public bool RegisterUser(ref User user)
{
if (user.TotpToken == null)
{
_logger.LogInformation("TOTP token has not been generated.");
return(false);
}
if (!VerifyPassword(user.Password))
{
_logger.LogInformation("Password verification failed.");
return(false);
}
if (!VerifyUsername(user.Username))
{
_logger.LogInformation("Username verification failed.");
return(false);
}
user.PasswordHash = Pbkdf2Password.PasswordToHash(user.Password);
user.Uuid = SecureGuid.CreateSecureRfc4122Guid();
_database.AddUser(user);
_emailSender.SendRegisterEmail(user);
return(true);
}
public bool CreateComment(Comment comment, User user)
{
if (!SecureGuid.VerifyGuid(comment.Post, out var postGuid))
{
return(false);
}
using var conn = new MySqlConnection(_connectionStringBuilder.ConnectionString);
conn.Open();
using var command = conn.CreateCommand();
command.CommandText = "newComment";
command.CommandType = CommandType.StoredProcedure;
command.Parameters.Add("@postUUID", MySqlDbType.Binary, 16).Value = postGuid.ToByteArray();
command.Parameters.Add("@userUUID", MySqlDbType.Binary, 16).Value = user.Uuid.ToByteArray();
command.Parameters.Add("@commentUUID", MySqlDbType.Binary, 16).Value =
SecureGuid.CreateSecureRfc4122Guid().ToByteArray();
command.Parameters.AddWithValue("@commentContent", comment.Content);
try
{
command.ExecuteNonQuery();
return(true);
}
catch (MySqlException)
{
return(false);
}
}
public IActionResult Login(LoginInput input)
{
if (string.IsNullOrWhiteSpace(input.Username) || string.IsNullOrWhiteSpace(input.Password))
{
_logger.LogInformation("Username or password is null or empty");
return(Unauthorized());
}
if (input.Username.Length > 50)
{
_logger.LogInformation("Username exceeds permitted length.");
return(Unauthorized());
}
if (input.Password.Length > 64)
{
_logger.LogInformation("Password exceeds permitted length.");
return(Unauthorized());
}
if (string.IsNullOrWhiteSpace(input.Captcha))
{
_logger.LogInformation("Captcha is null or empty");
return(Unauthorized());
}
if (!_captcha.VerifyCaptcha(input.Captcha, Request.HttpContext.Connection.RemoteIpAddress, "login"))
{
_logger.LogInformation("Captcha rejected.");
return(Unauthorized());
}
var user = new User
{
Username = input.Username,
Password = input.Password
};
if (_authHandler.LoginUser(ref user))
{
var registerGuid = SecureGuid.CreateSecureRfc4122Guid();
var cacheEntryOptions = new MemoryCacheEntryOptions().SetAbsoluteExpiration(TimeSpan.FromMinutes(5));
_memoryCache.Set("L1" + registerGuid, user, cacheEntryOptions);
var response = new MessageResponse
{
Message = registerGuid.ToString(),
Status = "Ok"
};
return(Ok(response));
}
_logger.LogInformation("Auth handler rejected login.");
return(Unauthorized());
}
public IActionResult RegisterTest()
{
if (_webHostEnvironment.IsDevelopment())
{
var user = new User
{
Uuid = SecureGuid.CreateSecureRfc4122Guid(),
Username = "******"
};
var token = _authHandler.GenerateToken(user);
return(Ok(token));
}
return(NotFound());
}
public TokenInfo GenerateToken(User user)
{
if (!_memoryCache.TryGetValue(user.Uuid.ToString(), out Guid sessionGuid))
{
sessionGuid = SecureGuid.CreateSecureRfc4122Guid();
var options = new MemoryCacheEntryOptions
{
Priority = CacheItemPriority.NeverRemove
};
_memoryCache.Set(user.Uuid.ToString(), sessionGuid, options);
}
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.Uuid.ToString()),
new Claim(JwtRegisteredClaimNames.Jti,
SecureGuid.CreateSecureRfc4122Guid().ToString()),
new Claim(JwtRegisteredClaimNames.Sid, sessionGuid.ToString()),
new Claim(JwtRegisteredClaimNames.UniqueName, user.Username)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Tokens:Key"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(_configuration["Tokens:Issuer"],
_configuration["Tokens:Issuer"],
claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: creds);
var tokenInfo = new TokenInfo
{
Token = new JwtSecurityTokenHandler().WriteToken(token),
Username = user.Username,
Expiry = token.ValidTo
};
return(tokenInfo);
}
public IActionResult VerifyAzureAdCode(TokenInput tokenInput)
{
if (string.IsNullOrWhiteSpace(tokenInput.Token))
{
_logger.LogInformation("Token is empty.");
return(BadRequest());
}
var user = _authHandler.VerifyOauthForRegister(tokenInput.Token);
if (user == null)
{
_logger.LogInformation("Auth handler rejected oauth token.");
return(BadRequest());
}
if (_memoryCache.TryGetValue("R1" + user.Email, out string stringUuid))
{
_memoryCache.Remove("R1" + stringUuid);
}
var registerGuid = SecureGuid.CreateSecureRfc4122Guid();
var cacheEntryOptions = new MemoryCacheEntryOptions().SetAbsoluteExpiration(TimeSpan.FromMinutes(5));
_memoryCache.Set("R1" + registerGuid, user, cacheEntryOptions);
_memoryCache.Set("R1" + user.Email, registerGuid.ToString(), cacheEntryOptions);
var response = new OauthSuccessResponse
{
Name = user.Name,
Email = user.Email,
RegisterCode = registerGuid.ToString()
};
return(Ok(response));
}