public void Dont_Auth_Correct_User_With_Invalid_Captcha_1()
{
// Arrange
LoginViewModel userData = new LoginViewModel
{
Login = "******",
Password = "******",
Captcha = "bad"
};
string storedPasswordHash = Convert.ToBase64String(HashPassword.HashPass(userData.Password.ToCharArray(), new byte[0]));
IAuthProvider authProv = new FormsAuthProvider(userData.Login, storedPasswordHash, "");
AccountController target = new AccountController(authProv);
SessionStorage storage = SessionStorage.Current;
string captcha = "54asd#213_54WQExz";
storage.CaptchaCode = captcha;
// Act
ActionResult result = target.Login(userData, "#true", storage);
// Assert
Assert.IsInstanceOfType(result, typeof(ViewResult));
Assert.IsFalse(((ViewResult)result).ViewData.ModelState.IsValid);
Assert.IsTrue(storage.UnsucLoginAttempts == 1);
}
public UserModel Login(string username, string password)
{
User user = _userRepository.GetAll().FirstOrDefault(u => u.Username == username);
if (user == null)
{
throw new UserException($"User with username:\"{username}\" does not exist!");
}
string hashedPasswor = HashPassword.HashPass(password);
if (user.Password != hashedPasswor)
{
throw new UserException($"Password does not match with user password with username:\"{username}\"");
}
UserModel userModel = new UserModel()
{
Id = user.Id,
FirstName = user.Firstname,
LastName = user.Lastname,
UserName = user.Username,
};
return(userModel);
}
public RegisterUserResponse RegisterUser(RegisterUserRequest request)
{
var checkUser = _context.Client.Any(p => p.Login.Equals(request.Login) || p.Email.Equals(request.Email));
if (checkUser)
{
throw new UserExistsException();
}
if (!MailValidator.IsValidMail(request.Email))
{
throw new InvalidMail();
}
var salt = SaltGenerator.GenerateSalt();
var hashedPass = HashPassword.HashPass(request.Password, salt);
var client = new Client()
{
FirstName = request.FirstName,
LastName = request.LastName,
Email = request.Email,
Phone = request.Phone,
Login = request.Login,
Password = hashedPass,
Salt = salt
};
var userclaim = new[]
{
new Claim(ClaimTypes.NameIdentifier, Convert.ToString(client.IdClient)),
new Claim(ClaimTypes.Name, request.FirstName),
new Claim(ClaimTypes.Role, "Client")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "AdCompany",
audience: "Clients",
claims: userclaim,
expires: DateTime.Now.AddMinutes(5),
signingCredentials: creds
);
client.RefreshToken = Guid.NewGuid().ToString();
client.ExpireDate = DateTime.Now.AddDays(1);
_context.Client.Add(client);
_context.SaveChanges();
return(new RegisterUserResponse()
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(token), RefreshToken = client.RefreshToken
});
}
public void Register(RegisterModel registerModel)
{
string username = _userRepository.GetAll()
.Where(u => u.Username == registerModel.Username)
.Select(u => u.Username)
.ToString();
if (username != null)
{
throw new UserException($"User with username:{registerModel.Username} already exists!");
}
if (string.IsNullOrWhiteSpace(registerModel.Password) || string.IsNullOrWhiteSpace(registerModel.ConfirmPassword))
{
throw new UserException("Password required!");
}
if (registerModel.Password != registerModel.ConfirmPassword)
{
throw new UserException($"Passwords do not match!");
}
if (string.IsNullOrWhiteSpace(registerModel.FirstName) || string.IsNullOrWhiteSpace(registerModel.LastName))
{
throw new UserException("Both Firstnam and Lastname are required!");
}
if (string.IsNullOrWhiteSpace(registerModel.Username))
{
throw new UserException("Username is required!");
}
string hashedPasswor = HashPassword.HashPass(registerModel.Password);
User user = new User()
{
Firstname = registerModel.FirstName,
Lastname = registerModel.LastName,
Username = registerModel.Username,
Password = hashedPasswor
};
_userRepository.Insert(user);
}
public void Dont_Auth_Incorrect_User()
{
// Arrange
LoginViewModel userData = new LoginViewModel
{
Login = "******",
Password = "******"
};
string storedPasswordHash = Convert.ToBase64String(HashPassword.HashPass("pass".ToCharArray(), new byte[0]));
IAuthProvider authProv = new FormsAuthProvider(userData.Login, storedPasswordHash, "");
AccountController target = new AccountController(authProv);
// Act
ActionResult result = target.Login(userData, "#true", SessionStorage.Current);
// Assert
Assert.IsInstanceOfType(result, typeof(ViewResult));
Assert.IsFalse(((ViewResult)result).ViewData.ModelState.IsValid);
}
public LoginResponse Login(LoginRequest request)
{
var client = _context.Client.FirstOrDefault(p => p.Login == request.Login);
if (client == null)
{
throw new UserNotFound();
}
var passwordToCompare = HashPassword.HashPass(request.Password, client.Salt);
if (!passwordToCompare.Equals(client.Password))
{
throw new UserNotFound();
}
var userclaim = new[]
{
new Claim(ClaimTypes.NameIdentifier, client.IdClient.ToString()),
new Claim(ClaimTypes.Name, client.FirstName),
new Claim(ClaimTypes.Role, "Client"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "AdCompany",
audience: "Clients",
claims: userclaim,
expires: DateTime.Now.AddMinutes(5),
signingCredentials: creds
);
client.RefreshToken = Guid.NewGuid().ToString();
client.ExpireDate = DateTime.Now.AddDays(1);
_context.SaveChanges();
return(new LoginResponse()
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(token), RefreshToken = client.RefreshToken
});
}
public void Auth_Correct_User()
{
// Arrange
LoginViewModel userData = new LoginViewModel
{
Login = "******",
Password = "******"
};
string storedPasswordHash = Convert.ToBase64String(HashPassword.HashPass(userData.Password.ToCharArray(), new byte[0]));
IAuthProvider authProv = new FormsAuthProvider(userData.Login, storedPasswordHash, "");
AccountController target = new AccountController(authProv);
SessionStorage storage = SessionStorage.Current;
// Act
ActionResult result = target.Login(userData, "#true", storage);
// Assert
Assert.IsInstanceOfType(result, typeof(RedirectResult));
Assert.IsTrue(((RedirectResult)result).Url.Contains("#true"));
}
public void RemindPass(string email, string url)
{
// Создаем данные для отправки
// Генерируем код потверждения
string code = JsonConvert.SerializeObject(new { guid = Guid.NewGuid(), login = login });
code = code.Replace('"', '\'');
url = url + "?code=" + code;
char[] newPass = HashPassword.GeneratePassword(6); // Генерируем новый пароль длиной в 6 символов
// Отправляем письмо с паролем и кодом подтверждения
MailSender.SendEmailToNewPass(email, login, newPass, url, MailSender.FromEmailServer.gmail);
logger.Warn(string.Format("Mail to recover access sended to email: '{0}'.", email));
// Сохраняем новый пароль, код подтверждения и дату устаревания в хранилище данных
string newPassHash = Convert.ToBase64String(HashPassword.HashPass(newPass, new byte[0]));
BlogSettings.Current.TurnOnPassRemind(newPassHash, code, DateTime.Now.AddDays(1));
}
public ActionResult SettingsPost(SettingsIndexViewModel model)
{
if (ModelState.IsValid)
{
if (!string.IsNullOrEmpty(model.NewPassword) && string.IsNullOrEmpty(model.CurrentPassword))
{
ModelState.AddModelError("CurrentPassword", "Для смены пароля нужно указать текущий пароль");
}
else if (string.IsNullOrEmpty(model.NewPassword) && !string.IsNullOrEmpty(model.CurrentPassword))
{
ModelState.AddModelError("NewPassword", "Вы не указали новый пароль");
}
}
string newPassHash = null; // если производится корректная смена пароля, то ниже получит значение
if (ModelState.IsValid && !string.IsNullOrEmpty(model.NewPassword))
{
// Берем логин с сервера, потому что на клиенте он мог измениться
if (authProvider.IsValidUser(BlogSettings.Current.AdminLogin, model.CurrentPassword.ToCharArray()))
{
// Получаем хэш пароля
newPassHash = Convert.ToBase64String(
HashPassword.HashPass(model.NewPassword.ToCharArray(), new byte[0]));
}
else
{
ModelState.AddModelError("CurrentPassword", "Указанный пароль не соответствует текущему");
}
}
if (ModelState.IsValid)
{
// Сохранение новых настроек
BlogSettings.Current.ChangeSettings(model.Settings, newPassHash, false);
BlogEngineTK.WebUI.MvcApplication.ClearAppCache();
}
return(View(model));
}
public EnrollStudentResponse EnrollStudent(EnrollStudentRequest request)
{
var response = new EnrollStudentResponse();
using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18963;Integrated Security=True"))
{
using (var com = new SqlCommand())
{
com.Connection = con;
com.CommandText = "Select * From Studies Where Name = @Name";
com.Parameters.AddWithValue("Name", request.Studies);
con.Open();
var trans = con.BeginTransaction();
com.Transaction = trans;
var dr = com.ExecuteReader();
if (!dr.Read())
{
dr.Close();
trans.Rollback();
return(null);
}
int idStudy = (int)dr["IdStudy"];
dr.Close();
com.CommandText = "Select * From Enrollment Where Semester = 1 And IdStudy = @idStudy";
int IdEnrollment = (int)dr["IdEnrollemnt"] + 1;
com.Parameters.AddWithValue("IdStudy", idStudy);
dr = com.ExecuteReader();
if (dr.Read())
{
dr.Close();
com.CommandText = "Select MAX(idEnrollment) as 'idEnrollment' From Enrollment";
dr = com.ExecuteReader();
dr.Close();
DateTime StartDate = DateTime.Now;
com.CommandText = "Insert Into Enrollment(IdEnrollment, Semester, IdStudy, StartDate, Password) Values (@IdEnrollemnt, 1, @IdStudy, @StartDate, @Password)";
com.Parameters.AddWithValue("IdEnrollemnt", IdEnrollment);
com.Parameters.AddWithValue("StartDate", StartDate);
com.ExecuteNonQuery();
}
dr.Close();
com.CommandText = "Select * From Student Where IndexNumber=@IndexNumber";
com.Parameters.AddWithValue("IndexNumber", request.IndexNumber);
dr = com.ExecuteReader();
if (!dr.Read())
{
var salt = SaltGenerator.GenerateSalt();
dr.Close();
com.CommandText = "Insert Into Student(IndexNumber, FirstName, LastName, Birthdate, IdEnrollment, Password, Salt) Value (@IndexNumber, @FirstName, @LastName, @BirthDate, @IdEnrollment, @Password, @Salt)";
com.Parameters.AddWithValue("FirstName", request.FirstName);
com.Parameters.AddWithValue("LastName", request.LastName);
com.Parameters.AddWithValue("BirthDate", request.BirthDate);
com.Parameters.AddWithValue("IdEnrollment", IdEnrollment);
com.Parameters.AddWithValue("Password", HashPassword.HashPass(request.Password, salt));
com.Parameters.AddWithValue("Salt", salt);
com.ExecuteNonQuery();
dr.Close();
response.Semester = 1;
}
else
{
dr.Close();
trans.Rollback();
throw new Exception("You can't add student with the same index number");
}
trans.Commit();
}
}
return(response);
}
public IActionResult Login(LoginRequest request)
{
var student = new Student();
using (var con = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18963;Integrated Security=True"))
{
using (var com = new SqlCommand())
{
//login can be moved to service
com.Connection = con;
var salt = String.Empty;
var password = String.Empty;
com.CommandText = "Select IndexNumber, FirstName Password, Salt From Student Where IndexNumber = @login";
com.Parameters.AddWithValue("login", request.Login);
con.Open();
var dr = com.ExecuteReader();
if (!dr.Read())
{
return(NotFound("Specified student was not found."));
}
student.IndexNumber = dr["IndexNumber"].ToString();
student.FirstName = dr["FirstName"].ToString();
password = dr["Password"].ToString();
salt = dr["Salt"].ToString();
var passToCompare = HashPassword.HashPass(request.Password, salt);
if (!password.Equals(passToCompare))
{
return(BadRequest("Wrong login or password"));
}
dr.Close();
var userclaim = new[]
{
new Claim(ClaimTypes.NameIdentifier, student.IndexNumber),
new Claim(ClaimTypes.Name, student.FirstName),
new Claim(ClaimTypes.Role, "Student"),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "Gakko",
audience: "Students",
claims: userclaim,
expires: DateTime.Now.AddMinutes(1),
signingCredentials: creds
);
student.RefreshToken = Guid.NewGuid().ToString();
student.RefreshTokenExpirationDate = DateTime.Now.AddDays(1);
com.CommandText = "Update Student set RefreshToken = @RefreshToken and RefreshTokenExpirationDate = @ExpDate";
com.Parameters.AddWithValue("RefreshToken", student.RefreshToken);
com.Parameters.AddWithValue("ExpDate", student.RefreshTokenExpirationDate);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = student.RefreshToken
}));
}
}
}
