public IActionResult LoginEmployee(LoginRequestDto request)
{
if (!_dbService.CheckCredentials(request))
{
return(Unauthorized());
}
var claims = new[]
{
new Claim(ClaimTypes.Name, request.Login),
new Claim(ClaimTypes.Role, "employee")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "s18660",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(5),
signingCredentials: creds
);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = Guid.NewGuid()
}));
}
public string Login(LoginRequestDto request)
{
var userName = request.UserName;
var userPwd = request.UserPwd;
var imgCode = request.ImgCode;
if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(userPwd))
{
Exception(LoginResultEnum.UserNameOrPasswordEmpty.ToString(), "用户名或密码不能为空");
}
var objCode = ContextHelper.ReadSession(Constant.UserImgCodeKey);
if (objCode == null)
{
Exception(LoginResultEnum.ImgCodeExpired.ToString(), "验证码过期,请刷新验证码");
}
if (!objCode.ToString().Equals(imgCode, StringComparison.CurrentCultureIgnoreCase))
{
Exception(LoginResultEnum.ImgCodeError.ToString(), "验证码错误");
}
userPwd = Tools.EncryptDESByUserPwd(userPwd);
var model = _userInfoDal.GetByNameAndPwd(userName, userPwd);
if (model == null)
{
Exception(LoginResultEnum.LoginError.ToString(), "用户名或密码不正确");
}
var token = LoginAfter(model);
return(token);
}
public async Task <IActionResult> Login([FromBody] LoginRequestDto model)
{
var user = await _userManager.FindByEmailAsync(model.Email);
if (user != null)
{
if (!user.IsActive)
{
return(Unauthorized());
}
if (!user.EmailConfirmed)
{
return(BadRequest(new List <IdentityError> {
new IdentityError {
Code = Messages.EmailNotConfirmedCode, Description = Messages.EmailNotConfirmedDescription
}
}));
}
if (await _userManager.CheckPasswordAsync(user, model.Password))
{
return(Ok(await _authService.GenerateLoginResponse(user)));
}
}
return(Unauthorized());
}
public IActionResult ValidateLogin([FromBody] LoginRequestDto loginRequest)
{
try
{
_log.Info($"ValidateLogin Callling: {loginRequest?.LoginName}");
var user = _userViewRepository.ValidateLogin(loginRequest.LoginName, loginRequest.Password);
if (user == null)
{
return(StatusCode(401, new ErrorModel {
HttpStatusCode = 401, Message = "Invalid UserName and Password"
}));
}
var userDto = _mapper.Map <UserDto>(user);
return(Ok(userDto));
}
catch (Exception ex)
{
_log.Error($"Error in ValidateLogin - ", ex);
return(StatusCode(500, new ErrorModel {
HttpStatusCode = 500, Message = "Internal Server Error"
}));
}
}
public bool CheckCredentials(LoginRequestDto request)
{
using (var connection = new SqlConnection(connectionString))
using (var command = new SqlCommand())
{
connection.Open();
command.Connection = connection;
command.CommandText = "select Salt from Student where IndexNumber = @index";
command.Parameters.AddWithValue("index", request.Login);
var dr = command.ExecuteReader();
dr.Read();
var salt = dr["Salt"].ToString();
dr.Close();
var hash = CreateHash(request.Password, salt);
command.Connection = connection;
command.CommandText = "select count(1) from Student where IndexNumber = @index and Password = @password";
command.Parameters.AddWithValue("password", hash);
dr = command.ExecuteReader();
dr.Read();
int count = (int)dr.GetValue(0);
dr.Close();
return(count > 0 ? true : false);
}
}
public async Task <ActionResult <LoginResultDto> > LoginAsync([FromBody] LoginRequestDto requestDto)
{
var user = await _userManager.FindByNameAsync(requestDto.UserName);
LoginResultDto result;
if (user != null && await _userManager.CheckPasswordAsync(user, requestDto.Password))
{
var claims = new List <Claim> {
new Claim(ClaimTypes.Name, user.UserName)
};
var token = _jwtTokenFactory.CreateToken(claims);
result = new LoginResultDto {
Claims = claims, LoginSuccess = true, Token = token,
};
}
else
{
result = new LoginResultDto {
LoginSuccess = false
};
}
return(Ok(result));
}
public LoginResp Login(LoginRequestDto loginRequest)
{
using (var client = new SqlConnection(connString))
using (var com = new SqlCommand())
{
com.CommandText = "select * from Salt where saltID=@id";
com.Parameters.AddWithValue("id", 1);
client.Open();
com.Connection = client;
var dr = com.ExecuteReader();
dr.Read();
var saltc = dr["salt"].ToString();
loginRequest.password = PasswordGenerator.Create(loginRequest.password, saltc);
com.CommandText = "select * from student where Indexnumber=@index and password=@pass";
com.Parameters.AddWithValue("pass", loginRequest.password);
com.Parameters.AddWithValue("index", loginRequest.login);
dr.Close();
var dr2 = com.ExecuteReader();
if (!dr2.Read())
{
return(null);
}
var response = new LoginResp();
response.login = dr2["IndexNumber"].ToString();
response.name = dr2["LastName"].ToString();
return(response);
}
}
public async Task <IActionResult> Login(LoginRequestDto loginRequest)
{
if (loginRequest == null)
{
return(StatusCode(StatusCodes.Status400BadRequest, $"Parâmetro '{nameof(loginRequest)}' incorreto."));
}
var user = await userManager.FindByEmailAsync(loginRequest.Email);
if (user == null)
{
return(StatusCode(StatusCodes.Status401Unauthorized, "Email incorreto!"));
}
var result = await signInManager.CheckPasswordSignInAsync(user, loginRequest.Password, false);
if (result.Succeeded)
{
var userDto = mapper.Map <UserDto>(user);
var roles = await userManager.GetRolesAsync(user);
//var token = authService.GenerateJWToken(user).Result;
var token = await new JwtService().GenerateToken(user, roles, config["JWT_SECRET"]);
var response = new LoginResponseDto
{
token = token,
user = userDto
};
return(Ok(response));
}
return(StatusCode(StatusCodes.Status401Unauthorized, "Senha incorreta!"));
}
public IActionResult Login([FromBody] LoginRequestDto model)
{
var user = _userViewRepository.ValidateLogin(model.LoginName, model.Password);
if (user != null)
{
var role = _roleViewRepository.GetRoleById(user.RoleId);
var authClaims = new List <Claim>
{
new Claim(ClaimTypes.Name, user.LoginName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(ClaimTypes.Role, role.RoleName)
};
var authSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWT:Secret"]));
var token = new JwtSecurityToken(
//issuer: _configuration["JWT:ValidIssuer"],
//audience: _configuration["JWT:ValidAudience"],
expires: DateTime.Now.AddHours(10),
claims: authClaims,
signingCredentials: new SigningCredentials(authSigningKey, SecurityAlgorithms.HmacSha256Signature)
);
var userDto = _mapper.Map <UserDto>(user);
userDto.Token = new JwtSecurityTokenHandler().WriteToken(token);
userDto.TokenExpiration = token.ValidTo;
userDto.LastLogin = DateTime.Now;
return(Ok(userDto));
}
return(Unauthorized());
}
public async Task <IActionResult> Login([FromBody] LoginRequestDto model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var appUser = _userManager.Users.SingleOrDefault(r => r.UserName == model.UserName);
if (appUser == null)
{
return(NotFound(new { error = "The email does not exist" }));
}
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, false, false);
if (result.Succeeded)
{
var isAdmin = (await _userManager.GetRolesAsync(appUser)).Any(x => x == "admin");
var token = await GenerateJwtToken(model.UserName, appUser);
return(Ok(new LoginResponseDto()
{
User = new UserDto()
{
Token = token.ToString(), UserName = appUser.UserName, IsAdmin = isAdmin
}
}));
}
else
{
return(BadRequest());
}
}
public ApiResponseDto <LoginRequestDto> Login(LoginRequestDto requestDto)
{
try
{
var user = BUser.LoginResponse(requestDto);
if (user != null)
{
LoginRequestDto loginResponse = new LoginRequestDto()
{
UserName = user.UserName,
Password = user.Password
};
return(ApiResponseDto <LoginRequestDto> .SuccessResponse(loginResponse, "basarili"));
}
return(ApiResponseDto <LoginRequestDto> .FailedResponse("basarisiz"));
}
catch
{
return(ApiResponseDto <LoginRequestDto> .FailedResponse("basarisiz"));
}
}
public async Task <ActionResult <LoginResponseDto> > Login(LoginRequestDto model)
{
var user = await this._userManager.FindByNameAsync(model.UserName);
if (user == null)
{
return(Unauthorized());
}
var passwordValid = await this._userManager.CheckPasswordAsync(user, model.Password);
if (!passwordValid)
{
return(Unauthorized());
}
var token = this._identityService.GenerateJwtToken(
user.Id,
user.UserName,
this._appSettings.Secret);
return(new LoginResponseDto
{
Token = token
});
}
public string Authenticated(LoginRequestDto request)
{
//rsa解密
var code = SecurityRsa.Decrypt(request.Password);
if (code is null)
{
return(null);
}
//获取用户
var user = _context.User.Find(request.UserName);
if (user is null || user.Password != SecurityAes.Encrypt(code))
{
return(null);
}
//获取用户角色
var roles = user.Role.Split("::", StringSplitOptions.RemoveEmptyEntries).ToList();
//创建claim
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, user.UserName)
};
claims.AddRange(roles.Select(role => new Claim(ClaimTypes.Role, role)));
//生成token
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManagement.Secret));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var jwtToken = new JwtSecurityToken(_tokenManagement.Issuer, _tokenManagement.Audience, claims,
expires: DateTime.Now.AddMinutes(_tokenManagement.AccessExpiration), signingCredentials: credentials);
var token = new JwtSecurityTokenHandler().WriteToken(jwtToken);
return(token);
}
public Guid IsAuthenticated(LoginRequestDto request, out string token)
{
token = string.Empty;
var userId = userService.IsValid(request);
if (userId == Guid.Empty)
{
return(Guid.Empty);
}
var claims = new[]
{
new Claim(ClaimTypes.Name, request.UserName)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenManagement.Secret));
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var jwtToken = new JwtSecurityToken(tokenManagement.Issuer, tokenManagement.Audience, claims,
expires: DateTime.Now.AddMinutes(tokenManagement.AccessExpiration),
signingCredentials: credentials);
token = new JwtSecurityTokenHandler().WriteToken(jwtToken);
return(userId);
}
// public async Task<object> Login([FromBody] LoginDto dto, [FromServices] ILoginService service)
public async Task <object> Login([FromBody] LoginRequestDto requestDto)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (requestDto == null)
{
return(BadRequest());
}
try
{
var result = await _service.FindByLogin(requestDto);
if (result == null)
{
return(NotFound());
}
return(Ok(result));
}
catch (ArgumentException e)
{
Console.WriteLine(e);
return(StatusCode((int)HttpStatusCode.InternalServerError, e.Message));
}
}
public async Task <LoginResponseDto> CheckLogin(string username, string encryptedPassword)
{
LoginRequestDto dto = new LoginRequestDto
{
MobileNo = username,
Password = encryptedPassword
};
//IRestClient<LoginRequestDto, LoginResponseDto> rest = new RestClient<LoginRequestDto, LoginResponseDto>();
//LoginResponseDto res = await rest.Post(dto, "Login/CheckLogin", MediaType.Json, Encoding.UTF8);
// Temp Login
LoginResponseDto res = new LoginResponseDto()
{
Message = "success",
Name = "Emp1",
Status = true,
UserId = 100
};
if (res.Status)
{
// Save in Shared Preferance.
SharedPreferences.UserId = res.UserId;
UpdateNotificationToken();
}
return(res);
}
public async Task <LoginResponseDto> FindByLogin(LoginRequestDto requestDto)
{
var response = new LoginResponseDto(false, "Falha ao autenticar");
if (requestDto != null && !string.IsNullOrWhiteSpace(requestDto.Email))
{
UserEntity entity = await _repository.FindByLogin(requestDto.Email);
if (entity == null)
{
return(response);
}
var identity = new ClaimsIdentity(
new GenericIdentity(entity.Email),
new []
{
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.UniqueName, entity.Email),
}
);
DateTime createDate = DateTime.Now;
DateTime expirationDate = createDate + TimeSpan.FromSeconds(Convert.ToDouble(Environment.GetEnvironmentVariable("Seconds")));
var handler = new JwtSecurityTokenHandler();
string token = CreateToken(identity, createDate, expirationDate, handler);
return(SuccessObject(createDate, expirationDate, token, requestDto));
}
return(response);
}
public async Task E_Possivel_Executar_Metodo_FindByLogin()
{
var email = Internet.Email();
LoginResponseDto objRetorno = new LoginResponseDto(
true,
DateTime.UtcNow,
DateTime.UtcNow.AddHours(8),
Guid.NewGuid().ToString(),
Name.FullName(),
"Login efetuado com sucesso."
);
var loginDto = new LoginRequestDto
{
Email = email
};
_serviceMock = new Mock <ILoginService>();
_serviceMock.Setup(m => m.FindByLogin(loginDto)).ReturnsAsync(objRetorno);
_serviceLogin = _serviceMock.Object;
var result = await _serviceLogin.FindByLogin(loginDto);
Assert.NotNull(result);
}
public async void Login_WithValidUsernameAndPassword_ReturnsOkResponseWithTokenInformation()
{
var now = DateTime.UtcNow;
var request = new LoginRequestDto
{
Username = "******",
Password = "******"
};
var mockResponse = new LoginResponse
{
Success = true,
Token = "token",
Expires = now
};
_accountServiceMock.Setup(x => x.AttemptLoginAsync(It.IsAny <string>(), It.IsAny <string>()))
.ReturnsAsync(mockResponse);
var result = await _accountController.Login(request);
var actionResult = Assert.IsType <ActionResult <LoginResponseDto> >(result);
var okResult = Assert.IsType <OkObjectResult>(actionResult.Result);
var returnValue = Assert.IsType <LoginResponseDto>(okResult.Value);
Assert.NotNull(returnValue.Token);
Assert.Equal(now, returnValue.Expires);
}
public IActionResult GetToken([FromBody] LoginRequestDto login)
{
var state = _accountService.Login(login.UserName, login.Password, login.IsDomainAccount);
// var state =1;
if (state == -1)
{
return(Ok(new ResponseDto(StatusCodeEnum.AccountError, "账号不存在")));
}
if (state == -2)
{
return(Ok(new ResponseDto(StatusCodeEnum.AccountError, "账号密码错误")));
}
var tokenString = _tokenService.WriteToken(new AccountModel()
{
UserName = login.UserName
});
return(Ok(new DataResponseDto()
{
Data = new TokenResponseDto {
Token = tokenString, ExpireIn = 60 * 60
}
}));
}
public async Task <UserResponseDto> Login(LoginRequestDto dto)
{
var user = await this.dbContext
.Users
.SingleOrDefaultAsync(u => u.Username == dto.Username);
if (user == null)
{
throw new InvalidOperationException("Invalid username");
}
var passwordHash = PasswordEncrypt.ComputeHash(dto.Password, user.PasswordSalt);
if (user.Password != passwordHash)
{
throw new InvalidOperationException("Invalid password");
}
return(new UserResponseDto
{
Id = user.Id,
Username = user.Username,
Token = tokenService.CreateToken(user),
Role = user.Role,
FirstName = user.FirstName,
LastName = user.LastName
});
}
public IActionResult Login(LoginRequestDto request)
{
var result = _service.LoginCheck(request);
var okResult = result as OkObjectResult;
Console.Write(okResult);
if (result.Equals(okResult))
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, request.Login),
new Claim(ClaimTypes.Role, "admin")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken
(
issuer: "Gakko",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = Guid.NewGuid() //saved to the db
}));
}
return(StatusCode(401));
}
public IActionResult Login(LoginRequestDto log)
{
var claim = new[]
{
new Claim(ClaimTypes.NameIdentifier, "1"),
new Claim(ClaimTypes.Name, "jan123"),
new Claim(ClaimTypes.Role, "admin"),
new Claim(ClaimTypes.Role, "student")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "Gakko",
audience: "Students",
claims: claim,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = Guid.NewGuid()
}
));
}
public async Task <IActionResult> Login([FromBody] LoginRequestDto model)
{
var user = _userManager.Users.SingleOrDefault(r => r.UserName == model.UserName);
if (user == null)
{
ModelState.AddModelError("notExists", "Username or password are incorrect.");
return(BadRequest(ModelState));
}
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, true, false);
if (!result.Succeeded)
{
ModelState.AddModelError("notExists", "Username or password are incorrect.");
return(BadRequest(ModelState));
}
else
{
var jsonWebToken = _tokenService.GenerateJwtToken(user);
var requestedAt = DateTime.UtcNow;
var returnModel = _mapper.Map <LoggedInUserDto>(user);
returnModel.LastLoginDate = user.LastLoginDate;
user.LastLoginDate = requestedAt;
await _userManager.UpdateAsync(user);
returnModel.Token = jsonWebToken.Token;
returnModel.Expires = jsonWebToken.Expiration - requestedAt.Ticks;
return(Ok(returnModel));
}
}
public LoginResponseDto Login_Obsolete(LoginRequestDto request)
{
var userName = request.UserName;
var userPwd = request.UserPwd;
var imgCode = request.ImgCode;
if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(userPwd))
{
return(new LoginResponseDto(LoginResultEnum.UserNameOrPasswordEmpty));
}
var objCode = ContextHelper.ReadSession(Constant.UserImgCodeKey);
if (objCode == null)
{
return(new LoginResponseDto(LoginResultEnum.ImgCodeExpired));
}
if (!objCode.ToString().Equals(imgCode, StringComparison.CurrentCultureIgnoreCase))
{
return(new LoginResponseDto(LoginResultEnum.ImgCodeError));
}
userPwd = Tools.EncryptDESByUserPwd(userPwd);
var model = _userInfoDal.GetByNameAndPwd(userName, userPwd);
if (model == null)
{
return(new LoginResponseDto(LoginResultEnum.LoginError));
}
var token = LoginAfter(model);
return(new LoginResponseDto(LoginResultEnum.Success, token));
}
public IActionResult Login(LoginRequestDto request)
{
// TODO: Move all this logic to DBService
var student = _studentsDbService.GetStudent(request.Login);
if (_studentsDbService.CheckUserPassword(student, request.Password))
{
Console.WriteLine("Password confirmed");
}
else
{
return(BadRequest("Password dont match"));
}
var token = _studentsDbService.GetJwtToken();
var refreshToken = Guid.NewGuid(); // is unique and has no information
_studentsDbService.SaveRefreshTokenInDb(refreshToken, student);
return(Ok(new
{
accessToken = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken
}));
}
public void WhenLoginReturnsAnError()
{
// Arrange
var model = new LoginRequestDto
{
Password = "******",
UserName = "******"
};
var loggedInUser = new LoggedInUserDto
{
UserName = "******"
};
var users = new List <ApplicationUser> {
new ApplicationUser {
UserName = "******"
}
}.AsQueryable();
_userManager = new FakeUserManager(_userStore, users);
_signInManager = new FakeSignInManager(_userStore, users, Microsoft.AspNetCore.Identity.SignInResult.Failed);
_tokenService.Setup(x => x.GenerateJwtToken(It.IsAny <ApplicationUser>())).Returns(new Logic.Models.JsonWebToken("123", 1));
_mapper.Setup(x => x.Map <LoggedInUserDto>(It.IsAny <ApplicationUser>())).Returns(loggedInUser);
var controller = new AccountController(_userManager, _signInManager, _mapper.Object, _tokenService.Object);
// Act
var result = controller.Login(model).Result;
// Assert
Assert.Equal(typeof(BadRequestObjectResult), result.GetType());
}
public LoginResponseDto Login(LoginRequestDto loginRequestDto)
{
if (loginRequestDto == null)
{
return(null);
}
var potentialUser = _userRepository.TryGetUserByName(loginRequestDto.Username);
if (potentialUser == null)
{
return(new LoginResponseDto
{
LoginSuccess = LoginResult.WrongUsername
});
}
var passwordMatch = _userRepository.ValidatePassword(potentialUser, loginRequestDto.Password);
if (passwordMatch)
{
return(potentialUser.ToLoginResponseDto());
}
else
{
return(new LoginResponseDto
{
LoginSuccess = LoginResult.WrongPassword
});
}
}
public async Task ShouldFail_ForIncorrectGoogleToken()
{
const string token = "TOKEN";
_googleAuthService.Setup(s => s.FindGoogleToken(It.IsAny <string>(), It.IsAny <CancellationToken>()))
.ReturnsAsync((GoogleTokenInfo)null);
var request = new LoginRequestDto
{
Token = token
};
var response = await Client.PostJson("/account/login", request);
response.IsSuccessStatusCode.Should().Be(false);
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
var payload = await response.Content.ReadAsStringAsync();
payload.Should().NotBeEmpty();
RecreateContext();
var savedUser = Context
.Users
.SingleOrDefault();
savedUser.Should().BeNull();
_googleAuthService.Verify(s => s.FindGoogleToken(token, It.IsAny <CancellationToken>()), Times.Once);
_googleAuthService.VerifyNoOtherCalls();
}
public IActionResult Login(LoginRequestDto request)
{
//hashing function
//one-way func
//hash(a) = kifiyddsssuyfulgih;oj';strdtufuhpok
//check the password in db
var claims = new[] {
new Claim(ClaimTypes.NameIdentifier, "1"),
new Claim(ClaimTypes.Name, "jan123"),
new Claim(ClaimTypes.Role, "admin"),
new Claim(ClaimTypes.Role, "student")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "Gakko",
audience: "Students",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
return(Ok(new
{
accessToken = new JwtSecurityTokenHandler().WriteToken(token),
refreshToken = Guid.NewGuid()
}));
}
