public async Task <ActionResult <Token> > SignIn([FromBody] UserSmall user)
{
_logger.LogInformation(nameof(SignIn) + ": " + user);
var userFromRepo = await _repo.SignIn(user);
if (userFromRepo == null)
{
return(Unauthorized());
}
var refreshToken = _service.GenerateRefreshToken();
await _repo.SaveRefreshToken(userFromRepo.UserId, refreshToken);
return(new Token
{
AccessToken = _service.GenerateToken(new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, userFromRepo.UserId.ToString()),
new Claim(ClaimTypes.Name, userFromRepo.Username),
new Claim(ClaimTypes.Role, userFromRepo.UserGroup.ToString()),
}),
Expires = DateTime.UtcNow.AddDays(7).ToString(),
RefreshToken = refreshToken,
UserId = userFromRepo.UserId
});
}
private async Task <UserAttrib> GetUserAttribDetail(UserSmall fbInfo)
{
//do we have user with this id - ours?
//test if user exists in table. if not, create.
var existUserTest = await _context.Users.Where(a => a.FbId == fbInfo.FacebookId).FirstOrDefaultAsync();
if (existUserTest == null)
{
var newUser = new Users()
{
FbId = fbInfo.FacebookId,
FirstNm = fbInfo.FirstName,
LastNm = fbInfo.LastName,
EventCnt = 0,
LastLoginTms = DateTime.UtcNow
};
//auto-ban functionality based on Facebook name match.
var prebanUser = await _context.BanListText.Where(a => a.FirstNm == fbInfo.FirstName && a.LastNm == fbInfo.LastName).FirstOrDefaultAsync();
if (prebanUser != null)
{
newUser.BanFlag = true;
}
await _context.Users.AddAsync(newUser);
await _context.SaveChangesAsync();
existUserTest = _context.Users.Where(a => a.FbId == fbInfo.FacebookId).FirstOrDefault();
}
else
{
//update FB name if needed
if (existUserTest.FirstNm != fbInfo.FirstName || existUserTest.LastNm != fbInfo.LastName)
{
existUserTest.FirstNm = fbInfo.FirstName;
existUserTest.LastNm = fbInfo.LastName;
}
//always update last login.
existUserTest.LastLoginTms = DateTime.UtcNow;
_context.Users.Update(existUserTest);
await _context.SaveChangesAsync();
}
UserAttrib existUser = new UserAttrib()
{
CityNm = existUserTest.CityNm,
StateCd = existUserTest.StateCd,
CountryCd = existUserTest.CountryCd,
RealNm = existUserTest.RealNm,
AdminFlag = existUserTest.AdminFlag,
VolunteerFlag = existUserTest.VolunteerFlag
};
return(existUser);
}
public async Task <User> SignIn(UserSmall user)
{
var loginUser = await _context.User.FirstOrDefaultAsync(u => (u.Username == user.Username.ToLower() || u.UserId.ToString() == user.Username));
if (loginUser == null || !VerifyPassword(user.Password, loginUser.PasswordHash))
{
return(null);
}
return(loginUser);
}
private async Task <string> GenerateUserToken(UserSmall fbInfo)
{
//gets status flag of user and creates user record if not existing
//start off by verifying FB token from passed principal
var fbUrl = _appSettings.Value.FacebookAuthUrl.ToString();
var msToken = fbInfo.AccessToken;
_logger.LogInformation(_appSettings.Value.DevUserId);
_logger.LogInformation(DateTime.Now.ToString() + " - calling FB");
//call FB web service
if (fbInfo.FacebookId == _appSettings.Value.DevUserId)
{
// hard coded for dev
return(_userService.GenerateJwtToken(new UserSmall()
{
FirstName = "Dev",
LastName = "Mode",
FacebookId = _appSettings.Value.DevUserId
}));
}
else
{
var client = _clientFactory.CreateClient();
using (var response = await client.GetAsync(fbUrl + msToken)) {
string apiResponse = await response.Content.ReadAsStringAsync();
dynamic fbRtn = JObject.Parse(apiResponse);
if (fbRtn.id == null)
{
return(null);
}
if (fbRtn.id.ToString() == fbInfo.FacebookId)
{
//we are good, lets spit out the JWT
_logger.LogInformation(DateTime.Now.ToString() + " - generating JWT");
return(_userService.GenerateJwtToken(fbInfo));
}
else
{
//bad token, return nothing
return(string.Empty);
}
}
};
}
public async Task <User> Register(UserSmall user)
{
// 新增用户
var addedUser = await _context.User.AddAsync(new User
{
Username = user.Username.ToLower(),
Nickname = user.Username,
PasswordHash = user.Password.GetMd5Hash(),
UserGroup = 9
});
await _context.SaveChangesAsync();
return(addedUser.Entity);
}
public async Task <ActionResult <string> > UserLogin(UserSmall fbInfo)
{
//gets status flag of user and creates user record if not existing
//start off by verifying FB token from passed principal
string token = await GenerateUserToken(fbInfo);
if (token == string.Empty)
{
return(Unauthorized("You are not permitted to access this site."));
}
else
{
return(token);
}
}
public async Task <ActionResult> SignUp([FromBody] UserSmall user)
{
_logger.LogInformation(nameof(SignUp) + ": " + user);
// 检查是否有相同用户名
if (await _repo.UserExists(user.Username))
{
return(BadRequest(new { error = "Username already exists." }));
}
var registeredUser = await _repo.Register(user);
if (registeredUser == null)
{
return(BadRequest(new { error = "User register fail!" }));
}
return(new CreatedResult(nameof(SignUp), UserLarge.FromUser(registeredUser, _imageServer)));
}
public async Task <ActionResult <FrontPage> > GetFrontPage(UserSmall fbInfo)
{
//check if bearer token exists since we call this again if frontpage refreshes
FrontPage returnData = new FrontPage();
string token = HttpContext.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
if (token == null)
{
_logger.LogInformation(DateTime.Now.ToString() + " - calling GenerateUserToken");
token = await GenerateUserToken(fbInfo);
}
if (token == null)
{
return(Unauthorized(returnData));
}
else
{
returnData.SessionAuth = token;
}
// now we handle our normal user stuff
_logger.LogInformation(DateTime.Now.ToString() + " - calling GetUserAttribDetail");
returnData.UserInfo = await GetUserAttribDetail(fbInfo);
_logger.LogInformation(DateTime.Now.ToString() + " - finished GetUserAttribDetail");
// now we do the event stuff since we have a user
string FacebookId = fbInfo.FacebookId;
_logger.LogInformation(DateTime.Now.ToString() + " - calling GetEventFrontPage");
OpenEvent rtnTimeslot = await _eventService.GetEventFrontPage(FacebookId);
_logger.LogInformation(DateTime.Now.ToString() + " - finished GetEventFrontPage");
returnData.FlexSlot = rtnTimeslot.FlexSlot;
returnData.MoveFlag = rtnTimeslot.MoveFlag;
returnData.SignedUpTimeslot = rtnTimeslot.SignedUpTimeslot;
returnData.Timeslot = rtnTimeslot.Timeslot;
return(Ok(returnData));
}
public string GenerateJwtToken(UserSmall user)
{
// generate token that is valid for 1 day
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[] {
new Claim("fbId", user.FacebookId),
new Claim("firstName", user.FirstName),
new Claim("lastName", user.LastName)
}),
Expires = DateTime.UtcNow.AddDays(1),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return(tokenHandler.WriteToken(token));
}
public async Task <ActionResult <UserAttrib> > GetUserAttrib(UserSmall fbInfo)
{
return(await GetUserAttribDetail(fbInfo));
}
