/// <summary> /// check if user has login. /// </summary> /// <param name="actionContext"></param> public override void OnActionExecuting(HttpActionContext actionContext) { //TODO 开发阶段关闭校验 string authToken = WebUtils.GetAuthToken(actionContext.Request); var userData = UserLoginCache.FindUser(authToken); //admin has operation right. if (userData.UserName == "admin") { return; } var idPair = actionContext.ActionArguments.First(t => t.Key == "id"); if (string.IsNullOrEmpty(idPair.Key)) { Restrict(actionContext); } else { var id = idPair.Value; //if query param id is not the authorize token id,the user has not operation right. if (Convert.ToInt32(id) != userData.ID) { Restrict(actionContext); } } }
private bool AddUserCache() { bool result = UserLoginCache.AddUserCache(tokenKey, new User() { Id = 1, Name = "testname", Password = "******", UserName = "******" }); return(result); }
/// <summary> /// User logout. /// </summary> /// <param name="authToken">User's authorized token.</param> /// <returns></returns> public Task <string> Logout(string authToken) { return(Task.Run(() => { if (UserLoginCache.ContainsKey(authToken)) { bool result = UserLoginCache.RemoveCache(authToken); return result ? ResponseSuccess.Json() : ResponseFail.Json("", "注销失败,请重试"); } else { return ResponseSuccess.Json(); } })); }
public void TestLogin_Fail_AuthTokenOutTime() { var timeStamp = Convert.ToString(Utils.TimeStamp()); var result = service.Login(new LoginDTO { UserName = "******", Password = "******", Token = Utils.LoginToken("admin", timeStamp), TimeStamp = timeStamp }); Task.WaitAll(result); var response = Winxuan.Infrastructure.WebUtils.DeserializeObject <LoginUserInfo>(result.Result); UserLoginCache.FindUser(response.Data.AuthToken).CacheDay = DateTime.Now.AddDays(-1000); result = service.Login(new LoginDTO { AuthToken = response.Data.AuthToken }); Task.WaitAll(result); var newResponse = Winxuan.Infrastructure.WebUtils.DeserializeObject(result.Result); Assert.IsFalse(newResponse.Status); }
public void TestFindUser() { AddUserCache(); LoginUserInfo info = UserLoginCache.FindUser(tokenKey); Assert.IsNotNull(info); info = UserLoginCache.FindUser("&&&&&"); Assert.IsNotNull(info); bool exception = false; try { UserLoginCache.FindUser(""); } catch { exception = true; } Assert.IsTrue(exception); }
/// <summary> /// User login. /// </summary> /// <param name="dto">Login information.</param> /// <returns></returns> public Task <string> Login(LoginDTO login) { return(Task.Run(() => { if (login == null) { return ResponseFail.Json("", "用户名和密码为空"); } else if (!string.IsNullOrEmpty(login.AuthToken)) { LoginUserInfo userInfo = UserLoginCache.FindUser(login.AuthToken); if (userInfo.ID == 0) { return ResponseFail.Json("[AuthToken]无效"); } if (!userInfo.OutTime()) { return ResponseSuccess.Json(UserLoginCache.FindUser(login.AuthToken)); } } else if (string.IsNullOrEmpty(login.UserName)) { return ResponseFail.Json("", "用户名为空"); } else if (string.IsNullOrEmpty(login.Password)) { return ResponseFail.Json("", "密码为空"); } else if (string.IsNullOrEmpty(login.TimeStamp)) { return ResponseFail.Json("", "参数异常,请检查[TimeStamp]"); } else if (!Utils.CompareMD5(login.Token, string.Format("{0}-{1}", login.UserName, login.TimeStamp))) { return ResponseFail.Json("", "参数异常,请检查[Token]"); } User user = context.Users.ToList().Find(t => t.UserName == login.UserName); if (user == null) { return CheckLoginInfo(); } else if (string.IsNullOrEmpty(user.Password)) { return ResponseFail.Json("", "未设置密码"); } else { if (user.Password == login.Password) { string token = Utils.MD5(string.Format("{0}-{1}-{2}", user.UserName, login.TimeStamp, DateTime.Now.ToUniversalTime().ToString())); UserLoginCache.AddUserCache(token, user); return ResponseSuccess.Json(UserLoginCache.FindUser(token)); } else { return CheckLoginInfo(); } } })); }
public void TestRemoveCache() { AddUserCache(); Assert.IsTrue(UserLoginCache.RemoveCache(tokenKey)); Assert.IsTrue(UserLoginCache.RemoveCache("&&&&&")); }
public void TestIsLogin() { AddUserCache(); Assert.IsTrue(UserLoginCache.IsLogin(tokenKey)); }
public void TestContainsKey() { AddUserCache(); Assert.IsTrue(UserLoginCache.ContainsKey(tokenKey)); Assert.IsFalse(UserLoginCache.ContainsKey("&&&&&")); }