public virtual async Task <bool> PasswordRecovery(UserModel passwordRecoveryModel) { if (passwordRecoveryModel == null || string.IsNullOrEmpty(passwordRecoveryModel.UserName)) { return(false); } if (!_userDAO.Exist(passwordRecoveryModel.UserName)) { return(false); } string token = new Guid().ToString(); _userDAO.UpdatePasswordToken(passwordRecoveryModel.UserName, token); string passwordRecoverySubject = "Password recovery email"; string passwordRecoveryBody = $@" Hi! <br/> You requested password recovery to complete request follow <a href='{_appSettings.BaseUrl}/Auth/recover?token={EncoderUtils.Base64Encode(token)}'>link</a> <br/><br/><br/> Best regards!"; await _emailSender.SendEmailAsync(passwordRecoveryModel.UserName, passwordRecoverySubject, passwordRecoveryBody); return(true); }
public virtual async Task <bool> Register(UserModel registrationModel) { if (registrationModel == null || string.IsNullOrEmpty(registrationModel.UserName) || string.IsNullOrEmpty(registrationModel.Password)) { return(false); } bool registerUserResult = _userDAO.RegisterUser(registrationModel); if (!registerUserResult) { return(false); } bool addWelcomeBonusResult = AddwelcomeBonus(registrationModel.UserName); string token = EncoderUtils.Base64Encode(registrationModel.UserName); string registrationMailSubject = "Confirm email"; string registrationMailBody = $@" Hi! <br/> To confirm your email please follow the <a href='{GetCurrentDomain()}/Auth/ConfirmRegistration?token={token}'>link</a> <br/><br/><br/> Best regards!"; if (_appSettings.IgnoreEmails) { return(await ConfirmRegistration(token)); } await _emailSender.SendEmailAsync(registrationModel.UserName, registrationMailSubject, registrationMailBody); return(true); }
public virtual Task <UserModel> Login(UserModel loginModel) { if (loginModel == null || string.IsNullOrEmpty(loginModel.UserName) || string.IsNullOrEmpty(loginModel.Password)) { return(Task.FromResult <UserModel>(null)); } var accessLogModel = new { Ip = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString(), Username = loginModel.UserName, Password = loginModel.Password }; _accessLogger.Info($"{Newtonsoft.Json.JsonConvert.SerializeObject(accessLogModel)}"); if (!_userDAO.ValidatePassword(loginModel.UserName, loginModel.Password)) { return(Task.FromResult <UserModel>(null)); } UserDBModel userModel = _userDAO.GetUser(loginModel.UserName); Random random = new Random(); var byteArray = new byte[256]; random.NextBytes(byteArray); string cookie = Sha256HashUtils.ComputeSha256Hash(byteArray); string inrole = userModel.Role > 0 ? "1" : "0"; if (userModel.Role > 50) { inrole = "100"; } string allCookie = $"{EncoderUtils.Base64Encode(loginModel.UserName)}-{cookie}-{inrole}"; if (!_userDAO.SaveSession(cookie, DateTime.UtcNow.AddDays(1))) { return(Task.FromResult <UserModel>(null)); } loginModel.Password = null; loginModel.Cookie = allCookie; loginModel.Status = "ok"; _httpContextAccessor.HttpContext.Response.Cookies.Append(AUTH_COOKIE, loginModel.Cookie, new CookieOptions { Expires = DateTime.Now.AddDays(3), HttpOnly = false }); return(Task.FromResult(loginModel)); }
public override string CreateCookie(UserDBModel user, HttpContext context) { Random random = new Random(); var byteArray = new byte[256]; random.NextBytes(byteArray); string cookieHash = Sha256HashUtils.ComputeSha256Hash(byteArray); string inrole = user.Role.ToString(); if (user.Role > ADMIN_ROLE) { inrole = ADMIN_ROLE_COOKIE_VALUE; } IUserDAO userDAO = context.RequestServices.GetRequiredService <IUserDAO>(); bool saveSessionResult = userDAO.SaveSession(cookieHash, DateTime.UtcNow.Add(COOKIE_VALID_FOR)); if (!saveSessionResult) { return(null); } string allCookie = string.Format(COOKIE_FORMAT, EncoderUtils.Base64Encode(user.UserName), cookieHash, inrole); string encodedCookie = _protector.Protect(allCookie); CookieOptions cookieOptions = new CookieOptions { Expires = DateTime.UtcNow.AddDays(1) }; context.Response.Cookies.Append(COOKIE_KEY, encodedCookie, cookieOptions); return(encodedCookie); }
public virtual async Task <bool> PasswordRecovery(UserModel passwordRecoveryModel) { if (passwordRecoveryModel == null || string.IsNullOrEmpty(passwordRecoveryModel.UserName)) { return(false); } if (!_userDAO.Exist(passwordRecoveryModel.UserName)) { return(false); } string passwordRecoverySubject = "Password recovery email"; string passwordRecoveryBody = $@" Hi! <br/> You requested password recovery to complete request follow <a href='{GetCurrentDomain()}/Auth/recover?token={EncoderUtils.Base64Encode(passwordRecoveryModel.UserName)}'>link</a> <br/><br/><br/> Best regards!"; await _emailSender.SendEmailAsync(passwordRecoveryModel.UserName, passwordRecoverySubject, passwordRecoveryBody); return(true); }