Exemple #1
0
        public IActionResult Login([FromForm] string email, [FromForm] string password)
        {
            email    = StringSanitization.Sanitize(email);
            password = SHA512.Hash(password);

            User user = UserDatabase.GetUser(email, null);

            if (HttpContext.User.Identity.IsAuthenticated)
            {
                return(Unauthorized("User already signed in"));
            }
            if (user == null)
            {
                return(NotFound("Email not found in database"));
            }
            if (user.password != password)
            {
                return(Unauthorized("Incorrect password"));
            }
            if (!user.confirmed)
            {
                return(Problem("User has not confirmed his account yet"));
            }

            HttpContext.User = user.ClaimsPrincipal(TokenScope.UserLogin);
            return(NoContent());

            // return Ok(new
            // {
            //  token = Jwt.Sign(user, Scope.Authentication), user.username
            // });
        }
Exemple #2
0
        public void TestStringSanitization(string test)
        {
            string sanitize = StringSanitization.Sanitize(test);
            // string sanitize = test;
            Regex rgx = new Regex(@"^[a-zA-Z0-9\\_\.\@]*$");

            Assert.IsTrue(rgx.IsMatch(sanitize), "Check if the string is correctly sanitized");
        }
Exemple #3
0
        public IActionResult Register([FromForm] string username, [FromForm] string email, [FromForm] string password, [FromForm] DateTime birthday)
        {
            if (String.IsNullOrEmpty(username) | String.IsNullOrEmpty(email) | String.IsNullOrEmpty(password))
            {
                return(BadRequest());
            }

            if (username.Length <= 5)
            {
                return(Problem("Username too short"));
            }
            if (password.Length <= 5)
            {
                return(Problem("Password too weak"));
            }

            password = SHA512.Hash(password);
            username = StringSanitization.Sanitize(username);
            email    = StringSanitization.Sanitize(email);
            if (UserDatabase.GetUser(email, username) != null)
            {
                return(Conflict("Email / username already registered"));
            }

            int apiTokenLength = Int32.Parse(Environment.GetEnvironmentVariable("apitokenlength") ?? throw new Exception("apitokenlength_ENV_VAR_NULL"));

            User user = new User
            {
                password               = password,
                username               = username,
                email                  = email,
                confirmed              = false,
                date_of_birth          = birthday,
                plan                   = Plans.Basic,
                registration_timestamp = DateTime.Now,
                role                   = Roles.User,
                api_token              = StringGeneration.RandomString(apiTokenLength)    // Generate a random api token which will be used to access the kew value database
            };

            if (!MailService.SendConfirmation(user, user.ClaimsPrincipal(TokenScope.Registration).Identity as ClaimsIdentity))
            {
                return(Problem("Internal server error", null, 500));
            }
            UserDatabase.RegisterUser(user);
            return(Ok());
        }
Exemple #4
0
        private static User GetUser(string email, string username, int id, string apitoken)
        {
            email    = StringSanitization.Sanitize(email);
            username = StringSanitization.Sanitize(username);
            apitoken = StringSanitization.Sanitize(apitoken);

            var command =
                new NpgsqlCommand("SELECT * FROM \"Users\" WHERE \"email\"=@email OR \"username\"=@usr OR \"ID\"=@id OR \"api_token\"=@apitoken",
                                  database);

            command.Parameters.AddWithValue("email", email);
            command.Parameters.AddWithValue("usr", username);
            command.Parameters.AddWithValue("id", id);
            command.Parameters.AddWithValue("apitoken", apitoken);

            var dr = command.ExecuteReader();

            dr.Read();

            if (!dr.HasRows)
            {
                dr.Close(); return(null);
            }
            User user = new User
            {
                ID       = dr.GetInt32("ID"),
                username = dr.GetString("username"),
                email    = dr.GetString("email"),
                password = dr.GetString("password"),
                registration_timestamp = dr.GetDateTime("registration_timestamp"),
                date_of_birth          = dr.GetDateTime("date_of_birth"),
                role = dr.GetString("role"),
                plan = Plans.GetPlanByName(dr.GetString("plan")) ?? throw new Exception("Unknown plan type"),
                             confirmed = dr.GetBoolean("confirmed")
            };

            dr.Close();
            return(user);
        }