public ISession Login(string username, string password) { Utility.Username_Check(username); Utility.Password_Check(password); using (var context = new SiteContext(_connectionString)) using (SHA256 sha256 = SHA256.Create()) { var site = context.Sites.SingleOrDefault(a => a.SiteName == Name); if (site is null) throw new InvalidOperationException(); var user = site.Users.SingleOrDefault(a => a.Username == username); if (user is null || user.Password != Utility.Hash(sha256,password)) return null; var session = site.Sessions.SingleOrDefault(a => a.User.Username == username); if (session is null) { var id = Guid.NewGuid().ToString(); var tupla = new SessionDb() { Id = id, ValidUntil = _alarmClock.Now.AddSeconds(site.SessionExpirationTimeInSeconds), User = user, SiteName = Name }; context.Sessions.Add(tupla); context.SaveChanges(); return new Session(_connectionString, _alarmClock, tupla.Id, tupla.ValidUntil, new User(username, this, _connectionString, _alarmClock), this); } session.ValidUntil = _alarmClock.Now.AddSeconds(site.SessionExpirationTimeInSeconds); context.SaveChanges(); return GetSession(session.Id); } }
public void Dispose() { if (null != SessionDb) { SessionDb.Dispose(); SessionDb = null; } }
public void Logout(SessionDb sessionDb) { context.Response.Cookies.Delete(AUTH_SESSION); dbContext.Sessions.Remove(sessionDb); // Fix: Currently we have to null out any refrences to sessions. Is there a way to say that references might be invalid? var messages = dbContext.Messages.Include(x => x.Session).Where(x => x.Session.Id == sessionDb.Id).ToList(); dbContext.SaveChanges(); }
public long NewSession(int userId) { using (var transaction = _dbContext.Database.BeginTransaction()) { var sessionDb = new SessionDb(userId) { Active = true }; _dbContext.Sessions.Add(sessionDb); _dbContext.SaveChanges(); transaction.Commit(); return(sessionDb.Id); } }
public void SetSession(SessionDb newSession) { if (newSession == null) { throw new Exception("Trying to set null session"); } if (session != null) { throw new Exception("Session has already been set"); } session = newSession; }
private SessionDb GenerateSession(UserDb user) { var newRefreshKey = GetRandom(47); var newRefreshSalt = GetRandom(17); var newSessionKey = GetRandom(32); var newSessionDb = new SessionDb { User = user, Created = DateTime.UtcNow, SessionKey = newSessionKey, RefreshKey = GetRefreshKeyHashed(newRefreshKey, newRefreshSalt), RefreshSalt = newRefreshSalt, }; dbContext.Sessions.Add(newSessionDb); dbContext.SaveChanges(); var newSessionDto = new SessionDto { Id = newSessionDb.Id, SessionKey = Convert.ToBase64String(newSessionKey), RefreshKey = Convert.ToBase64String(newRefreshKey), }; var authOptions = new CookieOptions { MaxAge = TimeSpan.FromDays(61), SameSite = SameSiteMode.Strict, Secure = true, HttpOnly = true, }; var sessionJson = JsonSerializer.Serialize(newSessionDto); var sessionJsonBytes = System.Text.Encoding.UTF8.GetBytes(sessionJson); var sessionBase64 = Convert.ToBase64String(sessionJsonBytes); context.Response.Cookies.Append(AUTH_SESSION, sessionBase64, authOptions); return(newSessionDb); }