public string Login(LoginDTO loginDTO)
{
var cryptoPassword = CryptoPassword.GetSha(loginDTO.Password);
var user = _context.Users.FirstOrDefault(x => x.Email == loginDTO.Email && x.Password == cryptoPassword);
if (user == null)
{
throw new ServiceException(ExceptionMessages.USER_NOT_FOUND);
}
if (!user.IsActive)
{
throw new ServiceException(ExceptionMessages.USER_NOT_ACTIVE);
}
var tokenHandler = new JwtSecurityTokenHandler();
var tokenKey = this._configuration.GetValue <string>("Token_Key");
var tokenKeyByte = Encoding.ASCII.GetBytes(tokenKey);
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor()
{
Subject = new ClaimsIdentity(new Claim[] {
new Claim("Name", user.Name),
new Claim("Surname", user.Surname),
new Claim("Email", user.Email),
new Claim("Id", Convert.ToString(user.Id)),
}),
Expires = DateTime.UtcNow.AddHours(24),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(tokenKeyByte), SecurityAlgorithms.HmacSha512)
};
var securityToken = tokenHandler.CreateToken(tokenDescriptor);
string token = tokenHandler.WriteToken(securityToken);
return(token);
}
public void TestCryptPassword()
{
CryptoPassword crypto = new CryptoPassword();
string clearPassword = "******";
string encryptedPassword = crypto.Hash(clearPassword);
Assert.AreNotEqual(clearPassword, encryptedPassword);
}
public void TestRandomSaltInEncryption()
{
CryptoPassword crypto = new CryptoPassword();
string password = "******";
string firstEncrypt = crypto.Hash(password);
string secondEncrypt = crypto.Hash(password);
Assert.AreNotEqual(firstEncrypt, secondEncrypt);
}
private string GetDecryptedPassword(Profile p, string publicKey)
{
var cp = new CryptoPassword {
EncryptedPassword = p.Password,
IV = p.IV,
Salt = p.Salt,
KeyPhrase = publicKey
};
return(Cryptographer.Decrypt(cp));
}
public void TestPasswordVerifyWithGoodPassword()
{
CryptoPassword crypto = new CryptoPassword();
string clearPassword = "******";
string encryptedPassword = crypto.Hash(clearPassword);
bool verify = crypto.Verify(clearPassword, encryptedPassword);
Assert.AreEqual(true, verify);
}
public async Task <bool> LoginAccountAsync(Account account)
{
var criptoPassword = CryptoPassword.HashMD5(account.Password);
var hasAny = await _context.Accounts.AnyAsync(x => x.UserName == account.UserName && x.Password == criptoPassword);
if (!hasAny)
{
return(false);
}
return(true);
}
public void TestPasswordVerifyWithWrongPassword()
{
CryptoPassword crypto = new CryptoPassword();
string actualPassword = "******";
string wrongPassword = "******";
string encryptedPassword = crypto.Hash(actualPassword);
bool verify = crypto.Verify(wrongPassword, encryptedPassword);
Assert.AreEqual(false, verify);
}
public ActionResult <string> NewUser(RegisterUserModel registerModel)
{
var user = new User
{
Email = registerModel.Email,
Name = registerModel.Name,
Password = CryptoPassword.GetPasswordHash(registerModel.Password)
};
var result = _repository.AddUser(user);
return(result);
}
public ActionResult <LoginResult> SignIn(LoginModel loginModel)
{
var loginResult = new LoginResult();
string userHash = CryptoPassword.GetPasswordHash(loginModel.Password);
User user = _repository.GetUserByEmail(loginModel.Email);
if (userHash == user?.Password)
{
Authenticate(user);
loginResult.Success = true;
}
return(loginResult);
}
/// <summary>
/// Check if the username and the password of the user is correct
/// </summary>
/// <param name="login"></param>
/// <returns>True if OK</returns>
/// <returns>Exception if not OK</returns>
public bool LoginDb(Login login)
{
CheckData loginCheck = new CheckData();
DbConnection connection = new DbConnection();
CryptoPassword c = new CryptoPassword();
//Check if the fields aren't empty
loginCheck.CheckLoginField(login.userEmail, login.password);
//Check if the userEmail exist in the database
if (!connection.CheckEmail(userEmail))
{
return(false);
}
//Get the password form the database from the validated userEmail
var hashedPassword = connection.GetUserPassword(userEmail);
//Return true or false if the input password match or not the database password
return(c.Verify(password, hashedPassword));
}
public void Register(RegisterDTO registerDTO)
{
User user = new User
{
Name = registerDTO.Name,
Surname = registerDTO.Surname,
Email = registerDTO.Email,
Password = CryptoPassword.GetSha(registerDTO.Password),
UpdatedDate = null,
ConfirmationKey = CryptoPassword.GetSha(registerDTO.Email),
IsActive = false
};
_context.Users.Add(user);
_context.SaveChanges();
string bodyHtml = $"<html> <head> <body> Üyeliğiniz aktif olması için <a href=http://localhost:5000/api/User/userActivate?confirmationKey={user.ConfirmationKey}&mail={user.Email}> bu </a> linke tıklayınız </body> </head> </html> ";
string subject = "USER-ACTIVATION";
this.sendEmail(bodyHtml, subject, user.Email);
}
/// <summary>
/// Register new users in the database, also check if the username is already used.
/// </summary>
/// <param name="reg">Contains userEmail, username and a password</param>
/// <returns>True: Everything OK</returns>
///
public bool RegisterInDb(Register reg)
{
DbConnection connection = new DbConnection();
CryptoPassword c = new CryptoPassword();
string hashedPassword = c.Hash(password);
CheckData registerCheck = new CheckData();
try
{
if (!registerCheck.CheckRegisterField(reg.userEmail, reg.password, reg.passwordCheck))
{
return(false);
}
if (!registerCheck.VerifRegister(reg.userEmail, reg.password))
{
return(false);
}
if (connection.CheckIfUserEmailExistInDb(userEmail))
{
return(false);
}
if (!connection.InsertDataInDb(username, userEmail, hashedPassword))
{
return(false);
}
}
catch (InvalidEmailAddressException e)
{
MessageBox.Show(e.Message);
return(false);
}
catch (EmptyFieldException e)
{
MessageBox.Show(e.Message);
return(false);
}
catch (EmailTooShortException e)
{
MessageBox.Show(e.Message);
return(false);
}
catch (PasswordTooShortException e)
{
MessageBox.Show(e.Message);
return(false);
}
catch (UserEmailAlreadyExistException e)
{
MessageBox.Show(e.Message);
return(false);
}
catch (MySqlException e)
{
MessageBox.Show("Un erreur est survenu lors de la connection avec la base de donnée");
return(false);
}
return(true);
}
private string Cryptography(string password)
{
return(CryptoPassword.HashMD5(password));
}
