Esempio n. 1
0
        /// <summary>
        /// The CreateFirstTimeSsoUser method.
        /// Creates a first time user registered from the SSO.
        /// <para>
        /// @author: Jennifer Nguyen
        /// @updated: 04/09/2018
        /// </para>
        /// </summary>
        /// <param name="userAccountDto"></param>
        /// <returns></returns>
        public ResponseDto <bool> CreateFirstTimeSsoUser(UserAccountDto userAccountDto)
        {
            var createFirstTimeSsoUserPreLogicStrategy = new CreateFirstTimeSsoUserPreLogicValidationStrategy(userAccountDto);
            var saltGenerator = new SaltGenerator();
            var payloadHasher = new PayloadHasher();

            // Validate data transfer object
            var result = createFirstTimeSsoUserPreLogicStrategy.ExecuteStrategy();

            if (result.Error != null)
            {
                return(new ResponseDto <bool>
                {
                    Data = false,
                    Error = result.Error
                });
            }

            // Hash password
            var passwordSalt = new PasswordSalt(saltGenerator.GenerateSalt(128));
            var userAccount  = new UserAccount(username: userAccountDto.Username, password: userAccountDto.Password, isActive: true, isFirstTimeUser: true, roleType: userAccountDto.RoleType);

            userAccount.Password = payloadHasher.Sha256HashWithSalt(passwordSalt.Salt, userAccount.Password);

            // Validate domain models
            var createFirstTimeSsoUserPostLogicStrategy = new CreateFirstTimeSsoUserPostLogicValidationStrategy(userAccount, passwordSalt);

            result = createFirstTimeSsoUserPostLogicStrategy.ExecuteStrategy();
            if (result.Error != null)
            {
                return(new ResponseDto <bool>
                {
                    Data = false,
                    Error = result.Error
                });
            }

            // Store a user from Single Sign On registration request
            using (var userGateway = new UserGateway())
            {
                var gatewayResult = userGateway.StoreSsoUser(userAccount, passwordSalt);
                if (gatewayResult.Data == false)
                {
                    return(new ResponseDto <bool>()
                    {
                        Data = gatewayResult.Data,
                        Error = GeneralErrorMessages.GENERAL_ERROR
                    });
                }
            }

            return(new ResponseDto <bool>()
            {
                Data = true
            });
        }
        /// <summary>
        ///
        /// CreateToken
        ///
        /// Creates a new Authentiaction Token and saves it in the Database and return it to the user
        ///
        /// </summary>
        /// <para>
        /// @author: Ahmed Sadiq, Brian Fann, Rachel Dang
        /// @updated: 4/26/18
        /// </para>
        /// <param name="loginDto"></param>
        /// <returns>
        /// Response with the AuthenticationTokenDto
        /// </returns>
        public ResponseDto <AuthenticationTokenDto> CreateToken(string username)
        {
            var tokenHandler        = new JwtSecurityTokenHandler();
            var authenticationToken = new AuthenticationToken();
            var salt = new SaltGenerator().GenerateSalt(128);

            // Creating the Header of the Token
            var key = new SymmetricSecurityKey(Encoding.Default.GetBytes(salt));
            var signingCredentials = new SigningCredentials(key, "HS256");

            authenticationToken.Salt = salt;

            // Assigning the Username to the Token
            authenticationToken.Username = username;

            // Time Stamping the Token
            var issuedOn = DateTime.UtcNow;

            authenticationToken.ExpiresOn = issuedOn.AddMinutes(15);

            // Create claims identity with "Read" permisison claims
            var claimsIdentity = CreateClaimsIdentity(username).Data;

            // Creating the Body of the token
            var tokenDescription = new SecurityTokenDescriptor
            {
                Subject            = claimsIdentity,
                Audience           = AuthenticationTokenConstants.AUDIENCE,
                IssuedAt           = issuedOn,
                Expires            = authenticationToken.ExpiresOn,
                Issuer             = AuthenticationTokenConstants.ISSUER,
                SigningCredentials = signingCredentials,
            };

            // Changing the Token to a String Form
            var token       = tokenHandler.CreateToken(tokenDescription);
            var tokenString = tokenHandler.WriteToken(token);

            authenticationToken.TokenString = tokenString;

            // Storing the Token to the Database
            using (var authenticationGateway = new AuthenticationGateway())
            {
                authenticationGateway.StoreAuthenticationToken(authenticationToken);
            }

            // Assigning the Token to a Dto to return it back to the User
            var authenticationTokenDto = new AuthenticationTokenDto(authenticationToken.Username,
                                                                    authenticationToken.ExpiresOn, authenticationToken.TokenString);

            // Returning the Token to the Controler
            return(new ResponseDto <AuthenticationTokenDto>
            {
                Data = authenticationTokenDto
            });
        }
Esempio n. 3
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="dto"></param>
        /// <param name="userAccount"></param>
        /// <param name="passwordSalt"></param>
        /// <param name="userProfile"></param>
        /// <param name="securityQuestions"></param>
        /// <param name="securityAnswerSalts"></param>
        /// <returns></returns>
        private ResponseDto <bool> MapUserDtoToModel(RegisterUserDto dto, out UserAccount userAccount, out PasswordSalt passwordSalt, out UserProfile userProfile, out IList <SecurityQuestion> securityQuestions, out IList <SecurityAnswerSalt> securityAnswerSalts)
        {
            // Map variables to the parameters
            userAccount = new UserAccount(
                username: dto.UserAccountDto.Username,
                password: dto.UserAccountDto.Password,
                isActive: true,
                isFirstTimeUser: false,
                roleType: RoleTypes.PUBLIC);

            securityQuestions = dto.SecurityQuestionDtos
                                .Select(securityQuestionDto => new SecurityQuestion(
                                            securityQuestionDto.Question, securityQuestionDto.Answer))
                                .ToList();

            userProfile = new UserProfile(
                displayPicture: ConfigurationManager.AppSettings["DefaultURLProfileImagePath"],
                displayName: dto.UserProfileDto.DisplayName);

            // Hash password and security questions
            var saltGenerator = new SaltGenerator();
            var payloadHasher = new PayloadHasher();

            passwordSalt         = new PasswordSalt(saltGenerator.GenerateSalt(128));
            userAccount.Password = payloadHasher.Sha256HashWithSalt(passwordSalt.Salt, userAccount.Password);

            securityAnswerSalts = new List <SecurityAnswerSalt>();

            for (var i = 0; i < securityQuestions.Count; i++)
            {
                securityAnswerSalts.Add(new SecurityAnswerSalt {
                    Salt = saltGenerator.GenerateSalt(128)
                });
                securityQuestions[i].Answer = payloadHasher.Sha256HashWithSalt(securityAnswerSalts[i].Salt, securityQuestions[i].Answer);
            }

            return(new ResponseDto <bool>()
            {
                Data = true
            });
        }
Esempio n. 4
0
        /// <summary>
        /// The CreateAdmin method.
        /// Contains business logic to create an admin user.
        /// <para>
        /// @author: Jennifer Nguyen, Angelica Salas
        /// @updated: 04/26/2018
        /// </para>
        /// </summary>
        /// <param name="registerUserDto"></param>
        /// <returns>ResponseDto</returns>
        public ResponseDto <RegisterUserDto> CreateAdmin(RegisterUserDto registerUserDto)
        {
            var createIndividualPreLogicValidationStrategy = new CreateIndividualPreLogicValidationStrategy(registerUserDto);
            var securityAnswerSalts = new List <SecurityAnswerSalt>();
            var saltGenerator       = new SaltGenerator();
            var payloadHasher       = new PayloadHasher();
            var claimsFactory       = new ClaimsFactory();

            // Validate data transfer object
            var result = createIndividualPreLogicValidationStrategy.ExecuteStrategy();

            if (result.Error != null)
            {
                return(new ResponseDto <RegisterUserDto>
                {
                    Data = registerUserDto,
                    Error = result.Error
                });
            }

            // Map data transfer object to domain models
            var userAccount       = new UserAccount(username: registerUserDto.UserAccountDto.Username, password: registerUserDto.UserAccountDto.Password, isActive: true, isFirstTimeUser: false, roleType: "private");
            var securityQuestions = registerUserDto.SecurityQuestionDtos
                                    .Select(securityQuestionDto => new SecurityQuestion(
                                                securityQuestionDto.Question, securityQuestionDto.Answer))
                                    .ToList();

            //Admin User Profile
            var displayImagePath = ConfigurationManager.AppSettings["DefaultURLProfileImagePath"];
            var userProfile      = new UserProfile(displayPicture: displayImagePath, displayName: registerUserDto.UserProfileDto.DisplayName);

            // Set user claims to be stored in UserClaims table as administrator
            var userClaims = new UserClaims(claimsFactory.Create(AccountTypes.Admin));

            // Hash password
            var passwordSalt = new PasswordSalt(saltGenerator.GenerateSalt(128));

            userAccount.Password = payloadHasher.Sha256HashWithSalt(passwordSalt.Salt, userAccount.Password);

            // Hash security answers
            for (var i = 0; i < securityQuestions.Count; i++)
            {
                securityAnswerSalts.Add(new SecurityAnswerSalt {
                    Salt = saltGenerator.GenerateSalt(128)
                });
                securityQuestions[i].Answer = payloadHasher.Sha256HashWithSalt(securityAnswerSalts[i].Salt, securityQuestions[i].Answer);
            }

            var createIndividualPostLogicValdiationStrategy = new CreateIndividualPostLogicValidationStrategy(userAccount, passwordSalt, userClaims, userProfile, securityQuestions, securityAnswerSalts);
            var validateResult = createIndividualPostLogicValdiationStrategy.ExecuteStrategy();

            if (!validateResult.Data)
            {
                return(new ResponseDto <RegisterUserDto>
                {
                    Data = registerUserDto,
                    Error = GeneralErrorMessages.GENERAL_ERROR
                });
            }

            // Store user in database
            using (var userGateway = new UserGateway())
            {
                var gatewayResult = userGateway.StoreIndividualUser(userAccount, passwordSalt, userClaims, userProfile, securityQuestions, securityAnswerSalts);
                if (gatewayResult.Data == false)
                {
                    return(new ResponseDto <RegisterUserDto>()
                    {
                        Data = registerUserDto,
                        Error = GeneralErrorMessages.GENERAL_ERROR
                    });
                }
            }

            return(new ResponseDto <RegisterUserDto>
            {
                Data = registerUserDto
            });
        }
Esempio n. 5
0
        public ResponseDto <ResetPasswordDto> SsoUpdatePassword()
        {
            var resetPasswordPreLogicValidationStrategy = new ResetPasswordPreLogicValidationStrategy(_resetPasswordDto,
                                                                                                      ResetPasswordValidationTypes.UpdatePasswordValidation);
            var         saltGenerator = new SaltGenerator();
            var         payloadHasher = new PayloadHasher();
            UserAccount userAccount;

            // Validate data transfer object
            var result = resetPasswordPreLogicValidationStrategy.ExecuteStrategy();

            if (result.Error != null)
            {
                return(new ResponseDto <ResetPasswordDto>
                {
                    Data = null,
                    Error = result.Error
                });
            }

            // Get the existing UserAccount model associated with the username
            using (var userGateway = new UserGateway())
            {
                var gatewayResult = userGateway.GetUserByUsername(_resetPasswordDto.Username);
                if (gatewayResult.Error != null)
                {
                    return(new ResponseDto <ResetPasswordDto>()
                    {
                        Data = null,
                        Error = GeneralErrorMessages.GENERAL_ERROR
                    });
                }

                userAccount = gatewayResult.Data;
            }

            // Set the new password to the UserAccount model
            userAccount.Password = _resetPasswordDto.Password;

            // Hash password
            var passwordSalt = new PasswordSalt(saltGenerator.GenerateSalt(128));

            userAccount.Password = payloadHasher.Sha256HashWithSalt(passwordSalt.Salt, userAccount.Password);

            // Update the password in the database
            using (var userGateway = new UserGateway())
            {
                var gatewayResult = userGateway.UpdatePassword(userAccount, passwordSalt);
                if (gatewayResult.Error != null)
                {
                    return(new ResponseDto <ResetPasswordDto>()
                    {
                        Data = null,
                        Error = GeneralErrorMessages.GENERAL_ERROR
                    });
                }
            }

            return(new ResponseDto <ResetPasswordDto>()
            {
                Data = _resetPasswordDto
            });
        }