public virtual async Task <bool> PasswordRecovery(UserModel passwordRecoveryModel)
{
if (passwordRecoveryModel == null || string.IsNullOrEmpty(passwordRecoveryModel.UserName))
{
return(false);
}
if (!_userDAO.Exist(passwordRecoveryModel.UserName))
{
return(false);
}
string token = new Guid().ToString();
_userDAO.UpdatePasswordToken(passwordRecoveryModel.UserName, token);
string passwordRecoverySubject = "Password recovery email";
string passwordRecoveryBody = $@"
Hi! <br/>
You requested password recovery to complete request follow
<a href='{_appSettings.BaseUrl}/Auth/recover?token={EncoderUtils.Base64Encode(token)}'>link</a>
<br/><br/><br/>
Best regards!";
await _emailSender.SendEmailAsync(passwordRecoveryModel.UserName, passwordRecoverySubject, passwordRecoveryBody);
return(true);
}
public virtual async Task <bool> Register(UserModel registrationModel)
{
if (registrationModel == null || string.IsNullOrEmpty(registrationModel.UserName) || string.IsNullOrEmpty(registrationModel.Password))
{
return(false);
}
bool registerUserResult = _userDAO.RegisterUser(registrationModel);
if (!registerUserResult)
{
return(false);
}
bool addWelcomeBonusResult = AddwelcomeBonus(registrationModel.UserName);
string token = EncoderUtils.Base64Encode(registrationModel.UserName);
string registrationMailSubject = "Confirm email";
string registrationMailBody = $@"
Hi! <br/>
To confirm your email please follow the
<a href='{GetCurrentDomain()}/Auth/ConfirmRegistration?token={token}'>link</a>
<br/><br/><br/>
Best regards!";
if (_appSettings.IgnoreEmails)
{
return(await ConfirmRegistration(token));
}
await _emailSender.SendEmailAsync(registrationModel.UserName, registrationMailSubject, registrationMailBody);
return(true);
}
public virtual Task <UserModel> Login(UserModel loginModel)
{
if (loginModel == null || string.IsNullOrEmpty(loginModel.UserName) || string.IsNullOrEmpty(loginModel.Password))
{
return(Task.FromResult <UserModel>(null));
}
var accessLogModel = new
{
Ip = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString(),
Username = loginModel.UserName,
Password = loginModel.Password
};
_accessLogger.Info($"{Newtonsoft.Json.JsonConvert.SerializeObject(accessLogModel)}");
if (!_userDAO.ValidatePassword(loginModel.UserName, loginModel.Password))
{
return(Task.FromResult <UserModel>(null));
}
UserDBModel userModel = _userDAO.GetUser(loginModel.UserName);
Random random = new Random();
var byteArray = new byte[256];
random.NextBytes(byteArray);
string cookie = Sha256HashUtils.ComputeSha256Hash(byteArray);
string inrole = userModel.Role > 0 ? "1" : "0";
if (userModel.Role > 50)
{
inrole = "100";
}
string allCookie = $"{EncoderUtils.Base64Encode(loginModel.UserName)}-{cookie}-{inrole}";
if (!_userDAO.SaveSession(cookie, DateTime.UtcNow.AddDays(1)))
{
return(Task.FromResult <UserModel>(null));
}
loginModel.Password = null;
loginModel.Cookie = allCookie;
loginModel.Status = "ok";
_httpContextAccessor.HttpContext.Response.Cookies.Append(AUTH_COOKIE, loginModel.Cookie, new CookieOptions
{
Expires = DateTime.Now.AddDays(3),
HttpOnly = false
});
return(Task.FromResult(loginModel));
}
public override string CreateCookie(UserDBModel user, HttpContext context)
{
Random random = new Random();
var byteArray = new byte[256];
random.NextBytes(byteArray);
string cookieHash = Sha256HashUtils.ComputeSha256Hash(byteArray);
string inrole = user.Role.ToString();
if (user.Role > ADMIN_ROLE)
{
inrole = ADMIN_ROLE_COOKIE_VALUE;
}
IUserDAO userDAO = context.RequestServices.GetRequiredService <IUserDAO>();
bool saveSessionResult = userDAO.SaveSession(cookieHash, DateTime.UtcNow.Add(COOKIE_VALID_FOR));
if (!saveSessionResult)
{
return(null);
}
string allCookie = string.Format(COOKIE_FORMAT, EncoderUtils.Base64Encode(user.UserName), cookieHash, inrole);
string encodedCookie = _protector.Protect(allCookie);
CookieOptions cookieOptions = new CookieOptions
{
Expires = DateTime.UtcNow.AddDays(1)
};
context.Response.Cookies.Append(COOKIE_KEY, encodedCookie, cookieOptions);
return(encodedCookie);
}
public virtual async Task <bool> PasswordRecovery(UserModel passwordRecoveryModel)
{
if (passwordRecoveryModel == null || string.IsNullOrEmpty(passwordRecoveryModel.UserName))
{
return(false);
}
if (!_userDAO.Exist(passwordRecoveryModel.UserName))
{
return(false);
}
string passwordRecoverySubject = "Password recovery email";
string passwordRecoveryBody = $@"
Hi! <br/>
You requested password recovery to complete request follow
<a href='{GetCurrentDomain()}/Auth/recover?token={EncoderUtils.Base64Encode(passwordRecoveryModel.UserName)}'>link</a>
<br/><br/><br/>
Best regards!";
await _emailSender.SendEmailAsync(passwordRecoveryModel.UserName, passwordRecoverySubject, passwordRecoveryBody);
return(true);
}