Esempio n. 1
0
        public User AuthenticateUser(
            string username,
            string password)
        {
            #region Pre-conditions
            if (string.IsNullOrEmpty(username))
            {
                throw new ArgumentNullException(nameof(username));
            }

            if (string.IsNullOrEmpty(password))
            {
                throw new ArgumentNullException(nameof(password));
            }
            #endregion

            var user = _context.Users.SingleOrDefault(x => x.Username == username);

            if (user == null)
            {
                throw new NotFoundException();
            }

            if (!PasswordUtil.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt))
            {
                // We throw the same exception as above to hide the real reason, no need the make the user any smarter
                throw new NotFoundException();
            }

            return(UserMapper.Map(user));
        }
Esempio n. 2
0
        public async Task <IActionResult> Login([FromBody] LoginDto loginDto)
        {
            var user = await _context.Users.FirstOrDefaultAsync(x => x.Email == loginDto.Email);

            if (user == null || !PasswordUtil.VerifyPasswordHash(loginDto.Password, user.PasswordHash, user.PasswordSalt))
            {
                return(NotFound());
            }

            var tokenString = GetToken(user);

            return(Ok(new { token = tokenString }));
        }
Esempio n. 3
0
        private void CheckUser(User userToCreate, User createdUser, string providedPass)
        {
            Assert.NotNull(createdUser);
            Assert.Equal(userToCreate.Username, createdUser.Username);
            Assert.True(createdUser.Id > 0);

            Assert.NotNull(createdUser.PasswordHash);
            Assert.NotEmpty(createdUser.PasswordHash);

            Assert.NotNull(createdUser.PasswordSalt);
            Assert.NotEmpty(createdUser.PasswordSalt);

            Assert.True(PasswordUtil.VerifyPasswordHash(providedPass, createdUser.PasswordHash, createdUser.PasswordSalt));
        }
Esempio n. 4
0
        public async Task <User> Login(string username, string password)
        {
            var user = await context.Users.FirstOrDefaultAsync(x => x.Username == username);

            if (user == null)
            {
                return(null);
            }

            if (!PasswordUtil.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt))
            {
                return(null);
            }

            return(user);
        }
Esempio n. 5
0
        public ChangePasswordValidator(DataContext context)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(x => x.Id)
            .MustAsync((id, token) => context.Users.AnyAsync(u => u.Id == id, token))
            .WithMessage("User not found");

            RuleFor(x => x.Model.Password)
            .MustAsync(async(request, password, token) =>
            {
                var user = await context.Users.FirstOrDefaultAsync(u => u.Id == request.Id);

                return(user != null && PasswordUtil.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt));
            })
            .WithMessage("Username or password is incorrect");
        }
Esempio n. 6
0
        public LoginValidator(DataContext dataContext)
        {
            CascadeMode = CascadeMode.StopOnFirstFailure;

            RuleFor(x => x.Model.Username)
            .MustAsync((username, token) => dataContext.Users.AnyAsync(u => u.Username == username, token))
            .WithMessage("User not found")
            .MustAsync((username, token) => dataContext.Users.AnyAsync(u => u.Username == username && u.IsActivated))
            .WithMessage("Account is not activated");

            RuleFor(x => x.Model.Password)
            .MustAsync(async(request, password, token) =>
            {
                var user = await dataContext.Users.FirstOrDefaultAsync(u => u.Username == request.Model.Username);

                return(user != null && PasswordUtil.VerifyPasswordHash(password, user.PasswordHash, user.PasswordSalt));
            })
            .WithMessage("Username or password is incorrect");
        }