public async Task CreateUser(User user)
{
using (var connection = new MySqlConnection(ConnectionString))
{
await connection.OpenAsync();
var checkQuery = "SELECT 1 FROM users WHERE Username = @Username and Password = @Password";
var query = "INSERT INTO users (`Username`,`Password`,`Firstname`,`Lastname`)" +
"VALUES (@Username,@Password,@Firstname,@Lastname);";
var passHash = PasswordHash.Generate(user.Password);
var pass = Encoding.UTF8.GetString(passHash.Hash);
var command = new MySqlCommand(checkQuery, connection);
command.Parameters.AddWithValue("@Username", user.Username);
command.Parameters.AddWithValue("@Password", pass);
var res = await command.ExecuteScalarAsync();
if (res != null)
{
throw new ObjectAlreadyExistsException("User with the same details already exits");
}
command.CommandText = query;
await command.ExecuteNonQueryAsync();
}
}
public async Task <IActionResult> SignUp(SignUpRequest request)
{
var cancellation = HttpContext.RequestAborted;
var user = new UserEntity
{
Username = request.Username,
Email = request.Email,
PasswordHash = PasswordHash.Generate(request.Password),
Profile = new ProfileEntity()
};
try
{
await _dbContext.Users.AddAsync(user, cancellation);
await _dbContext.SaveChangesAsync(cancellation);
}
// TODO: better handling for exceptions on duplicate usernames/emails (as mandated by indexes)
catch (Exception ex)
{
return(Problem(
statusCode: 400,
title: "Error",
detail: ex.Message
));
}
return(CreatedAtAction(nameof(SignIn), null));
}
public AuthUserBuilder WithPasswordHash(string plaintextPassword)
{
if (_id is null || _username is null)
{
throw new InvalidOperationException("The id and username should be set (and not changed)");
}
return(WithPasswordHash(PasswordHash.Generate(plaintextPassword, _id, _username)));
}
private AuthUser BuildTestAuthUser(long id, string name, params Role[] roles)
{
var userId = new UserId(id);
var username = new Username(name);
var hash = PasswordHash.Generate("admin", userId, username);
var email = new Email($"{username}@example.com");
return(new AuthUser(userId, username, hash, email, Clock.UtcNow(), roles.Select(r => r.Id)));
}
public void ValidatePassword()
{
var userId = Guid.NewGuid().ToString();
const string password = "******";
const string secretKey = "$2a$06$DCq7YPn5Rq63x1Lad4cll.";
var passwordHash = new PasswordHash();
var hash = passwordHash.Generate(userId, password, secretKey);
passwordHash.Validate(hash, userId, password, secretKey).Should().BeTrue();
}
public AuthUser CreateAuthUser(IIdPool idPool, Role pendingRegistrationRole,
string?name, string?email, string?plaintextPassword)
{
if (pendingRegistrationRole.Rolename != Role.PENDING_REGISTRATION_ROLENAME)
{
throw new ArgumentException("You're supposed to add the pending registration role.",
nameof(pendingRegistrationRole));
}
var nextUserId = new UserId(idPool.NextForUser());
var username = new Username(name);
var passwordHash = PasswordHash.Generate(plaintextPassword, nextUserId, username);
return(new AuthUser(nextUserId, username, passwordHash, new Email(email), _clock.UtcNow(),
new[] { pendingRegistrationRole.Id }));
}
public async Task RegisterNewUser(RegisterModel newUser)
{
Users user = _mapper.Map <Users>(newUser);
if (!_unitOfWork.Users.FindEmail(user.Email))
{
user.Password = PasswordHash.Generate(user.Password);
_unitOfWork.Users.Insert(user);
await _unitOfWork.Users.AddAccounts(user);
await _unitOfWork.Complete();
}
else
{
throw new CustomException(400, "Usuario ya registrado");
}
}
private void AddAuthUser(long id, string name, params long[] roleIds)
{
if (id >= UserDatabase.START_FOR_NEXT_IDS)
{
throw new InvalidOperationException("START_FOR_NEXT_IDS too low!");
}
var hash = PasswordHash.Generate("admin", new UserId(id), new Username(name)).ToStorage();
var now = SystemClock.Instance.UtcNow();
AuthUsersTable.Add(new DbAuthUser {
Id = id,
Username = name,
PasswordHash = hash,
Email = $"{name}@example.com",
CreatedAt = now
});
foreach (long roleId in roleIds)
{
AuthUserRolesTable.Add(new DbAuthUserRole {
UserId = id,
RoleId = roleId
});
}
}
