(null);
}
string hash = records[0]["hash"] ?? "";
string salt = records[0]["salt"] ?? "";
if (string.IsNullOrEmpty(salt))
{
return(null);
}
string saltedPassword = DB.SaltedPassword(password, salt);
if (string.IsNullOrEmpty(hash) || saltedPassword != hash)
{
return(null);
}
User user = new User();
int i = 0;
int.TryParse(records[0]["id"], out i);
user.Id = i;
user.Username = records[0]["name"];
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.Id + "")
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
foreach (User u in _users)
{
if (u.Username == user.Username)
{
_users.Remove(u);
}
}
_users.Add(user);
return(user.WithoutPassword());
}
public IActionResult Create([FromForm] UserCreateModel model)
{
List <Dictionary <string, string> > lst = DB.Query($"SELECT * FROM user WHERE name = '{model.Username}'");
if (lst.Count > 0)
{
return(BadRequest(new { title = "User already exists.", status = 400 }));
}
SHA384 sha = SHA384.Create();
byte[] bSalt = sha.ComputeHash(Guid.NewGuid().ToByteArray());
string salt = BitConverter.ToString(bSalt).Replace("-", "");
string saltedPassword = DB.SaltedPassword(model.Password, salt);
DB.Query($"INSERT INTO user (`name`,`hash`,`role`,`salt`)VALUES('{model.Username}','{saltedPassword}','{model.Role}','{salt}')");
return(CreatedAtAction("Create", null));
}
