public void JoinEvent_Pass_ValidEverything()
{
// assign
var testUId = 100;
var newTestUser = "******";
var jwtString = jwtService.CreateToken(newTestUser, testUId);
var eventid = 0;
// act
var result = attendeeManager.JoinEvent(eventid, jwtString);
Console.WriteLine(result);
Assert.IsNotNull(result);
}
public ActionResult Login(LoginRequest request)
{
// Steps for Implementation
// 1. Check if user exists
// 1. Create JWT Token
// 2. Create Session
// 3. Add Session to DB
// 4. Return JWT Token on success
var user = _userAccountService.ReadUserFromDBUsingEmail(request.EmailAddress.ToLower());
if (user == null)
{
return(new BadRequestObjectResult("User not found."));
}
if (!_passwordService.ValidatePassword(request.Password, user.PasswordSalt, user.PasswordHash))
{
// Limit attempts
// Invalidate all sessions
return(new BadRequestObjectResult("Incorrect password."));
}
string jwtToken = JWTService.CreateToken();
Session session = new Session(user.Email, jwtToken);
if (!_sessionService.AddSession(session))
{
return(new StatusCodeResult(StatusCodes.Status500InternalServerError));
}
var jsonString = JsonSerializer.Serialize(session);
var jObject = JObject.Parse(jsonString);
jObject.Add("firstName", user.FirstName);
return(new OkObjectResult(jObject.ToString()));
}
public IActionResult GetJWT([FromQuery] RequestJWTModel model)
{
var token = new JWTModel {
Token = jwtService.CreateToken(model.Id, model.Username)
};
return(Ok(token));
}
public void AssignJwt_Pass()
{
//Assign
var testUId = 99;
var newTestUser = "******";
//Act
var jwtString = jwtService.CreateToken(newTestUser, testUId);
Console.WriteLine(jwtString);
//Assert
Assert.IsNotNull(jwtString);
}
public void GetEmail_Pass()
{
// Arrange
var JwtToken = _jwtService.CreateToken("*****@*****.**", 1);
var expected = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("*****@*****.**")
};
// Act
var actual = userMan.GetEmail(JwtToken);
// Assert
Assert.AreEqual(expected.StatusCode, actual.StatusCode);
}
public async Task <IActionResult> Login(LoginModel model)
{
// TODO when use already login
// throw new Exception("test");
var ok = await userServices.ValidateUserAsync(model.Username.ToLower(), model.Password);
if (!ok)
{
return(Unauthorized(new ErrorModel {
Error = "Wrong password or username"
}));
}
var user = await dbContext.Users.FirstOrDefaultAsync(user => user.Username == model.Username);
var token = jwtService.CreateToken(user.Id, user.Username);
var userInfo = new UserInfoModel {
Token = token,
Username = user.Username,
Id = user.Id
};
return(Ok(userInfo));
}
public IHttpActionResult Authenticate([FromBody] JObject credentials)
{
if (credentials == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.UnsupportedMediaType, $"Sorry, but your credentials came in unsupported format.")));
}
Dictionary <string, object> credentialsData = _jsonToDictionaryConverter.ProvideAPIDataFromJSON(credentials);
string username = string.Empty;
string password = string.Empty;
foreach (var s in credentialsData)
{
if (s.Key.Contains("username"))
{
username = s.Value.ToString();
}
if (s.Key.Contains("password"))
{
password = s.Value.ToString();
}
}
var loginResponse = new LoginResponseVM();
bool isUsernamePasswordValid = _userValidator.ValidateUser(username, password, out Utility_class_User validatedUserModel);
//if credentials are invalid
if (!isUsernamePasswordValid)
{
FailedAttemptsFacade failedFacade = FlyingCenterSystem.GetInstance().getFacede <FailedAttemptsFacade>();
FailedLoginAttempt attemptByPassword = failedFacade.GetByPassword(password);
FailedLoginAttempt attempByUsername = failedFacade.GetByUserName(username);
bool attemptsComparsion = Statics.BulletprofComparsion(attemptByPassword, attempByUsername);
if (!attemptsComparsion)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Your username or password is incorrect, also there is no consistency between them! Acsess denied.")));
}
long failedAttemptNum = 0;
long failedAttemptNumToDisplay = 1;
bool isTheAttemptIsFirts = attemptByPassword.Equals(new FailedLoginAttempt());
if (isTheAttemptIsFirts)
{
failedFacade.AddBlackUser(new FailedLoginAttempt(username, password, 2, DateTime.Now));
}
else
{
//long.TryParse(ConfigurationManager.AppSettings["Permitted_Login_Attempts_Num"], out long permittedLOginAttempts);
if (attemptByPassword.FAILED_ATTEMPTS_NUM <= 3)
{
failedAttemptNum = attemptByPassword.FAILED_ATTEMPTS_NUM;
failedAttemptNumToDisplay = failedAttemptNum;
failedAttemptNum++;
attemptByPassword.FAILED_ATTEMPTS_NUM = failedAttemptNum;
bool isUpdated = failedFacade.UpdateBlackUser(attemptByPassword);
}
else
{
if (DateTime.Now.AddDays(-1) < attemptByPassword.FAILURE_TIME)
{
TimeSpan timeRemainder = new TimeSpan(24, 0, 0) - DateTime.Now.Subtract(attemptByPassword.FAILURE_TIME);
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, $"Sorry, but the system didn't regocnyzed you as registered user. Your accsess is denied. You're had tried to aouthorize more tham 3 times. Wait {timeRemainder.Hours} hours and {timeRemainder.Minutes} minutes until new attempt!")));
}
else
{
failedAttemptNum = 1;
attemptByPassword.FAILED_ATTEMPTS_NUM = failedAttemptNum;
attemptByPassword.FAILURE_TIME = DateTime.Now;
bool updated = failedFacade.UpdateBlackUser(attemptByPassword);
}
}
}
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, $"Sorry, but the system didn't regocnyzed you as registered user. Your accsess is denied. You're had tried to aouthorize {failedAttemptNumToDisplay} times.")));
}
//if credentials are valid
if (isUsernamePasswordValid)
{
var token = _jwtService.CreateToken(validatedUserModel);
return(Ok(token));
}
//if credentials are nt valid send unathorized status code in response
loginResponse.responseMsg.StatusCode = HttpStatusCode.Unauthorized;
IHttpActionResult response = ResponseMessage(loginResponse.responseMsg);
return(response);
}
