public static bool Login(UserPassModel userPass)
{
connection = new MySqlConnection(connectionString);
connection.Open();
MySqlCommand query = new MySqlCommand("SELECT * FROM `users`.`users` WHERE username = @username", connection);
query.Parameters.Add("@username", MySqlDbType.VarChar).Value = userPass.username;
MySqlDataReader reader = query.ExecuteReader();
reader.Read();
if (reader.HasRows)
{
string hashFromDatabase = (string)reader["hash"];
byte[] salt = (byte[])reader["salt"];
reader.Close();
string hash = Convert.ToBase64String(KeyDerivation.Pbkdf2(
password: userPass.password,
salt: salt,
prf: KeyDerivationPrf.HMACSHA1,
iterationCount: 10000,
numBytesRequested: 256 / 8));
if (hashFromDatabase.Equals(hash))
{
return(true);
}
}
return(false);
}
public static UserPassModel ConvertUserToPost(this IdentityUser input)
{
var model = new UserPassModel();
var inputType = input.GetType().GetRealType();
var inputProperty = inputType.GetProperties();
var userType = typeof(IdentityUser);
var userProperty = userType.GetProperties();
foreach (var p in inputProperty)
{
if (userProperty.Where(b => b.Name == p.Name).FirstOrDefault() != null)
{
try
{
p.SetValue(model, p.GetValue(input));
}
catch { }
continue;
}
var prop = p.GetContentPropertyByPropertyInfo(input);
if (prop == null)
{
continue;
}
model.Properties.Add(prop);
}
model.Properties = model.Properties.OrderBy(b => b.SortOrder).ToList();
return(model);
}
public static bool ValidateInfo(UserPassModel userPass)
{
Regex regex = new Regex("^(?=.{5,15}$)(?![_.])(?!.*[_.]{2})[a-zA-Z0-9._]+(?<![_.])$");
Match userMatch = regex.Match(userPass.username);
Match passMatch = regex.Match(userPass.password);
if (!userMatch.Success || !passMatch.Success)
{
return(false);
}
return(true);
}
public IActionResult Index(UserPassModel userPass, [FromQuery] ParamModel param)
{
//Validate the parameters passed in the url
string validationResposne = DatabaseContext.ValidateParams(param);
if (!validationResposne.Equals("Valid"))
{
return(Ok(validationResposne));
}
//Server side password validation
if (userPass.username != null && userPass.password != null)
{
Regex regex = new Regex("(?![_.])(?!.*[_.]{2})[a-zA-Z0-9._]+(?<![_.])$");
Match userMatch = regex.Match(userPass.username);
Match passMatch = regex.Match(userPass.password);
if (!userMatch.Success || !passMatch.Success)
{
TempData["err"] = "Invalid 1";
return(View());
}//Validates username and password
else if (DatabaseContext.ValidateUser(userPass.username, userPass.password))
{
//Generate request token
string request_token = DatabaseContext.GenerateToken(param.client_id);
//redirects user to redirect_url with request code
return(Redirect(param.redirect_uri + "?code=" + request_token));
}
else
{
TempData["err"] = "Invalid 2";
return(View());
}
}
TempData["redirectErr"] = param.redirect_uri + "?error=access_denied&state=STATE";
ModelState.Remove("username");
ModelState.Remove("password");
return(View());
}
public AuthenticationModel ClientLogin(UserPassModel loginModel)
{
UserService service = new UserService();
AuthenticationModel authModel = new AuthenticationModel();
authModel.IsSchool = false;
authModel.Authenticated = service.CheckJudgeLogin(loginModel.Username, service.HashPassword(loginModel.Username, loginModel.Password));
if (authModel.Authenticated)
{
return(authModel);
}
authModel.IsSchool = true;
authModel.Authenticated = service.CheckSchoolLogin(loginModel.Username, service.HashPassword(loginModel.Username, loginModel.Password));
if (authModel.Authenticated)
{
return(authModel);
}
return(authModel);
}
public static IdentityUser ConvertPostToUser(this UserPassModel input, IdentityUser user, bool deleteExistFile = true, List <string> oldFiles = null, List <string> newFiles = null)
{
var inputType = user.GetType().GetRealType();
var inputProperty = inputType.GetProperties();
var userType = typeof(IdentityUser);
var userProperty = userType.GetProperties();
foreach (var p in inputProperty)
{
try
{
if (userProperty.Where(b => b.Name == p.Name).FirstOrDefault() != null)
{
continue;
}
p.SetPropertyValue(input, user, deleteExistFile, oldFiles, newFiles);
}
catch { }
}
return(user);
}
public IActionResult Register(RegisterUserModel registerUser)
{
if (registerUser.username == null)
{
ModelState.Remove("username");
ModelState.Remove("password");
ModelState.Remove("confirmPassword");
return(View("Register"));
}
else
{
//User Db context to register user
if (UserDatabaseContext.CheckUsername(registerUser.username))
{
UserDatabaseContext.Register(registerUser);
User user = new User();
user.username = registerUser.username;
user.accessToken = UserDatabaseContext.GenerateAccessToken(registerUser.username);
HttpContext.Session.SetString("user", JsonConvert.SerializeObject(user));
}
else
{
TempData["err"] = "Username already exists";
return(View("Register"));
}
}
UserPassModel userPass = new UserPassModel();
userPass.username = registerUser.username;
userPass.password = registerUser.password;
return(RedirectToAction("Login", userPass));
}
public IActionResult Login(UserPassModel userPass)
{
//string userString = HttpContext.Session.GetString("user");
if (userPass.username == null)
{
ModelState.Remove("username");
ModelState.Remove("password");
//auto sign in
return(View("Login"));
}
else
{
if (ServerSideValidation.ValidateInfo(userPass))
{
if (UserDatabaseContext.Login(userPass))
{
//Use Db context to validate user name and pass
TempData["User"] = userPass.username;
User user = new User();
user.username = userPass.username;
user.accessToken = UserDatabaseContext.GenerateAccessToken(userPass.username);
HttpContext.Session.SetString("user", JsonConvert.SerializeObject(user));
return(RedirectToAction("Index"));
}
else
{
TempData["err"] = "Invalid username or password";
return(View());
}
}
return(View());
}
}
