public async Task <User> Login(string username, string password)
{
if (string.IsNullOrWhiteSpace(username))
{
return(null);
}
var user = await _context.Users
.Include(x => x.Photos)
.FirstOrDefaultAsync(x => x.Username == username.ToLowerInvariant());
if (user == null)
{
return(null);
}
bool isPasswordValid = HmacHelper.CheckPasswordHash(password, user.PasswordHash, user.PasswordSalt);
if (isPasswordValid)
{
return(user);
}
else
{
return(null);
}
}
// Http Request to Momo Server
public void sendPaymentRequest()
{
var reqtime = Utils.GetTimeStamp().ToString();
var transid = Guid.NewGuid().ToString();
var embeddata = new {};
var order = new Dictionary <string, string>();
order.Add("appid", appid);
order.Add("appuser", "demo");
order.Add("apptime", Utils.GetTimeStamp().ToString());
order.Add("amount", totalCost.ToString());
order.Add("apptransid", DateTime.Now.ToString("yyMMdd") + "_" + transid);
order.Add("embeddata", JsonConvert.SerializeObject(embeddata));
order.Add("item", orderInfo);
order.Add("description", "Smart Food Court ZaloPay demo");
order.Add("bankcode", "zalopayapp");
var data = appid + "|" + order["apptransid"] + "|" + order["appuser"] + "|" + order["amount"] + "|"
+ order["apptime"] + "|" + order["embeddata"] + "|" + order["item"];
order.Add("mac", HmacHelper.Compute(ZaloPayHMAC.HMACSHA256, key1, data));
var orderJSON = Encoding.ASCII.GetBytes(JsonConvert.SerializeObject(order));
Dictionary <string, string> param = new Dictionary <string, string>();
param.Add("appid", appid);
param.Add("reqtime", reqtime);
param.Add("mac", HmacHelper.Compute(ZaloPayHMAC.HMACSHA256, key1, appid + "|" + reqtime));
payUrl = qrUrl = "https://sbgateway.zalopay.vn/openinapp?order=" + Convert.ToBase64String(orderJSON);
}
public async Task <string> CreateOrderAsync(Booking booking, long amount, string description)
{
var transid = Guid.NewGuid().ToString();
var embeddata = new {};
var items = new object[] {};
var param = new Dictionary <string, string>();
param.Add("appid", _appid);
param.Add("appuser", booking.Owner.Name);
param.Add("apptime", Utils.GetTimeStamp().ToString());
// Quick hack to convert to VND :))
param.Add("amount", Math.Ceiling(amount * 23193d).ToString());
param.Add("apptransid", DateTime.Now.ToString("yyMMdd") + "_" + transid);
param.Add("embeddata", JsonConvert.SerializeObject(embeddata));
param.Add("item", JsonConvert.SerializeObject(items));
param.Add("description", description);
param.Add("bankcode", "zalopayapp");
var data = _appid + "|" + param["apptransid"] + "|" + param["appuser"] + "|" + param["amount"] + "|"
+ param["apptime"] + "|" + param["embeddata"] + "|" + param["item"];
param.Add("mac", HmacHelper.Compute(ZaloPayHMAC.HMACSHA256, _key1, data));
var result = await HttpHelper.PostFormAsync(_createOrderUrl, param);
foreach (var entry in result)
{
Console.WriteLine("{0} = {1}", entry.Key, entry.Value);
}
return(result["orderurl"] as string);
}
public static string Compute(string data, string key = "")
{
if (string.IsNullOrEmpty(key))
{
key = Constants.KEY1;
}
return(HmacHelper.Compute(ZaloPayHMAC.HMACSHA256, key, data));
}
public static string Compute(string data, string key = "")
{
if (string.IsNullOrEmpty(key))
{
key = ConfigurationManager.AppSettings["Key1"];
}
return(HmacHelper.Compute(ZaloPayHMAC.HMACSHA256, key, data));
}
public IActionResult Signup()
{
var username = HttpContext.Request.Form["username"];
var password = HttpContext.Request.Form["password"];
var sign = HmacHelper.HmacSha1ToBase64(username, password);
Console.WriteLine(HttpContext.Request.Host.Value);
//return RedirectToRoute("HttpContext.Request.Host.Value" + "/api/token", new { username, sign });
return(new JsonResult(new { username, usersign = sign })); //RedirectToRoute("/api/token", "username="******"&usersign=" + sign);
}
public static bool VerifyCallback(string data, string requestMac)
{
try
{
string mac = HmacHelper.Compute(ZaloPayHMAC.HMACSHA256, ConfigurationManager.AppSettings["Key2"], data);
return(requestMac.Equals(mac));
} catch
{
return(false);
}
}
public static bool VerifyCallback(string data, string requestMac)
{
try
{
string mac = HmacHelper.Compute(ZaloPayHMAC.HMACSHA256, Constants.KEY1, data);
return(requestMac.Equals(mac));
} catch
{
return(false);
}
}
public void TestCalculateHmac()
{
string message = "amount=100¤cy=EUR";
string expectedHex = "b436e3e86cb3800b3864aeecc8d06c126f005e7645803461717a8e4b2de3a905";
// Test out the HMAC hash method
string key = "57617b5d2349434b34734345635073433835777e2d244c31715535255a366773755a4d70532a5879793238235f707c4f7865753f3f446e633a21575643303f66";
var hmacHelper = new HmacHelper();
string hashHMACHex = hmacHelper.CalculateHashHMACHex(key, message);
// Assert
Assert.Equal(expectedHex, hashHMACHex);
}
private Task <ClaimsIdentity> GetIdentity(string username, string userSign)
{
//从数据库中读取对应用户的密码计算HMAC
var sign = HmacHelper.HmacSha1ToBase64(username, "TEST123");
Console.WriteLine(sign);
// Don't do this in production, obviously!
if (sign == userSign)
{
return(Task.FromResult(new ClaimsIdentity(new GenericIdentity(username, "Token"), new Claim[] { })));
}
// Credentials are invalid, or account doesn't exist
return(Task.FromResult <ClaimsIdentity>(null));
}
public Task <string> CreateOrderAsync(Booking booking, long amount, string description)
{
string secret = "MbRYDmFmFTVl11Dp8KqUYmeSPpUnEYnr";
long amountVnd = amount * 21000;
string partnerCode = "MOMOLEEQ20210615";
string accessKey = "XGqCNhlAZAtL0lGD";
string requestId = Utils.GetTimeStamp().ToString();
string orderId = Guid.NewGuid().ToString();
string orderInfo = description;
string url = (Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") == "Production"? "https://etour-client.azurewebsites.net/booking/momoconfirm" : "https://localhost:44323/booking/momoconfirm") + $"?id={booking.ID}";
string requestType = "captureMoMoWallet";
string extraData = "";
var httpWebRequest = (HttpWebRequest)WebRequest.Create("https://test-payment.momo.vn/gw_payment/transactionProcessor");
httpWebRequest.ContentType = "application/json";
httpWebRequest.Method = "POST";
using (var streamWriter = new StreamWriter(httpWebRequest.GetRequestStream()))
{
string json = new JavaScriptSerializer().Serialize(new
{
partnerCode,
accessKey,
requestId,
amount = amountVnd.ToString(),
orderId,
orderInfo,
returnUrl = url,
notifyUrl = url,
requestType,
signature = HmacHelper.Compute(key: secret, message: $"partnerCode={partnerCode}&accessKey={accessKey}&requestId={requestId}&amount={amountVnd.ToString()}&orderId={orderId}&orderInfo={orderInfo}&returnUrl={url}¬ifyUrl={url}&extraData={extraData}"),
extraData
});
streamWriter.Write(json);
}
var httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();
using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
{
var result = streamReader.ReadToEnd();
Console.WriteLine(result);
return(Task.FromResult <string>(((dynamic) new JavaScriptSerializer().DeserializeObject(result)).payUrl));
}
}
public async Task <User> Register(User user, string password)
{
if (user == null)
{
return(null);
}
// The password must be a not empty string
if (string.IsNullOrWhiteSpace(password))
{
return(null);
}
(user.PasswordHash, user.PasswordSalt) = HmacHelper.ComputeHashSalt(password);
await _context.Users.AddAsync(user);
await _context.SaveChangesAsync();
return(user);
}
public IActionResult Get([FromQuery] AdyenPaymentResponse request)
{
// check payment
var list = new SortedList <string, string>();
list.Add(nameof(request.shopperLocale), request.shopperLocale);
list.Add(nameof(request.authResult), request.authResult);
list.Add(nameof(request.merchantReference), request.merchantReference);
list.Add(nameof(request.merchantReturnData), request.merchantReturnData);
list.Add(nameof(request.skinCode), request.skinCode);
list.Add(nameof(request.paymentMethod), request.paymentMethod);
list.Add(nameof(request.pspReference), request.pspReference);
var messageToSign = string.Concat(string.Join(":", list.Keys), ":", string.Join(":", list.Values.Select(x => x.Replace("\\", "\\\\").Replace(":", "\\:"))));
var sign = new HmacHelper().CalculateHashHMACHex(paymentSettings.HmacKey, messageToSign);
if (sign == request.merchantSig)
{
var returnUrl = request.merchantReturnData.Replace("_qm_", "?").Replace("_amp_", "&");// todo: rework this hotfix
return(Redirect(returnUrl));
}
return(BadRequest());
}
private async Task <T> MakeRequestAsync <T>(HttpMethod method, string route, object body = null, Dictionary <string, string> parameters = null)
{
SortedDictionary <string, string> sortedParameters = parameters == null
? sortedParameters = new SortedDictionary <string, string>()
: sortedParameters = new SortedDictionary <string, string>(parameters);
// Uncomment the HttpClientHandler to run requests through Fiddler to aid debugging
using (var httpClient = new HttpClient(/*new HttpClientHandler { Proxy = new WebProxy("localhost:8888", true), UseDefaultCredentials = true }*/))
{
httpClient.Timeout = _timeout;
// Set required headers
httpClient.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue(_jsonContentType));
httpClient.DefaultRequestHeaders.UserAgent.Add(
new ProductInfoHeaderValue("luno_dotnet", "0.0.1")); // TODO: make this reaaal
httpClient.BaseAddress = new Uri(_baseUrl);
var path = $"/v{_version}{route}";
// Add additional required parameters
sortedParameters.Add("key", _apiKey);
sortedParameters.Add("timestamp", $"{DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ss.fff")}Z");
// Create signature
var signatureDatum = $"{method.ToString()}:{path}?{sortedParameters.ToQueryString()}";
if (body != null)
{
signatureDatum += $":{JsonConvert.SerializeObject(body)}";
}
var signature = HmacHelper.ComputeHmacSha512Hash(signatureDatum, _secretKey).ToLower();
sortedParameters.Add("sign", signature);
path = $"{path}?{sortedParameters.ToQueryString()}";
HttpResponseMessage response = null;
switch (method)
{
case HttpMethod.GET:
response = await httpClient.GetAsync(path);
break;
case HttpMethod.POST:
response = await httpClient.PostAsync(path,
new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, _jsonContentType));
break;
case HttpMethod.PUT:
response = await httpClient.PutAsync(path,
new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, _jsonContentType));
break;
case HttpMethod.PATCH:
response = await httpClient.PatchAsync(path,
new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, _jsonContentType));
break;
case HttpMethod.DELETE:
response = await httpClient.DeleteAsync(path);
break;
default:
throw new NotImplementedException($"The http method '{method.ToString()}' is not supported.");
}
// read the response content into a string
var responseContent = await response.Content.ReadAsStringAsync();
// if the response was a success: deserialize the response and then return it.
if (response.IsSuccessStatusCode)
{
return(JsonConvert.DeserializeObject <T>(responseContent));
}
// otherwise, deserialize it into an error response and throw it
var errorResponse = JsonConvert.DeserializeObject <ErrorResponse>(responseContent);
if (errorResponse == null)
{
response.EnsureSuccessStatusCode();
}
throw new LunoApiException(errorResponse);
}
}
public string ComputeMac()
{
return(HmacHelper.Compute(ZaloPayHMAC.HMACSHA256, Constants.APP_ID, GetMacData()));
}
public string ComputeMac()
{
return(HmacHelper.Compute(ZaloPayHMAC.HMACSHA256, ConfigurationManager.AppSettings["Key1"], GetMacData()));
}
