public User AuthenticateUser(
string username,
string password)
{
#region Pre-conditions
if (string.IsNullOrEmpty(username))
{
throw new ArgumentNullException(nameof(username));
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException(nameof(password));
}
#endregion
var user = _context.Users.SingleOrDefault(x => x.Username == username);
if (user == null)
{
throw new NotFoundException();
}
if (!PasswordUtil.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt))
{
// We throw the same exception as above to hide the real reason, no need the make the user any smarter
throw new NotFoundException();
}
return(UserMapper.Map(user));
}
public async Task <IActionResult> Login([FromBody] LoginDto loginDto)
{
var user = await _context.Users.FirstOrDefaultAsync(x => x.Email == loginDto.Email);
if (user == null || !PasswordUtil.VerifyPasswordHash(loginDto.Password, user.PasswordHash, user.PasswordSalt))
{
return(NotFound());
}
var tokenString = GetToken(user);
return(Ok(new { token = tokenString }));
}
private void CheckUser(User userToCreate, User createdUser, string providedPass)
{
Assert.NotNull(createdUser);
Assert.Equal(userToCreate.Username, createdUser.Username);
Assert.True(createdUser.Id > 0);
Assert.NotNull(createdUser.PasswordHash);
Assert.NotEmpty(createdUser.PasswordHash);
Assert.NotNull(createdUser.PasswordSalt);
Assert.NotEmpty(createdUser.PasswordSalt);
Assert.True(PasswordUtil.VerifyPasswordHash(providedPass, createdUser.PasswordHash, createdUser.PasswordSalt));
}
public async Task <User> Login(string username, string password)
{
var user = await context.Users.FirstOrDefaultAsync(x => x.Username == username);
if (user == null)
{
return(null);
}
if (!PasswordUtil.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt))
{
return(null);
}
return(user);
}
public ChangePasswordValidator(DataContext context)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
RuleFor(x => x.Id)
.MustAsync((id, token) => context.Users.AnyAsync(u => u.Id == id, token))
.WithMessage("User not found");
RuleFor(x => x.Model.Password)
.MustAsync(async(request, password, token) =>
{
var user = await context.Users.FirstOrDefaultAsync(u => u.Id == request.Id);
return(user != null && PasswordUtil.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt));
})
.WithMessage("Username or password is incorrect");
}
public LoginValidator(DataContext dataContext)
{
CascadeMode = CascadeMode.StopOnFirstFailure;
RuleFor(x => x.Model.Username)
.MustAsync((username, token) => dataContext.Users.AnyAsync(u => u.Username == username, token))
.WithMessage("User not found")
.MustAsync((username, token) => dataContext.Users.AnyAsync(u => u.Username == username && u.IsActivated))
.WithMessage("Account is not activated");
RuleFor(x => x.Model.Password)
.MustAsync(async(request, password, token) =>
{
var user = await dataContext.Users.FirstOrDefaultAsync(u => u.Username == request.Model.Username);
return(user != null && PasswordUtil.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt));
})
.WithMessage("Username or password is incorrect");
}
