public static PersonDto Authenticate(string pLogin, string pPassword)
{
using (var _db = new Rbr_Db()) {
var _person = PersonManager.GetByLogin(_db, pLogin);
if (_person == null)
{
return(null);
}
var _shp = SaltHashedPwd.FromSaltHashedPwd(_person.Password, _person.Salt);
if (!_shp.Verify(pPassword))
{
TimokLogger.Instance.LogRbr(LogSeverity.Error, "PersonController.Authenticate", string.Format("Person password NOT valid!!! [Login: {0}] [Status: {1}]", _person.Login, _person.Status));
return(null);
}
//TODO: ??? is Status.InUse valid for login, or should we restrict it ???
if (_person.Status == Status.Active || _person.Status == Status.InUse)
{
return(_person);
}
TimokLogger.Instance.LogRbr(LogSeverity.Error, "PersonController.Authenticate", string.Format("Person Status IS NOT Active!!! [Login: {0}] [Status: {1}]", _person.Login, _person.Status));
return(null);
}
}
public static Result Save(PersonDto pPerson)
{
//IMPORTANT: !!! SALT MUST BE THE SAME ON ALL SERVERS, SALT MUST BE SET ONLY ONCE !!!
//that's why it's set outside of the transaction, so we can replicate it to other servers
string _salt = SaltHashedPwd.CreateRandomSalt();
return(SafeSave(pPerson, _salt));
}
internal static void Save(Rbr_Db pDb, string pSalt, PersonDto pPerson)
{
bool _isNew = pPerson.PersonId == 0;
try {
PersonRow _personRow;
ContactInfoRow _contactInfoRow;
mapToPersonRow(pPerson, out _personRow, out _contactInfoRow);
if (_personRow != null)
{
PersonRow _existingPersonRow = pDb.PersonCollection.GetByPrimaryKey(_personRow.Person_id);
if (_existingPersonRow != null)
{
if (_existingPersonRow.Password != _personRow.Password)
{
//-- At this point the PWD should be in a clear form, rewrite it with Hashed value
SaltHashedPwd _sh = SaltHashedPwd.FromClearPwd(_personRow.Password, _personRow.Salt);
_personRow.Password = _sh.Value;
pPerson.Password = _personRow.Password;
}
if (_contactInfoRow != null)
{
if (_contactInfoRow.Contact_info_id == 0)
{
pDb.ContactInfoCollection.Insert(_contactInfoRow);
_personRow.Contact_info_id = _contactInfoRow.Contact_info_id;
}
else
{
pDb.ContactInfoCollection.Update(_contactInfoRow);
}
}
pDb.PersonCollection.Update(_personRow);
}
else
{
pDb.ContactInfoCollection.Insert(_contactInfoRow);
_personRow.Contact_info_id = _contactInfoRow.Contact_info_id;
_personRow.Salt = pSalt;
SaltHashedPwd _sh = SaltHashedPwd.FromClearPwd(_personRow.Password, _personRow.Salt);
_personRow.Password = _sh.Value;
pPerson.Password = _personRow.Password;
pDb.PersonCollection.Insert(_personRow);
pPerson.PersonId = _personRow.Person_id;
}
}
}
catch (AlternateKeyException) {
if (_isNew)
{
pPerson.PersonId = 0; //reset it in case of err
}
throw new LoginNameAlreadyInUseException();
}
}
/// <summary>
/// IMPORTANT: !!! SALT MUST BE THE SAME ON ALL SERVERS !!!
/// IMPORTANT: !!! SALT MUST BE SET ONLY ONCE !!!
/// that's why it's set outside of the transaction, so we can replicate it to other servers
/// </summary>
/// <param name="pPartner"></param>
public static void Save(PartnerDto pPartner)
{
//ControllerHelper.SetSalt(pPartner.Employees);
string _salt = SaltHashedPwd.CreateRandomSalt();
if (pPartner.PartnerId == 0)
{
Add(_salt, pPartner);
}
else
{
Update(_salt, pPartner);
}
}
public static void Save(RetailAccountDto pRetailAccount)
{
//IMPORTANT: !!! SALT MUST BE THE SAME ON ALL SERVERS !!!
//IMPORTANT: !!! SALT MUST BE SET ONLY ONCE !!!
//that's why it's set outside of the transaction, so we can replicate it to other servers
string _salt = SaltHashedPwd.CreateRandomSalt();
if (pRetailAccount.RetailAcctId == 0)
{
Add(_salt, pRetailAccount);
}
else
{
Update(_salt, pRetailAccount);
}
}