protected void SetPassword(UserViewFull user, string newPassword)
{
var salt = hashService.GetSalt();
user.salt = Convert.ToBase64String(salt);
user.password = Convert.ToBase64String(hashService.GetHash(newPassword, salt));
}
protected bool Verify(UserViewFull user, string password)
{
//Get hash for given password using old hash to authenticate
var hash = hashService.GetHash(password, Convert.FromBase64String(user.salt));
return(hash.SequenceEqual(Convert.FromBase64String(user.password)));
}
public void TestUserConvert()
{
var service = CreateService <UserViewSource>();
//Just some standard content view
var view = new UserViewFull()
{
username = "******",
password = "******",
salt = "thesearebytefieldsbro",
avatar = 88,
email = "*****@*****.**",
registrationKey = "12345",
special = "wowzers",
hidelist = new List <long>()
{
5, 8, 99
}
};
FillHistoricView(view);
var temp = service.FromView(view);
var view2 = service.ToView(temp);
Assert.Equal(view, view2);
}
protected Task <UserViewFull> SpecialWrite(UserViewFull original, UserViewFull updated, Requester requester)
{
//All of these force a public update, which is honestly simpler
if (original.avatar != updated.avatar || original.username != updated.username ||
original.special != updated.special)
{
return(service.WriteAsync(updated, requester));
}
else
{
return(service.WriteSpecialAsync(original.id, requester, p =>
{
//Regardless of if these were updated or not, set them anyway. Shouldn't do any harm...
service.Source.SetEmail(p, updated);
service.Source.SetHidelist(p, updated);
service.Source.SetPassword(p, updated);
}));
}
}
public async Task <ActionResult <string> > Authenticate([FromBody] UserAuthenticate user)
{
UserViewFull userView = null;
var requester = GetRequesterNoFail();
if (user.username != null)
{
userView = await service.FindByUsernameAsync(user.username, requester);
}
else if (user.email != null)
{
userView = await service.FindByEmailAsync(user.email, requester);
}
//Should this be the same as bad password? eeeehhhh
if (userView == null)
{
return(BadRequest("Must provide a valid username or email!"));
}
if (!string.IsNullOrWhiteSpace(userView.registrationKey)) //There's a registration code pending
{
return(BadRequest("You must confirm your email first"));
}
if (!Verify(userView, user.password))
{
return(BadRequest("Password incorrect!"));
}
TimeSpan?expireOverride = null;
//Note: this allows users to create ultimate super long tokens for use like... forever. Until we get
//the token expirer set up, this will be SCARY
if (user.ExpireSeconds > 0)
{
expireOverride = TimeSpan.FromSeconds(user.ExpireSeconds);
}
return(GetToken(userView.id, expireOverride));
}
public ModuleViewServiceTests()
{
userService = CreateService <UserViewService>();
superUser = userService.WriteAsync(new UserViewFull()
{
username = "******"
}, system).Result;
basicUser = userService.WriteAsync(new UserViewFull()
{
username = "******"
}, system).Result;
super = new Requester()
{
userId = superUser.id
};
basic = new Requester()
{
userId = basicUser.id
};
sysConfig.SuperUsers.Add(superUser.id);
}
