Example #1
0
        public async Task <ActionResult <LoginRegisterUserOutputDTO> > Login(LoginUserDTO loginUser)
        {
            AppUser appUser = await _context.Users
                              .Include(user => user.Photos)
                              .FirstOrDefaultAsync(user => user.UserName == loginUser.UserName.ToLower());

            if (appUser == null)
            {
                return(Unauthorized("User doesn't exist!!"));
            }

            using var hmac = new HMACSHA512(appUser.PasswordSalt);

            byte[] computedHash = await hmac.ComputeHashAsync(new MemoryStream(Encoding.UTF8.GetBytes(loginUser.Password)));

            for (int i = 0; i < computedHash.Length; i++)
            {
                if (computedHash[i] != appUser.PasswordHash[i])
                {
                    return(Unauthorized("Incorrect password!!"));
                }
            }

            return(new LoginRegisterUserOutputDTO
            {
                UserName = appUser.UserName,
                Token = _tokenService.CreateToken(appUser),
                PhotoUrl = appUser.Photos.FirstOrDefault(x => x.IsMain)?.Url,
                KnownAs = appUser.KnownAs,
                Gender = appUser.Gender
            });
        }
Example #2
0
        public async Task <ActionResult <LoginRegisterUserOutputDTO> > Register(RegisterUserDTO registerUser)
        {
            if (await ExistsUser(registerUser.UserName))
            {
                return(BadRequest("Username has been already used"));
            }

            using var hmac = new HMACSHA512();

            AppUser appUser = _mapper.Map <AppUser>(registerUser);

            appUser.UserName     = registerUser.UserName.ToLower();
            appUser.PasswordHash = await hmac.ComputeHashAsync(new MemoryStream(Encoding.UTF8.GetBytes(registerUser.Password)));

            appUser.PasswordSalt = hmac.Key;

            _context.Add(appUser);
            await _context.SaveChangesAsync();

            return(new LoginRegisterUserOutputDTO
            {
                UserName = appUser.UserName,
                Token = _tokenService.CreateToken(appUser),
                KnownAs = appUser.KnownAs,
                Gender = appUser.Gender
            });
        }
Example #3
0
        public static async Task SeedUsers(DataContext context)
        {
            if (await context.Users.AnyAsync())
            {
                return;
            }

            var userData = await System.IO.File.ReadAllTextAsync("Data/UserSeedData.json");

            var users = JsonSerializer.Deserialize <List <AppUser> >(userData);

            foreach (AppUser user in users)
            {
                using var hmac = new HMACSHA512();

                user.UserName     = user.UserName.ToLower();
                user.PasswordHash = await hmac.ComputeHashAsync(new MemoryStream(Encoding.UTF8.GetBytes("123456")));

                user.PasswordSalt = hmac.Key;

                await context.AddAsync(user);
            }

            await context.SaveChangesAsync();
        }
        public Task <byte[]> Hash(string password, byte[] salt)
        {
            var bytes = Encoding.UTF8.GetBytes(password);

            var allBytes = new byte[bytes.Length + salt.Length];

            Buffer.BlockCopy(bytes, 0, allBytes, 0, bytes.Length);
            Buffer.BlockCopy(salt, 0, allBytes, bytes.Length, salt.Length);

            return(x.ComputeHashAsync(new MemoryStream(allBytes)));
        }