public async Task <ActionResult> LoginConfirm(LoginVM loginVM)
{
// if some the hacking actions with form or someione don't use JS
if (!ModelState.IsValid)
{
ModelState.AddModelError(String.Empty, "Invalid token");
return(View(new LoginVM()
{
Login = loginVM.Login
}));
}
User user = await dbContext.Users.Where(u => loginVM.Login == u.Login).FirstOrDefaultAsync();
if (user == null)
{
ModelState.AddModelError(String.Empty, "User not found");
return(View(new LoginVM()
{
Login = loginVM.Login
}));
}
byte[] password = Encoding.Unicode.GetBytes(user.Salt + loginVM.Password);
string hash = CryptoService.ComputeMD5Hash(password).ToHexString();
if (user.Password != hash)
{
ModelState.AddModelError(String.Empty, "Incorrect login or/and pass");
return(View(new LoginVM()
{
Login = loginVM.Login
}));
}
IEnumerable <string> userRoles = user.Roles.Select(role => role.Name);
Session["User"] = user;
Session["Roles"] = userRoles;
Session["isAdmin"] = userRoles.Contains("Admin");
Session["UserMenu"] = MenuProvider.BuildMenu(userRoles);
return(Redirect(Url.Content("~/")));
}
public async Task <ActionResult> RegisterConfirm(RegisterVM registerModel)
{
// if some the hacking actions with form. Or someone disable JS?
if (!ModelState.IsValid)
{
ModelState.AddModelError(String.Empty, "Invalid token");
return(View(registerModel));
}
// check for already registred
if (await dbContext.Users.Where(u => registerModel.Login == u.Login).CountAsync() > 0)
{
ModelState.AddModelError(String.Empty, "Login is already taken(and pass maybe too?)");
return(View(registerModel));
}
string salt = CryptoService.GetRandomBytes(AppConstants.PASSOWORD_SALT_LENGTH).ToHexString();
byte[] password = Encoding.Unicode.GetBytes(salt + registerModel.Password);
string hash = CryptoService.ComputeMD5Hash(password).ToHexString();
User newUser = new User()
{
Login = registerModel.Login,
Password = hash,
Salt = salt
};
newUser.Roles.Add(await dbContext.UserRoles.Where(role => role.Name == "Authenticated").FirstAsync());
dbContext.Users.Add(newUser);
await dbContext.SaveChangesAsync();
return(RedirectToAction("Login"));
}
internal static async Task <byte[]> CreatePasswordAsync(string userId, byte[] salt, string password)
{
var passwd = PreparePassword(userId, salt, password);
return(CryptoService.ComputeMD5Hash(await CryptoService.EncryptAsync(passwd)));
}
protected override void Seed(MusicPortalDbContext context)
{
Genre ambientGenre = new Genre()
{
Name = "Ambient"
};
Genre hiphopGenre = new Genre()
{
Name = "Hip-Hop"
};
Genre instrumentalGenre = new Genre()
{
Name = "Instrumental"
};
Genre soundtrackGenre = new Genre()
{
Name = "Soundtrack"
};
Genre pianoGenre = new Genre()
{
Name = "Piano"
};
context.Genres.AddRange(new List <Genre>()
{
ambientGenre,
hiphopGenre,
instrumentalGenre,
soundtrackGenre,
pianoGenre,
new Genre()
{
Name = "Alternative"
},
new Genre()
{
Name = "Blues"
},
new Genre()
{
Name = "Background"
},
new Genre()
{
Name = "Chanson"
},
new Genre()
{
Name = "Classical"
},
new Genre()
{
Name = "Club"
},
new Genre()
{
Name = "Country"
},
new Genre()
{
Name = "Dance"
},
new Genre()
{
Name = "Disco"
},
new Genre()
{
Name = "Drum & Bass"
},
new Genre()
{
Name = "Electro"
},
new Genre()
{
Name = "Folk"
},
new Genre()
{
Name = "Funk"
},
new Genre()
{
Name = "Hardcore"
},
new Genre()
{
Name = "House"
},
new Genre()
{
Name = "Industrial"
},
new Genre()
{
Name = "Jazz"
},
new Genre()
{
Name = "Metal"
},
new Genre()
{
Name = "Minimal"
},
new Genre()
{
Name = "Pop-Rock"
},
new Genre()
{
Name = "Punk"
},
new Genre()
{
Name = "Rap"
},
new Genre()
{
Name = "Reggae"
},
new Genre()
{
Name = "Retro"
},
new Genre()
{
Name = "R&B"
},
new Genre()
{
Name = "Rock"
},
new Genre()
{
Name = "Soul"
},
new Genre()
{
Name = "Techno"
},
new Genre()
{
Name = "Trance"
}
});
UserRole authorized = new UserRole()
{
Name = "Admin"
};
UserRole admin = new UserRole()
{
Name = "Authorized"
};
context.UserRoles.AddRange(new List <UserRole>()
{
authorized,
admin,
new UserRole()
{
Name = "Authenticated"
}
});
var salt = CryptoService.GetRandomBytes(AppConstants.PASSOWORD_SALT_LENGTH).ToHexString();
context.Users.Add(new User()
{
Login = "******",
Password = CryptoService.ComputeMD5Hash(Encoding.Unicode.GetBytes((salt + "admin"))).ToHexString(),
Salt = salt,
Roles = new List <UserRole>()
{
authorized, admin
}
});
context.Songs.Add(new Song()
{
Name = "Lo-fi chill cover OST",
FileName = "ba814cc1-5de9-494c-b46e-c171e5fec6ab.mp3",
Genres = new List <Genre>()
{
ambientGenre, hiphopGenre, soundtrackGenre
}
});
context.Songs.Add(new Song()
{
Name = "After Dark piano cover",
FileName = "ceas4cc1-5de9-494c-b46e-c171e5feceas.mp3",
Genres = new List <Genre>()
{
instrumentalGenre, pianoGenre
}
});
context.SaveChanges();
base.Seed(context);
}
internal static byte[] CreatePassword(string userId, byte[] salt, string password)
{
var passwd = PreparePassword(userId, salt, password);
return(CryptoService.ComputeMD5Hash(CryptoService.Encrypt(passwd)));
}
