/// <summary>
/// check if user has login.
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
//TODO 开发阶段关闭校验
string authToken = WebUtils.GetAuthToken(actionContext.Request);
var userData = UserLoginCache.FindUser(authToken);
//admin has operation right.
if (userData.UserName == "admin")
{
return;
}
var idPair = actionContext.ActionArguments.First(t => t.Key == "id");
if (string.IsNullOrEmpty(idPair.Key))
{
Restrict(actionContext);
}
else
{
var id = idPair.Value;
//if query param id is not the authorize token id,the user has not operation right.
if (Convert.ToInt32(id) != userData.ID)
{
Restrict(actionContext);
}
}
}
private bool AddUserCache()
{
bool result = UserLoginCache.AddUserCache(tokenKey, new User()
{
Id = 1, Name = "testname", Password = "******", UserName = "******"
});
return(result);
}
/// <summary>
/// User logout.
/// </summary>
/// <param name="authToken">User's authorized token.</param>
/// <returns></returns>
public Task <string> Logout(string authToken)
{
return(Task.Run(() =>
{
if (UserLoginCache.ContainsKey(authToken))
{
bool result = UserLoginCache.RemoveCache(authToken);
return result ? ResponseSuccess.Json() : ResponseFail.Json("", "注销失败,请重试");
}
else
{
return ResponseSuccess.Json();
}
}));
}
public void TestLogin_Fail_AuthTokenOutTime()
{
var timeStamp = Convert.ToString(Utils.TimeStamp());
var result = service.Login(new LoginDTO {
UserName = "******", Password = "******", Token = Utils.LoginToken("admin", timeStamp), TimeStamp = timeStamp
});
Task.WaitAll(result);
var response = Winxuan.Infrastructure.WebUtils.DeserializeObject <LoginUserInfo>(result.Result);
UserLoginCache.FindUser(response.Data.AuthToken).CacheDay = DateTime.Now.AddDays(-1000);
result = service.Login(new LoginDTO {
AuthToken = response.Data.AuthToken
});
Task.WaitAll(result);
var newResponse = Winxuan.Infrastructure.WebUtils.DeserializeObject(result.Result);
Assert.IsFalse(newResponse.Status);
}
public void TestFindUser()
{
AddUserCache();
LoginUserInfo info = UserLoginCache.FindUser(tokenKey);
Assert.IsNotNull(info);
info = UserLoginCache.FindUser("&&&&&");
Assert.IsNotNull(info);
bool exception = false;
try
{
UserLoginCache.FindUser("");
}
catch
{
exception = true;
}
Assert.IsTrue(exception);
}
/// <summary>
/// User login.
/// </summary>
/// <param name="dto">Login information.</param>
/// <returns></returns>
public Task <string> Login(LoginDTO login)
{
return(Task.Run(() =>
{
if (login == null)
{
return ResponseFail.Json("", "用户名和密码为空");
}
else if (!string.IsNullOrEmpty(login.AuthToken))
{
LoginUserInfo userInfo = UserLoginCache.FindUser(login.AuthToken);
if (userInfo.ID == 0)
{
return ResponseFail.Json("[AuthToken]无效");
}
if (!userInfo.OutTime())
{
return ResponseSuccess.Json(UserLoginCache.FindUser(login.AuthToken));
}
}
else if (string.IsNullOrEmpty(login.UserName))
{
return ResponseFail.Json("", "用户名为空");
}
else if (string.IsNullOrEmpty(login.Password))
{
return ResponseFail.Json("", "密码为空");
}
else if (string.IsNullOrEmpty(login.TimeStamp))
{
return ResponseFail.Json("", "参数异常,请检查[TimeStamp]");
}
else if (!Utils.CompareMD5(login.Token, string.Format("{0}-{1}", login.UserName, login.TimeStamp)))
{
return ResponseFail.Json("", "参数异常,请检查[Token]");
}
User user = context.Users.ToList().Find(t => t.UserName == login.UserName);
if (user == null)
{
return CheckLoginInfo();
}
else if (string.IsNullOrEmpty(user.Password))
{
return ResponseFail.Json("", "未设置密码");
}
else
{
if (user.Password == login.Password)
{
string token = Utils.MD5(string.Format("{0}-{1}-{2}", user.UserName, login.TimeStamp, DateTime.Now.ToUniversalTime().ToString()));
UserLoginCache.AddUserCache(token, user);
return ResponseSuccess.Json(UserLoginCache.FindUser(token));
}
else
{
return CheckLoginInfo();
}
}
}));
}
public void TestRemoveCache()
{
AddUserCache();
Assert.IsTrue(UserLoginCache.RemoveCache(tokenKey));
Assert.IsTrue(UserLoginCache.RemoveCache("&&&&&"));
}
public void TestIsLogin()
{
AddUserCache();
Assert.IsTrue(UserLoginCache.IsLogin(tokenKey));
}
public void TestContainsKey()
{
AddUserCache();
Assert.IsTrue(UserLoginCache.ContainsKey(tokenKey));
Assert.IsFalse(UserLoginCache.ContainsKey("&&&&&"));
}
