public async Task <ActionResult <DBUser> > createUser([FromBody] DBUser user)
{
//
// using (var context = new MobileBackendContext(null)) {
//if (_context.DBUser.Any(e => e.UUID == user.UUID))
Console.WriteLine(user);
if (user.login.userName == null)
{
return(BadRequest("Username required"));
}
if (_context.DBUser.Any(e => e.login.userName == user.login.userName))
{
return(BadRequest("Username already Registered"));
}
rfc2898pwd hasher = new rfc2898pwd();
var salt = hasher.Pepper();
var encriptedPWD = hasher.hash(user.login.pwd, salt);
user.login.encrypted = encriptedPWD;
user.login.salt = salt;
var exsisting = _context.device.FirstOrDefault(x => x.DeviceID == user.devices.First().DeviceID);
if (exsisting != null)
{
user.devices.Clear();
user.devices.Add(exsisting);
}
user.pingAll();
_context.DBUser.Add(user);
await _context.SaveChangesAsync();
return(CreatedAtAction("GetUser", user));//new { id = user.ID },
}
public async Task <ActionResult <DBUser> > loginUser([FromBody] DBUser user)
{
//
// using (var context = new MobileBackendContext(null)) {
//if (_context.DBUser.Any(e => e.UUID == user.UUID))
// Console.WriteLine(user);
string username = user.login.userName;
if (username == null)
{
return(BadRequest("Username required"));
}
var potential = _context.DBUser.Include(x => x.login).FirstOrDefault(e => e.login.userName == username);
if (potential == null)
{
return(BadRequest("Username not exist"));
}
rfc2898pwd hasher = new rfc2898pwd();
/*string encriptedPWD = "";
* try {
* encriptedPWD = hasher.deHash(potential.login.encrypted, user.login.pwd, potential.login.salt);
* }catch(Exception err) {
* Console.WriteLine(err);
* }*/
var encriptedPWD = hasher.hash(user.login.pwd, potential.login.salt);
if (!ArrayEquals(encriptedPWD, potential.login.encrypted))
{
Console.WriteLine("salt: " + potential.login.salt);
Console.WriteLine("stored: " + user.login.pwd);
Console.WriteLine("new : " + encriptedPWD);
Console.WriteLine("old : " + potential.login.encrypted);
var uf8 = new System.Text.UTF8Encoding(false);
Console.WriteLine("old : " + System.Text.Encoding.Unicode.GetString(potential.login.encrypted));
Console.WriteLine("old : " + uf8.GetString(potential.login.encrypted));
return(BadRequest("password"));
}
// user.pingAll();
//_context.DBUser.Add(user);
//await _context.SaveChangesAsync();
user.login = null;
return(CreatedAtAction("GetUser", potential));//new { id = user.ID },
}
