public async Task <ActionResult <AuthUserDto> > Register(RegisterDto registerDto) { ActionResult <AuthUserDto> res; if (await UserExists(registerDto.Username)) { res = BadRequest("Username is taken"); } else { using var hmac = new HMACSHA512(); var user = new AppUser { UserName = registerDto.Username.ToLower(), PasswordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(registerDto.Password)), PasswordSalt = hmac.Key, Likes = 0, }; _context.Users.Add(user); await _context.SaveChangesAsync(); res = new AuthUserDto { Username = user.UserName, Token = _tokenService.CreateToken(user) }; } return(res); }
public IActionResult Authenticate([FromBody] AuthUserDto userDto) { var user = _userService.Authenticate(userDto.Username, userDto.Password); if (user == null) { return(BadRequest("Username or password is incorrect")); } var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, user.id.ToString()) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); return(Ok(new { Id = user.id, Username = user.username, Token = tokenString })); }
public async Task <ActionResult <AuthUserDto> > Login(LoginDto loginDto) { ActionResult <AuthUserDto> res; var user = await _context.Users .SingleOrDefaultAsync(x => x.UserName == loginDto.Username); if (user == null) { res = Unauthorized("Invalid username"); } else { using var hmac = new HMACSHA512(user.PasswordSalt); var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(loginDto.Password)); for (int i = 0; i < computedHash.Length; i++) { if (computedHash[i] != user.PasswordHash[i]) { return(Unauthorized("Invalid password")); } } res = new AuthUserDto { Username = user.UserName, Token = _tokenService.CreateToken(user) }; } return(res); }
public async Task <AuthUserDto> Authenticate(string username, string password) { var user = await _userService.GetByExpression(x => x.Username.ToLower() == username.ToLower()); if (user.IsEmpty()) { return(null); } var isValidCredential = Hash.Validate(password, user.Salt, user.Password); if (!isValidCredential) { return(null); } var authUser = new AuthUserDto { UserId = user.ID, Email = user.Email, Role = new UserRole(user.RoleRef), Username = user.Username, FullName = user.FullName, AvatarUrl = user.AvatarUrl, AccessToken = GenerateAccessToken(user), RefreshToken = GenerateRefreshToken(user), }; await StoreUserLogin(authUser.UserId, authUser.AccessToken, authUser.RefreshToken); return(authUser); }
public async Task Authenticate() { // Arrange _appSettings.Secret = "atleast32bitsizedsecretstring"; var authUserDto = new AuthUserDto() { Password = "" }; var password = CryptographyService.HashPassword(""); _userRepository.Setup(x => x.Select(It.IsAny <Expression <Func <UserEntity, bool> > >())) .ReturnsAsync(new List <UserEntity> { new UserEntity { UserName = "******", Password = password, PasswordSalt = "" } }); // Act var service = new AccountService(_appSettings, _logger.Object, _refreshTokenRepository.Object, _userRepository.Object); var result = await service.Authenticate(authUserDto); // Assert Assert.NotNull(result); }
public async Task <AuthUserDto> Authenticate(string phoneNo, string password) { var customer = await GetByExpression(x => x.PhoneNo == phoneNo); if (customer.IsEmpty()) { return(null); } var isValidCredential = Hash.Validate(password, customer.Auth.Salt, customer.Auth.Password); if (!isValidCredential) { return(null); } var authUser = new AuthUserDto { UserId = customer.ID, PhoneNo = customer.PhoneNo, Email = customer.Email, Role = null, Username = null, FullName = customer.FullName, AvatarUrl = customer.AvatarUrl, AccessToken = GenerateAccessToken(customer), RefreshToken = GenerateRefreshToken(customer), }; await StoreCustomerLogin(authUser.UserId, authUser.AccessToken, authUser.RefreshToken); return(authUser); }
public async Task AuthenticateAsync_ReturnsNull_WhenInvalidInput() { //ARRANGE var dto = new AuthUserDto() { UserName = "******", Password = "" }; var dto2 = new AuthUserDto() { UserName = "", Password = "******" }; var dto3 = new AuthUserDto() { UserName = "******", Password = null }; var dto4 = new AuthUserDto() { UserName = null, Password = "******" }; //ACT var result = await service.AuthenticateAsync(dto); var result2 = await service.AuthenticateAsync(dto2); var result3 = await service.AuthenticateAsync(dto3); var result4 = await service.AuthenticateAsync(dto4); //ASSERT Assert.False(result.Succeeded); Assert.False(result2.Succeeded); Assert.False(result3.Succeeded); Assert.False(result4.Succeeded); }
public async Task <UserSession> AuthenticateUser(AuthUserDto dto, IPAddress remoteHost) { var user = DbContext.Users.SingleOrDefault(x => x.Email == dto.Email); //The following valiations can't really be done in the service so i'm doing them here. if (user == null) { throw new DataNotFoundException("Email does not match any account."); } if (user.PasswordHash != dto.Password) { throw new WrongCredentialsException("Email/Password does not match any account."); } UserSession session = new UserSession() { Token = Utilities.StringUtilities.SecureRandom(64, Utilities.StringUtilities.AllowedChars.AlphabetNumbers), RemoteHost = remoteHost, CreationDate = DateTime.UtcNow, ExpiracyDate = dto.ExtendSession ? DateTime.UtcNow.Add(UserSession.ExtendedTokenValidity) : DateTime.UtcNow.Add(UserSession.DefaultTokenValidity), UserId = user.Id }; await ClearSessions(user.Id, remoteHost); //Clear active sessions await DbContext.UserSessions.AddAsync(session); await DbContext.SaveChangesAsync(); return(session); }
public CustomerInfoService(AuthUserDto user) : base(user) { _customerInfoDal = new CustomerInfoDal(user); _groupInfoDal = new GroupInfoDal(user); _userInfoDal = new UserInfoDal(user); _userInfoService = new UserInfoService(user); }
public AuthUserEntity AuthUserDto2AuthUserEntity(AuthUserDto authUserDto) { return(new AuthUserEntity { UserName = authUserDto.UserName, Password = authUserDto.Password }); }
public LoggedInUserDto UserAuthenticate(AuthUserDto authUserDto) { AuthUserEntity authUserEntity = _userMapping.AuthUserDto2AuthUserEntity(authUserDto); LoggedInUserEntity loggedInUserEntity = _userService.UserAuthenticate(authUserEntity); LoggedInUserDto loggedInUserDto = _userMapping.LoggedInUserEntity2LoggedInUserDto(loggedInUserEntity); return(loggedInUserDto); }
public async Task <IActionResult> Authenticate([FromBody] AuthUserDto authBody) { try { var result = await UserService.AuthenticateUser(authBody, HttpContext.Connection.RemoteIpAddress); return(Ok(result)); } catch (Exception ex) { Logger.LogWarning(ex, "An error occured: " + ex.Message ?? "undefined"); return(ExceptionHandlerService.Handle(ex, Request)); } }
public async Task Authenticate_When_Null() { //ARRANGE repo.Setup(x => x.AuthenticateUser(It.IsAny <AuthUserDto>(), It.IsNotNull <IPAddress>())) .ReturnsAsync(new UserSession()); AuthUserDto dto = null; //ACT + ASSERT await Assert.ThrowsExceptionAsync <ArgumentNullException>(() => service.AuthenticateUser(dto, IPAddress.Loopback)); }
public async Task <AuthUserDto> GetUser(string username) { var authUserDto = new AuthUserDto(); var user = await idpUserManagement.GetUserByUsername(username); return(new AuthUserDto { Id = user.Id, Username = user.Username }); }
public async Task <ApiResult> Check([FromBody] AuthUserDto authUserDto) { var _token = await this.accountService.CheckedAsync(authUserDto.UserName, authUserDto.UserPassword, authUserDto.LoginCode); var _tokenType = "Bearer "; return(this.ResultOk(new { token = _token, tokenType = _tokenType })); }
public async Task Login() { // Arrange var authUserDto = new AuthUserDto(); // Act var controller = new AccountController(_logger.Object, _accountService.Object); var result = await controller.Login(authUserDto); // Assert Assert.IsType <OkObjectResult>(result.Result); }
public async Task <AuthUserDto> GetUserById(Guid userId) { var authUserDto = new AuthUserDto(); var user = await userRepository.Get().FirstOrDefaultAsync(); // return authUserDto.FromEntity(user); return(new AuthUserDto { Id = user.Id, Username = user.Username }); }
public User AdminAuthenticate(AuthUserDto authUserDto) { var user = _db.Users.FirstOrDefault(x => x.Email == authUserDto.Email && x.Password == authUserDto.Password && x.Role == "Admin"); //User was not found if (user == null) { return(null); } //User found generate JWT Token return(GenerateToken(user)); }
public IActionResult AdminAuth([FromBody] AuthUserDto userDto) { var user = _uRepo.AdminAuthenticate(userDto); if (user == null) { return(BadRequest(new { message = "Username or password is incorrect." })); } var tokenObj = _mapper.Map <TokenDto>(user); return(Ok(tokenObj)); }
public IActionResult Put(AuthUserDto userDto) { FindUserDto user = this.UsersServices.IsAvailableUser(userDto.Username, userDto.Password); if (user != null) { return(Ok(user)); } else { return(NotFound()); } }
public async Task AuthenticateAsync_ReturnsNull_WhenUserDoesntExist() { //ARRANGE var dto = new AuthUserDto() { UserName = "******", Password = "******" }; //ACT var result = await service.AuthenticateAsync(dto); //ASSERT Assert.False(result.Succeeded); }
public async Task AuthenticateAsync_ReturnsNull_WhenPasswordWrong() { //ARRANGE var dto = new AuthUserDto() { UserName = "******", Password = "******" }; //ACT var result = await service.AuthenticateAsync(dto); //ASSERT Assert.False(result.Succeeded); }
public async Task <AuthUserDto> LoginUser(AuthUserDto user) { var userVal = await _context.AuthUser.FirstOrDefaultAsync(x => x.UserName == user.UserName); if (user == null) { return(null); } if (!VerifyPasswordHash(user.Password, userVal.PasswordHash, userVal.PasswordSalt)) { return(null); } return(user); }
public async Task <IActionResult> Post([FromForm] AuthUserDto loginUser) { if (loginUser == null) { return(BadRequest("Usuário ou Senha nulos")); } if (string.IsNullOrEmpty(loginUser.Email) || string.IsNullOrEmpty(loginUser.Password)) { return(BadRequest("Usuário ou Senha nulos")); } var identity = await GetClaims(loginUser); if (identity == null) { return(await Response(null, new List <Notification> { new Notification("User", "Usuário ou senha inválidos") })); } var jtb = new JwtTokenBuilder() .AddSecurityKey(JwtSecurityKey.Create(_config["secretyKey"])) .AddSubject(_user.Email) .AddIssuer(_config["issuer"]) .AddAudience(_config["audience"]) .AddNameId(_user.Id.ToString()) .AddClaim("Nickname", _user.Nickname) .AddClaim("medclinic", identity) .AddExpiry(2880) .Build(); var response = new { token = jtb, expire = 2, user = new { id = _user.Id, name = _user.Nickname, email = _user.Email } }; var json = JsonConvert.SerializeObject(response, _serializerSettings); return(new OkObjectResult(json)); }
public async Task <UserSessionViewModel> AuthenticateUser(AuthUserDto dto, IPAddress remoteHost) { if (dto is null) { throw new ArgumentNullException(nameof(dto)); } if (remoteHost.AddressFamily != System.Net.Sockets.AddressFamily.InterNetwork && remoteHost.AddressFamily != System.Net.Sockets.AddressFamily.InterNetworkV6) { throw new ArgumentOutOfRangeException(nameof(remoteHost), "Invalid IP Address"); } dto.Password = Utilities.StringUtilities.ComputeHash(dto.Password, System.Security.Cryptography.HashAlgorithmName.SHA512); var session = await UserRepository.AuthenticateUser(dto, remoteHost); return(UserSessionViewModel.FromUserSession(session)); }
public async Task <AuthUserResponse> Authenticate(AuthUserDto authUserDto) { try { _logger.LogDebug("Beginning Authentication"); var userList = await _userRepository.Select(a => a.UserName == authUserDto.Identity || a.Email == authUserDto.Identity); var user = userList.FirstOrDefault(a => CryptographyService.HashPassword(authUserDto.Password + a.PasswordSalt) == a.Password); if (user == null) { throw new AuthenticationException("Invalid user. Check your password and/or username"); } _logger.LogDebug("User found: {@User}", user); var jwtToken = GenerateJwtToken(user); _logger.LogDebug("New token generated: {@JwtToken}", jwtToken); var refreshToken = GenerateRefreshToken(authUserDto.IpAddress); refreshToken.UserId = user.Id; await _refreshTokenRepository.Insert(refreshToken); _refreshTokenRepository.Save(); _logger.LogDebug("New refresh token generated: {@RefreshToken}", refreshToken); var authUserResponse = new AuthUserResponse() { Username = user.UserName, JwtToken = jwtToken, RefreshToken = refreshToken.Token }; _logger.LogDebug("Authentication successful"); return(authUserResponse); } catch (Exception e) { _logger.LogError(e, "Error during authentication"); throw; } }
private Task <string> GetClaims(AuthUserDto loginUser) { var user = _service.GetByEmail(loginUser.Email); if (user == null) { return(Task.FromResult <string>(null)); } if (!user.Authenticate(loginUser.Email, loginUser.Password)) { return(Task.FromResult <string>(null)); } _user = user; return(Task.FromResult(user.Permission.ToString())); }
public async Task <IActionResult> Register([FromBody] AuthUserDto userDto) { // map dto to entity var user = _mapper.Map <auth_user>(userDto); try { // save await _userService.Create(user, userDto.Password); return(Ok()); } catch (AppException ex) { // return error message if there was an exception return(BadRequest(ex.Message)); } }
public async Task Authenticate_When_Valid() { //ARRANGE repo.Setup(x => x.AuthenticateUser(It.IsAny <AuthUserDto>(), It.IsNotNull <IPAddress>())) .ReturnsAsync(new UserSession()); var dto = new AuthUserDto() { Email = "*****@*****.**", Password = "******", ExtendSession = false }; //ACT var result = service.AuthenticateUser(dto, IPAddress.Loopback); //ASSERT Assert.IsNotNull(result); }
public IActionResult Update(int id, [FromBody] AuthUserDto userDto) { // map dto to entity and set id var user = _mapper.Map <auth_user>(userDto); user.id = id; try { // save _userService.Update(user, userDto.Password); return(Ok()); } catch (AppException ex) { // return error message if there was an exception return(BadRequest(ex.Message)); } }