public async Task <UserResponse> Authenticate(string username, string password)
{
User user = await this.context.Users.SingleOrDefaultAsync(u => u.Email == username);
if (user == null)
{
return(null);
}
if (user.Password == HashPassword.GetHashString(password))
{
var response = new UserResponse(user);
return(response);
}
return(null);
}
public string ChangePass(string password)
{
var username = (User as UserModel).Username.ToLower();
using (var dbContext = new DataContext())
{
string newPass = HashPassword.Hash(username, password);
var user = dbContext.Users.FirstOrDefault(e => e.Username.ToLower() == username);
if (user == null)
{
return("User không hợp lệ");
}
user.Password = newPass;
dbContext.SaveChanges();
}
return("Thành công");
}
public JsonResult UpdateUserPassword(UserRequest request)
{
if (!CornerCaseCheckHelper.Check(request.username, 50, CornerCaseCheckHelper.Username))
{
return(JsonReturnHelper.ErrorReturn(104, "Invalid username"));
}
if (!CornerCaseCheckHelper.Check(request.oldPassword, 0, CornerCaseCheckHelper.PassWord))
{
return(JsonReturnHelper.ErrorReturn(112, "Invalid oldPassword."));
}
if (!CornerCaseCheckHelper.Check(request.password, 0, CornerCaseCheckHelper.PassWord))
{
return(JsonReturnHelper.ErrorReturn(111, "Invalid password."));
}
if (request.password == request.oldPassword)
{
return(JsonReturnHelper.ErrorReturn(113, "The old and new passwords are the same."));
}
var user = _meshContext.Users.FirstOrDefault(u => u.Email == request.username);
//Check Password
if (user == null || !CheckHashPassword(request.oldPassword, user.PasswordSalt, user.PasswordDigest))
{
return(JsonReturnHelper.ErrorReturn(201, "Incorrect username or password."));
}
HashPassword hashPassword = GetHashPassword(request.password);
try
{
user.PasswordDigest = hashPassword.PasswordDigest;
user.PasswordSalt = hashPassword.PasswordSalt;
_meshContext.Users.Update(user);
_meshContext.SaveChanges();
}
catch (Exception e)
{
_logger.LogError(e.ToString());
return(JsonReturnHelper.ErrorReturn(1, "Unexpected error."));
}
return(JsonReturnHelper.SuccessReturn());
}
public JsonResult Register(UserRequest request)
{
if (!CornerCaseCheckHelper.Check(request.username, 50, CornerCaseCheckHelper.Username))
{
return(JsonReturnHelper.ErrorReturn(104, "Invalid username"));
}
if (!CornerCaseCheckHelper.Check(request.password, 0, CornerCaseCheckHelper.PassWord))
{
return(JsonReturnHelper.ErrorReturn(111, "Invalid password."));
}
var user = _meshContext.Users.FirstOrDefault(u => u.Email == request.username);
if (user != null)
{
return(JsonReturnHelper.ErrorReturn(101, "User already exists."));
}
HashPassword hashPassword = GetHashPassword(request.password);
//Create new user
var newUser = new User()
{
Email = request.username,
Nickname = request.username,
PasswordDigest = hashPassword.PasswordDigest,
PasswordSalt = hashPassword.PasswordSalt,
Avatar = AvatarSaveHelper.PutObject(""),
ColorPreference = "blue",
LayoutPreference = "default",
RevealedPreference = "card"
};
//try to save the user
try
{
_meshContext.Users.Add(newUser);
_meshContext.SaveChanges();
}
catch (Exception e)
{
_logger.LogError(e.ToString());
return(JsonReturnHelper.ErrorReturn(1, "Unexpected error."));
}
return(UserReturnValue(newUser));
}
public ActionResult AddUsers(Users usr)//adaugam utilizatori
{
if (ModelState.IsValid)
{
string CallSP = "AddUsers @Nume_Utilizator, @Email, @Parola";
SqlParameter NumeUtilizator = new SqlParameter("Nume_utilizator", usr.Nume_utilizator);
SqlParameter Email = new SqlParameter("Email", usr.Email);
SqlParameter Parola = new SqlParameter("Parola", HashPassword.ComputeSHA1(usr.Parola));
//SqlParameter Id_Functie = new SqlParameter("Id_Functie", usr.Id_Functie);
object[] parameters = new object[] { NumeUtilizator, Email, Parola };
var result = pl.Database.SqlQuery <Users>(CallSP, parameters);
return(Json(result, JsonRequestBehavior.AllowGet));
}
return(RedirectToAction("Index", "Users"));
}
public ActionResult <User> Login([FromBody] LoginDto login)
{
var user = _db.Users.FirstOrDefault(x => x.Username == login.Username);
if (user == null)
{
return(StatusCode(500, "Invalid username/password"));
}
if (user.Password != HashPassword.GeneratePassword(user.Salt, login.Password))
{
return(StatusCode(500, "Invalid username/password"));
}
user.Token = RandomString.GenerateString(8);
_db.Users.Update(user);
_db.SaveChanges();
return(user);
}
public void Register(RegisterModel registerModel)
{
string username = _userRepository.GetAll()
.Where(u => u.Username == registerModel.Username)
.Select(u => u.Username)
.ToString();
if (username != null)
{
throw new UserException($"User with username:{registerModel.Username} already exists!");
}
if (string.IsNullOrWhiteSpace(registerModel.Password) || string.IsNullOrWhiteSpace(registerModel.ConfirmPassword))
{
throw new UserException("Password required!");
}
if (registerModel.Password != registerModel.ConfirmPassword)
{
throw new UserException($"Passwords do not match!");
}
if (string.IsNullOrWhiteSpace(registerModel.FirstName) || string.IsNullOrWhiteSpace(registerModel.LastName))
{
throw new UserException("Both Firstnam and Lastname are required!");
}
if (string.IsNullOrWhiteSpace(registerModel.Username))
{
throw new UserException("Username is required!");
}
string hashedPasswor = HashPassword.HashPass(registerModel.Password);
User user = new User()
{
Firstname = registerModel.FirstName,
Lastname = registerModel.LastName,
Username = registerModel.Username,
Password = hashedPasswor
};
_userRepository.Insert(user);
}
public async Task <IHttpActionResult> ResetPassword(int id, [FromBody] ResetAccount form)
{
try
{
var account = (from a in db.accounts where a.id == id select a).FirstOrDefault();
if (account != null)
{
//check same password
var pass1 = HashPassword.hashPassword(form.password);
var pass2 = HashPassword.hashPassword(form.pre_password);
if (pass1 == pass2)
{
account.password = pass1;
account.password2 = pass2;
int val = await db.SaveChangesAsync();
//search from list report
var findListReport = db.report_account.Where(a => a.account_id == account.id).FirstOrDefault();
if (findListReport != null)
{
db.Entry(findListReport).State = System.Data.Entity.EntityState.Deleted;
await db.SaveChangesAsync();
}
if (val > 0)
{
return(Ok(await FetchDetailsAccount.GetDetailsAccount(id)));
}
else
{
return(BadRequest("Reset password error."));
}
}
else
{
return(BadRequest("Passwords are not the same."));
}
}
else
{
return(BadRequest("Not found accounts."));
}
}catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public ActionResult Login(Users login)
{
var users = new Users();
var UR = new UserRepository();
var HP = new HashPassword();
users = UR.GetUser(login);
if (users.username == login.username)
{
if (HP.CovertPasswordBack(users.password, login.password))
{
Session["User"] = users;
}
}
return(RedirectToAction("Index", "UserList"));
}
public ActionResult Create(UserModel model)
{
try
{
if (unitOfWork.UserRepository.Get(x => x.LoginId == model.LoginId).Any())
{
ModelState.AddModelError("Invalid Username", "Username Exists!!!");
}
if (ModelState.IsValid)
{
model.CreatedDate = DateTime.Now;
model.Password = HashPassword.GetMd5Hash(MD5.Create(), model.Password);
userService.AddUser(model);
TempData["Success"] = "New User Added !!";
return(RedirectToAction("Index"));
}
model.dRoleList = dynamicList.GetRolesSelectList();
model.dDesignationList = dynamicList.GetDesignationList();
model.dOfficeList = dynamicList.GetOfficeList();
TempData["Danger"] = ModelState.Values.SelectMany(x => x.Errors).Select(x => x.ErrorMessage);
return(View(@"~\Views\Setup\User\Create.cshtml", model));
}
catch (DbEntityValidationException e)
{
TempData["Danger"] = e.Message;
}
model.dRoleList = dynamicList.GetRolesSelectList();
model.dDesignationList = dynamicList.GetDesignationList();
model.dOfficeList = dynamicList.GetOfficeList();
return(View(@"~\Views\Setup\User\Create.cshtml", model));
}
public ActionResult ChgPassword(string username, string password, string newpassword)
{
BsonDocument doc = usertable.Login(username, password);
if (doc != null)
{
JObject usuario = JsonConvert.DeserializeObject <JObject>(usertable.GetRow(doc["_id"].AsObjectId.ToString()));
usuario["pwd"] = HashPassword.CreateHash(newpassword);
usuario["lastChgPassword"] = DateTime.Now.ToString("dd/MM/yyyy HH:mm:ss");
usertable.SaveRow(JsonConvert.SerializeObject(usuario), usuario["_id"].ToString());
return(Content("/User/Login"));
}
else
{
return(Content("WrongPass"));
}
}
private bool Login()
{
if (string.IsNullOrEmpty(userName))
{
Result.Message = new BusinessMessage("خطا", "نام کاربری را وارد کنید.");
return(false);
}
if (string.IsNullOrEmpty(password))
{
Result.Message = new BusinessMessage("خطا", "رمز عبور را وارد کنید.");
return(false);
}
var user = accountingUow.GetRepository <User>().GetFirst(x => x.UserName.Equals(userName));
if (user == null || !HashPassword.VerifyPassword(password, user.Password))
{
Result.Message = new BusinessMessage("خطا", "نام کاربری یا رمز عبور اشتباه است.");
return(false);
}
var roleResult = accountingUow.GetRepository <V_UserRole>().Select(x => x.UserId == user.UserId, x => new Infra.Wpf.Security.Role {
RoleId = x.RoleId, Name = x.RoleTitle
});
var permissionResult = accountingUow.GetRepository <V_UserRolePermission>().Select(x => x.UserId == user.UserId, x => new Infra.Wpf.Security.Permission {
PermissionId = x.PermmisionId, Url = x.Url
}, distinct: true);
Identity identity = new Identity(user.UserName, user.UserId, roleResult, permissionResult);
Principal principal = new Principal(identity, AuthorizeBasedOn.BaseOnPermission);
AppDomain.CurrentDomain.SetThreadPrincipal(principal);
accountingUow.Logger.Log(new LogInfo()
{
CallSite = this.GetType().FullName,
LogType = LogType.Information,
UserId = user.UserId,
Message = "Login: UserName = " + user.UserName
});
return(true);
}
public String newPassword(string key, string password)
{
JObject keydata = new JObject();
try
{
keydata = JsonConvert.DeserializeObject <JObject>(keysTable.GetRow(key));
}
catch
{
return("Lo sentimos,Este link ya no es valido");
}
JObject usuario = new JObject();
try
{
usuario = JsonConvert.DeserializeObject <JObject>(usertable.GetRow(keydata["userId"].ToString()));
}
catch {
usuario = null;
}
if (usuario != null)
{
usuario["pwd"] = HashPassword.CreateHash(password);
JToken lst;
if (usuario.TryGetValue("lastChgPassword", out lst))
{
usuario["lastChgPassword"] = DateTime.Now.ToString("dd/MM/yyyy HH:mm:ss");
}
else
{
usuario.Add("lastChgPassword", DateTime.Now.ToString("dd/MM/yyyy HH:mm:ss"));
}
usertable.SaveRow(JsonConvert.SerializeObject(usuario), usuario["_id"].ToString());
keysTable.DeleteRowPhysical(key);
return("success");
}
else
{
return("El usuario asociado a este link, no existe");
}
}
/// <summary>
/// Method indicates whether sign in process was successful
/// </summary>
/// <param name="authUser"></param>
/// <returns></returns>
public async Task <AuthenticateResponse> IsSignInSuccessful(AuthUserData authUser)
{
bool isLoginNullOrEmpty = string.IsNullOrEmpty(authUser.Login);
bool isPasswordNullOrEmpty = string.IsNullOrEmpty(authUser.Password);
if (isLoginNullOrEmpty && isPasswordNullOrEmpty)
{
return(new AuthenticateResponse(AuthResponseMessage.LoginAndPasswordNotProvided, null, null, null, null, null));
}
else if (isLoginNullOrEmpty)
{
return(new AuthenticateResponse(AuthResponseMessage.LoginNotProvided, null, null, null, null, null));
}
else if (isPasswordNullOrEmpty)
{
return(new AuthenticateResponse(AuthResponseMessage.PasswordNotProvided, null, null, null, null, null));
}
var userWithAuthLogin = await unitOfWork.UserRepository.GetUserByLoginAsync(authUser.Login);
if (userWithAuthLogin == null)
{
return(new AuthenticateResponse(AuthResponseMessage.UserWithThisLoginNotExists, null, null, null, null, null));
}
HashPassword hash = new HashPassword(authUser.Password, authUser.Login);
if (userWithAuthLogin.Password.Equals(hash.HashedPassword))
{
var userRole = await unitOfWork.UserRoleRepository.GetUserRole(userWithAuthLogin);
var authResponseData = Authenticate(userWithAuthLogin, userRole);
if (authResponseData == null)
{
return(new AuthenticateResponse(AuthResponseMessage.ErrorWhileGeneratingToken, null, null, null, null, null));
}
return(authResponseData);
}
return(new AuthenticateResponse(AuthResponseMessage.WrongPassword, null, null, null, null, null));
}
public void Dont_Auth_Incorrect_User()
{
// Arrange
LoginViewModel userData = new LoginViewModel
{
Login = "******",
Password = "******"
};
string storedPasswordHash = Convert.ToBase64String(HashPassword.HashPass("pass".ToCharArray(), new byte[0]));
IAuthProvider authProv = new FormsAuthProvider(userData.Login, storedPasswordHash, "");
AccountController target = new AccountController(authProv);
// Act
ActionResult result = target.Login(userData, "#true", SessionStorage.Current);
// Assert
Assert.IsInstanceOfType(result, typeof(ViewResult));
Assert.IsFalse(((ViewResult)result).ViewData.ModelState.IsValid);
}
//check ability to save new student from excel
public bool SaveStudent(string username, string password, string fullname, string email, string classbygrade, ClassSurveyDbContext db)
{
var result = false;
try
{
//save student
//if students exist before, then not import again
//just import new student not exists in system
if (db.Students.Where(x => x.Username.Equals(username)).Count() == 0)
{
var student = new Student();
student.Username = username;
//hash password before adding
student.Password = HashPassword.ComputeSha256Hash(password);
student.StudentCode = username;
student.StudentName = fullname;
student.Email = email;
student.ClassByGrade = classbygrade;
db.Students.Add(student);
db.SaveChanges();
int id = db.Students.Max(x => x.Id);
//add new user
User user = new User()
{
Username = username,
Password = HashPassword.ComputeSha256Hash(password),
Position = "Student",
StudentId = id
};
db.Users.Add(user);
db.SaveChanges();
result = true;
}
}
catch (Exception)
{
throw;
}
return(result);
}
public LoginResponse Login(LoginRequest request)
{
var client = _context.Client.FirstOrDefault(p => p.Login == request.Login);
if (client == null)
{
throw new UserNotFound();
}
var passwordToCompare = HashPassword.HashPass(request.Password, client.Salt);
if (!passwordToCompare.Equals(client.Password))
{
throw new UserNotFound();
}
var userclaim = new[]
{
new Claim(ClaimTypes.NameIdentifier, client.IdClient.ToString()),
new Claim(ClaimTypes.Name, client.FirstName),
new Claim(ClaimTypes.Role, "Client"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "AdCompany",
audience: "Clients",
claims: userclaim,
expires: DateTime.Now.AddMinutes(5),
signingCredentials: creds
);
client.RefreshToken = Guid.NewGuid().ToString();
client.ExpireDate = DateTime.Now.AddDays(1);
_context.SaveChanges();
return(new LoginResponse()
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(token), RefreshToken = client.RefreshToken
});
}
public async Task <IHttpActionResult> ResetPasswordUser([FromBody] account form)
{
try
{
var identity = (ClaimsIdentity)User.Identity;
var username = identity.Claims.Where(a => a.Type == ClaimTypes.Name).Select(c => c.Value).FirstOrDefault();
var account = (from a in db.accounts where a.username == username select a).FirstOrDefault();
if (account != null)
{
//check same password
var pass1 = HashPassword.hashPassword(form.password);
var pass2 = HashPassword.hashPassword(form.password2);
if (pass1 == pass2)
{
account.password = pass1;
account.password2 = pass2;
int val = await db.SaveChangesAsync();
if (val > 0)
{
return(Ok(await FetchDetailsAccount.GetDetailsAccount(account.id)));
}
else
{
return(BadRequest("Reset password error."));
}
}
else
{
return(BadRequest("Passwords are not the same."));
}
}
else
{
return(BadRequest("Not found accounts."));
}
}
catch (Exception e)
{
return(BadRequest(e.Message));
}
}
public void Auth_Correct_User()
{
// Arrange
LoginViewModel userData = new LoginViewModel
{
Login = "******",
Password = "******"
};
string storedPasswordHash = Convert.ToBase64String(HashPassword.HashPass(userData.Password.ToCharArray(), new byte[0]));
IAuthProvider authProv = new FormsAuthProvider(userData.Login, storedPasswordHash, "");
AccountController target = new AccountController(authProv);
SessionStorage storage = SessionStorage.Current;
// Act
ActionResult result = target.Login(userData, "#true", storage);
// Assert
Assert.IsInstanceOfType(result, typeof(RedirectResult));
Assert.IsTrue(((RedirectResult)result).Url.Contains("#true"));
}
public async Task <IActionResult> CreateOrUpdate([FromForm] WebsiteViewModel input)
{
var model = new WebsiteModel()
{
Name = input.Name,
Url = input.Url,
Category = input.Category,
Login = new LoginModel()
{
Email = input.Login.Email,
Password = HashPassword.GetHashedPassword(input.Login.Password),
},
IsDeleted = false,
HomepageSnapshot = ImageToByteArray(input.Image)
};
var record = await this.websiteRepository.CreateOrUpdate(model);
return(Ok(record));
}
public IActionResult InserirAdmin([FromBody] UsuariosDomain Usuarios)
{
var users = _context.Usuarios;
if (Usuarios == null)
{
return(BadRequest("Dados do usuário incorretos"));
}
foreach (var usua in users)
{
if (Usuarios.Email == usua.Email)
{
return(BadRequest("E-mail já cadastrado"));
}
}
try
{
HashPassword geradorHash = new HashPassword();
var hash = geradorHash.GenerateHash(Usuarios.Senha);
if (hash != null)
{
Usuarios.Senha = hash;
}
_context.Usuarios.Add(Usuarios);
_context.SaveChanges();
UsuarioPermissoesDomain permissoes = new UsuarioPermissoesDomain();
permissoes.UsuarioId = Usuarios.id;
permissoes.PermissaoId = 1;
permissoes.DataCriacao = DateTime.Now;
_context.UsuarioPermissoes.Add(permissoes);
_context.SaveChanges();
return(Ok("Cadastrado com sucesso"));
}
catch (System.Exception ex)
{
return(BadRequest(ex.Message));
}
}
//check if we can save new teachers
public bool SaveTeacher(string username, string password, string name, string email, ClassSurveyDbContext db)
{
var result = false;
try
{
//if teacher not exists in system before
//just add new teachers when they dont exist in system
if (db.Teachers.Where(x => x.Username.Equals(username)).Count() == 0)
{
var teacher = new Teacher();
teacher.Username = username;
//hash password before adding
teacher.Password = HashPassword.ComputeSha256Hash(password);
teacher.TeacherName = name;
teacher.Email = email;
db.Teachers.Add(teacher);
db.SaveChanges();
int id = db.Teachers.Max(x => x.Id);
//add new user
User user = new User()
{
Username = username,
Password = HashPassword.ComputeSha256Hash(password),
Position = "Teacher",
TeacherId = id
};
db.Users.Add(user);
db.SaveChanges();
result = true;
}
}
catch (Exception)
{
throw;
}
return(result);
}
public void RemindPass(string email, string url)
{
// Создаем данные для отправки
// Генерируем код потверждения
string code = JsonConvert.SerializeObject(new { guid = Guid.NewGuid(), login = login });
code = code.Replace('"', '\'');
url = url + "?code=" + code;
char[] newPass = HashPassword.GeneratePassword(6); // Генерируем новый пароль длиной в 6 символов
// Отправляем письмо с паролем и кодом подтверждения
MailSender.SendEmailToNewPass(email, login, newPass, url, MailSender.FromEmailServer.gmail);
logger.Warn(string.Format("Mail to recover access sended to email: '{0}'.", email));
// Сохраняем новый пароль, код подтверждения и дату устаревания в хранилище данных
string newPassHash = Convert.ToBase64String(HashPassword.HashPass(newPass, new byte[0]));
BlogSettings.Current.TurnOnPassRemind(newPassHash, code, DateTime.Now.AddDays(1));
}
public ActionResult Login(Users user)
{
using (Entities db = new Entities())
{
//user.password = HashPassword.hash(user.password);
foreach (Users u in db.Users.ToArray())
{
if (u.login == user.login && HashPassword.hash(user.password, u.salt) == u.password)
{
Session["UserID"] = u.Id;
Session["UserLogin"] = u.login;
return(Redirect("~/Wallet/Index"));
}
}
}
ModelState.AddModelError("LoginError", "Login or Password is wrong.");
return(View());
}
public void Update()
{
User u = new User();
u.u_id = int.Parse(txtUid.Text);
u.user_name = txtUserName.Text;
u.password = txtPassword.Text == null ? lblpasshide.Text : HashPassword.CreateMD5(txtPassword.Text);
u.status = chkStatus.Checked == true ? true : false;
u.gender = chkGender.Checked == true ? true : false;
u.full_name = txtName.Text;
u.date_create = DateTime.Now;
u.mobile = txtPhone.Text;
u.email = txtEmail.Text;
int result = UserDAO.Instance.Update(u);
if (result > 0)
{
MessageBox.Show("Update success", "Update");
Load();
}
}
public string ResetPass(string username)
{
var currentUsername = (User as UserModel).Username.ToLower();
if (AdminUsers.Contains(currentUsername) == false)
{
return("Bạn không có quyền truy cập");
}
using (var dbContext = new DataContext())
{
string newPass = HashPassword.Hash(username, "123456a@");
var user = dbContext.Users.FirstOrDefault(e => e.Username.ToLower() == username);
if (user == null)
{
return("User không hợp lệ");
}
user.Password = newPass;
dbContext.SaveChanges();
}
return("Thành công");
}
public ActionResult SettingsPost(SettingsIndexViewModel model)
{
if (ModelState.IsValid)
{
if (!string.IsNullOrEmpty(model.NewPassword) && string.IsNullOrEmpty(model.CurrentPassword))
{
ModelState.AddModelError("CurrentPassword", "Для смены пароля нужно указать текущий пароль");
}
else if (string.IsNullOrEmpty(model.NewPassword) && !string.IsNullOrEmpty(model.CurrentPassword))
{
ModelState.AddModelError("NewPassword", "Вы не указали новый пароль");
}
}
string newPassHash = null; // если производится корректная смена пароля, то ниже получит значение
if (ModelState.IsValid && !string.IsNullOrEmpty(model.NewPassword))
{
// Берем логин с сервера, потому что на клиенте он мог измениться
if (authProvider.IsValidUser(BlogSettings.Current.AdminLogin, model.CurrentPassword.ToCharArray()))
{
// Получаем хэш пароля
newPassHash = Convert.ToBase64String(
HashPassword.HashPass(model.NewPassword.ToCharArray(), new byte[0]));
}
else
{
ModelState.AddModelError("CurrentPassword", "Указанный пароль не соответствует текущему");
}
}
if (ModelState.IsValid)
{
// Сохранение новых настроек
BlogSettings.Current.ChangeSettings(model.Settings, newPassHash, false);
BlogEngineTK.WebUI.MvcApplication.ClearAppCache();
}
return(View(model));
}
public IActionResult Put([FromBody] User user)
{
var u = Users.FirstOrDefault(x => x.Id == user.Id);
byte[] salt = null;
if (string.IsNullOrEmpty(user.Password))
{
user.Password = u.Password;
salt = u.Salt;
}
else
{
salt = HashPassword.GenerateSalt();
}
if (user.Password.Length < 6)
{
return(StatusCode(500, "User password need to have min 6 signs"));
}
var newPassword = HashPassword.GeneratePassword(salt, user.Password);
user.Password = newPassword;
user.Salt = salt;
var existingUser = Users.FirstOrDefault(x => (x.Username == user.Username || x.Email == user.Email) && x.Id != user.Id);
if (existingUser != null)
{
return(StatusCode(500, "Already exist user with that username or email"));
}
u.Password = newPassword;
u.Salt = salt;
u.Email = user.Email;
u.FirstName = user.FirstName;
u.LastName = user.LastName;
u.Username = user.Username;
_db.Users.Update(u);
_db.SaveChanges();
return(Ok());
}
private void button_create_Click(object sender, EventArgs e)
{
User user = new User();
if (textbox_pwd.Text == textbox_pwd2.Text)
{
user.HashPassword = HashPassword.Hash(textbox_pwd2.Text);
}
else
{
MessageBox.Show(
"Passwords are not match!",
"Error",
MessageBoxButtons.OK,
MessageBoxIcon.Error);
return;
}
user.Name = textbox_name.Text;
user.Login = textbox_login.Text;
user.Age = Convert.ToInt32(textbox_age.Text);
try
{
_userService.CreateUser(user);
MessageBox.Show(
"New user was created!",
"Information",
MessageBoxButtons.OK,
MessageBoxIcon.Information);
this.Close();
}
catch
{
MessageBox.Show(
"You have troubles!",
"Error",
MessageBoxButtons.OK,
MessageBoxIcon.Error);
return;
}
}
public async Task <IActionResult> Register(RegisterViewModel registerViewModel)
{
if (ModelState.IsValid)
{
try {
await using var transaction = dbContext.Database.BeginTransaction();
var salt = HashPassword.CreateSalt();
var hash = HashPassword.GenerateSaltedHash(Encoding.UTF8.GetBytes(registerViewModel.Password), salt);
var user = new User {
UserLogin = registerViewModel.Login,
UserSalt = Convert.ToBase64String(salt),
UserHash = Convert.ToBase64String(hash),
UserType = "passenger"
};
await dbContext.User.AddAsync(user);
await dbContext.SaveChangesAsync();
var passenger = new Passenger {
IdUser = user.IdUser,
PassengerFullName = registerViewModel.FullName,
PassengerBirthday = registerViewModel.Birthday,
IdPassengerPassportType = registerViewModel.IdPassportType,
PassengerPassport = registerViewModel.PassportData
};
await dbContext.Passenger.AddAsync(passenger);
await dbContext.SaveChangesAsync();
transaction.Commit();
await Authenticate(user);
return(RedirectToAction("Index", "Home"));
} catch {
return(NotFound());
}
}
ViewBag.PassportType = new SelectList(dbContext.PassportType.ToList(), "IdPassportType", "Passport");
return(View(registerViewModel));
}
/// <summary>
/// Logs in the user and creates a session.
/// </summary>
/// <param name="emailAddress">emailddress of the user</param>
/// <param name="password">password of the user</param>
public void Login(string emailAddress, string password)
{
IRetrieveDb<User, String> RetrieveDb = new RetrieveFromUserWithEmail();
HashPassword hash = new HashPassword();
var email = emailAddress;
var nonHashedPassword = password;
try
{
var user = RetrieveDb.RetrieveFrom(email);
var hashPassword = hash.HashString(password);
var hashDbPassword = hash.HashString(user.Password, user.Salt);
var isValidPassword = HashPassword.ValidatePassword(password, user.Password);
if (isValidPassword)
{
FormsAuthentication.SetAuthCookie(email, false);
USession.CurrentUser.UserId = user.UserId;
USession.CurrentUser.Username = email;
USession.CurrentUser.FirstName = user.FirstName;
USession.CurrentUser.LastName = user.LastName;
}
else
{
//password not match
throw new InvalidUserException();
}
}
catch (InvalidUserException ex)
{
throw ex;
}
catch (Exception ex)
{
throw new UnknownErrorException(ex);
}
}
