public async Task <GoodFoodUser> GetUser(string username)
{
var user = new GoodFoodUser();
bool isUserExist = false;
string selectCommandText = "dbo.getUser";
SqlParameter parameterUsername = new SqlParameter("@username", SqlDbType.VarChar);
parameterUsername.Value = username;
using (SqlDataReader reader = await SqlHelper.ExecuteReaderAsync(conStr, selectCommandText,
CommandType.StoredProcedure, parameterUsername))
{
while (reader.Read())
{
isUserExist = true;
user.Username = reader["user_name"].ToString();
var pass = ObjectToByteArray(reader["user_password_hash"]);
user.PasswordHash = pass;
var salt = ObjectToByteArray(reader["user_password_salt"]);
user.PasswordSalt = salt;
user.Id = (int)reader["user_id"];
}
await reader.CloseAsync();
}
return(isUserExist ? user : null);
}
public async Task <GoodFoodUser> GetUser(string userName)
{
try
{
var user = new GoodFoodUser();
bool isUserExist = false;
string selectCommandText = @"SELECT * FROM GoodFoodUser WHERE UserName=@userName";
SqlParameter user_name = new SqlParameter("@userName", SqlDbType.VarChar);
user_name.Value = userName;
using (SqlDataReader reader = await SqlHelper.ExecuteReaderAsync(conStr, selectCommandText,
CommandType.Text, user_name))
{
while (reader.Read())
{
isUserExist = true;
user.Username = (string)reader["UserName"];
user.Password = (byte[])reader["UserPassword"];
user.PasswordSalt = (byte[])reader["UserPasswordSalt"];
user.Id = (int)reader["UserId"];
}
await reader.CloseAsync();
}
return(isUserExist ? user : null);
}
catch (System.Exception)
{
throw new Exception("Problem get user");
}
}
public async Task <GoodFoodUser> Register(string userName, string password)
{
try
{
byte[] passwordHash, passwordSalt;
CreatePasswordHash(password, out passwordHash, out passwordSalt);
string insertCommandText = @"INSERT
INTO
GoodFoodUser (UserName, UserPassword, UserPasswordSalt)
VALUES
(@userName,@passwordHash,@passwordSalt)";
SqlParameter user_name = new SqlParameter("@userName", userName);
SqlParameter user_password = new SqlParameter("@passwordHash", passwordHash);
SqlParameter user_password_salt = new SqlParameter("@passwordSalt", passwordSalt);
Int32 rows = await SqlHelper.ExecuteNonQueryAsync(
conStr,
insertCommandText,
CommandType.Text,
user_name,
user_password,
user_password_salt);
if (rows >= 1)
{
var user = new GoodFoodUser
{
Username = userName
};
return(user);
}
return(null);
}
catch (System.Exception)
{
throw new Exception("Problem creating user");
}
}
public string CreateToken(GoodFoodUser user)
{
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.NameId, user.Username)
};
// generate signing credentials
var creds = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddMonths(1),
SigningCredentials = creds
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return(tokenHandler.WriteToken(token));
}
public async Task <GoodFoodUser> VerifyUser(string userName, string password)
{
try
{
string selectCommandText = @"SELECT * FROM GoodFoodUser WHERE UserName=@userName";
SqlParameter user_name = new SqlParameter("@userName", SqlDbType.VarChar);
user_name.Value = userName;
var userFromDB = new GoodFoodUser();
bool isUserInDb = false;
using (SqlDataReader reader = await SqlHelper.ExecuteReaderAsync(conStr, selectCommandText,
CommandType.Text, user_name))
{
while (reader.Read())
{
isUserInDb = true;
var pass = reader["UserPassword"];
var salt = reader["UserPasswordSalt"];
if (!verifyPasswordHash(password, (byte[])pass, (byte[])salt))
{
throw new RestException(HttpStatusCode.Unauthorized, new { User = "******" });
}
userFromDB.Username = reader["UserName"].ToString();
}
await reader.CloseAsync();
}
return(isUserInDb ? userFromDB : null);
}
catch (System.Exception)
{
throw new Exception("Problem get user");
}
}
