public async Task <LoginUserResponse> AuthorizeAsync(LoginUserRequest request)
{
LoginUserResponse response = new LoginUserResponse();
try
{
var user = await this.userRepository.GetByCredentialsAsync(request.Email, $"{request.Email}:{request.Password}".GenerateSHA512());
if (user.IsNotNull())
{
response.User = user;
response.Token = this.tokenGenerator.Generate(user.Id.ToString());
response.Nickname = await this.nicknameRepository.GetAByUserAsync(user);
}
else
{
response.IsSuccessful = false;
response.Errors.Add(new Error()
{
Code = ((int)ErrorCodes.NotFound).ToString(), Message = "Email or Password is incorrect"
});
}
}
catch (Exception exception)
{
throw new IDMoneyException(new Error()
{
Code = ((int)ErrorCodes.Unknown).ToString(), Message = "There was a problem. Please try again later"
});
}
return(response);
}
public async Task <Response> Authenticate(LoginUserRequest request)
{
try
{
var user = await _repository.GetByEmail(request.Email);
if (!_hashService.AreEqual(request.Password, user.Hash, user.Salt))
{
return(ForbiddenResponse("Email ou senha incorretos"));
}
var response = new LoginUserResponse();
response.User = _mapper.Map <UserResponse>(user);
response.Token = _tokenService.GenerateToken(user);
response.ExpiresIn = _tokenService.GetExpirationInSeconds();
return(OkResponse(null, response));
}
catch (NullReferenceException)
{
return(NotFoundResponse("Usuário não encontrado"));
}
catch (Exception ex)
{
return(BadRequestResponse(ex.Message));
}
}
public LoginUserResponse Login(LoginUserRequest request)
{
var response = new LoginUserResponse();
try
{
//var user = DataContext.Users.Where(x => x.Username == request.Username).Include(x => x.Role).First();
var user = DataContext.Users.Where(x => x.Email == request.Email).Include(x => x.Role).Include(y => y.RolePrivileges).First();
if (user != null && user.Password == crypto.Compute(request.Password, user.PasswordSalt))
{
//Include(x => x.Role).
response = user.MapTo <LoginUserResponse>();
response.IsSuccess = true;
}
else
{
response.IsSuccess = false;
response.Message = string.Format("Failed login using email <{0}> and password <{1}>", request.Email, request.Password);
}
}
catch (System.InvalidOperationException x)
{
response.IsSuccess = false;
response.Message = string.Format("Failed login using email <{0}> and password <{1}> {2}", request.Email, request.Password, x.Message);
}
return(response);
}
public void Should_Return_User_And_Token_When_Authenticate_With_Correct_Credentials()
{
// Arrange
var fakes = new Fakes();
var fakeConfig = fakes.FakeConfiguration().Object;
var fakeUserRepository = fakes.FakeUserRepository().Object;
var tokenService = new TokenService(fakeConfig);
var hashService = new HashService();
var request = fakes.Get <LoginUserRequest>().First();
var user = fakes.Get <User>().First();
var response = new LoginUserResponse();
response.User = fakes.Mapper.Map <UserResponse>(user);
response.ExpiresIn = tokenService.GetExpirationInSeconds();
// Act
var service = new AuthService(fakes.Mapper, fakeUserRepository, tokenService, hashService);
var actual = service.Authenticate(request).Result;
var data = actual.Data as LoginUserResponse;
response.Token = data.Token; // Should use the generated token for comparison
var expected = Responses.OkResponse(null, response);
// Assert
Assert.IsType <Response>(actual);
Assert.NotNull(actual);
Assert.Equal(expected, actual, new LoginUserResponseComparer());
Assert.True(tokenService.IsValid(data.Token));
}
public LoginUserResponse Handle(LoginUserRequest request)
{
var response = new LoginUserResponse();
response.Errors = Validate(request);
if (response.HasErrors)
{
return(response);
}
try
{
request.Password = PasswordsHelper.HashPassword(request.Password);
AddSession(request, response);
return(response);
}
catch (Exception)
{
response.Errors.Add(new ErrorStatus("BAD_REQUEST"));
throw;
}
}
//static object locker = new Object();
public void Excecute(ClientObject client, ServerObject server, RoomObject room, string packet = "")
{
//lock (locker)
//{
Console.WriteLine("Login user");
var request = JsonConvert.DeserializeObject <LoginUserRequest>(packet);
var response = new LoginUserResponse();
response.Status = DB.AuthUser(request.User);
//проверяем играет ли пользователь
if (UserIsPlaying(request.User, server))
{
response.Status = ResponseStatus.UserIsPlaying;
}
Console.WriteLine($"Login user status: {response.Status.ToString()}");
//если пользователь с таким логином и паролем существует и не играет
if (response.Status == ResponseStatus.Ok)
{
response.Rooms = server.GetFreeRooms().AsEnumerable();
client.Player = new Player(request.User.Login);
Console.WriteLine($"User: {request.User.Login} successfully authorized");
}
string packetResponse = JsonConvert.SerializeObject(response);
server.SendMessageToDefiniteClient(packetResponse, client);
//}
}
public async Task <LoginUserResponse> SilentLoginAsync()
{
var user = this.CurrentUser;
this.userValidationService.ValidateLoginUser(user);
user.LastLoginDate = DateTime.UtcNow;
await this.Context.SaveChangesAsync();
var accessTokenGenerationData = new AccessTokenGenerationData
{
UserId = user.Id,
RefreshToken = Encoding.Default.GetString(user.RefreshToken),
Email = user.Email,
AuthorizationRole = user.AuthorizationRole
};
var loginUserResponse = new LoginUserResponse
{
AccessToken = this.jwtSecurityTokenService.GenerateToken(accessTokenGenerationData),
User = Mapper.Map <User, UserDto>(user)
};
return(loginUserResponse);
}
public async Task <LoginUserResponse> LoginUserAsync(LoginUserRequest loginUserRequest)
{
var user = await this.GetUserAsync(loginUserRequest.Username);
this.userValidationService.ValidateLoginUser(user);
this.passwordService.CheckPassword(loginUserRequest.Password, user.HashedPassword);
user.LastLoginDate = DateTime.UtcNow;
await this.Context.SaveChangesAsync();
var accessTokenGenerationData = new AccessTokenGenerationData
{
UserId = user.Id,
RefreshToken = Encoding.Default.GetString(user.RefreshToken),
Email = user.Email,
AuthorizationRole = user.AuthorizationRole
};
var loginUserResponse = new LoginUserResponse
{
AccessToken = this.jwtSecurityTokenService.GenerateToken(accessTokenGenerationData),
User = Mapper.Map <User, UserDto>(user)
};
return(loginUserResponse);
}
public async Task <LoginUserResponse> LoginAsync(LoginUserRequest request)
{
var user = await _context.ApplicationUsers.SingleOrDefaultAsync(u => u.Email == request.Email);
if (user == null)
{
return(null);
}
var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, false);
if (!result.Succeeded)
{
return(null);
}
var generatedToken = await _jwtGenerator.CreateTokenAsync(user);
var responseDto = new LoginUserResponse()
{
Token = generatedToken.Token,
RefreshToken = generatedToken.RefreshToken,
};
return(responseDto);
}
public async void Should_Return_Ok_When_Authenticate_With_Correct_Credentials()
{
// Arrange
RemoveClientAuthToken(_fixture.Client);
var data = Fakes.Get <LoginUserRequest>().First();
var loginResponse = new LoginUserResponse();
loginResponse.User = Fakes.Get <UserResponse>().First();
// Act
var request = await _fixture.Client.PostAsJsonAsync("api/v1/auth/login", data);
var response = await request.Content.ReadAsAsync <Response>();
response.Data = ((JObject)response.Data).ToObject <LoginUserResponse>();
var responseData = response.Data as LoginUserResponse;
loginResponse.Token = responseData.Token; // Should use the generated token for comparison
loginResponse.ExpiresIn = responseData.ExpiresIn;
var expected = Responses.OkResponse(null, loginResponse);
// Assert
Assert.True(request.IsSuccessStatusCode);
Assert.Equal(expected, response, new LoginUserResponseComparer());
}
public LoginUserResponse Login(LoginUserRequest request)
{
var response = new LoginUserResponse();
try
{
//var user = DataContext.Users.Where(x => x.Username == request.Username).Include(x => x.Role).First();
var user = DataContext.Users.Where(x => x.Email == request.Email || x.Username == request.Email).Include(x => x.Role).Include(y => y.RolePrivileges).First();
if (user != null && user.Password == crypto.Compute(request.Password, user.PasswordSalt))
{
//Add For Update Password
int HashIteration = int.Parse(user.PasswordSalt.Substring(0, user.PasswordSalt.IndexOf('.')), System.Globalization.NumberStyles.Number);
if (HashIteration > 10)
{
ChangePassword(new ChangePasswordRequest
{
Id = user.Id,
Old_Password = request.Password,
New_Password = request.Password
});
}
//Include(x => x.Role).
response = user.MapTo <LoginUserResponse>();
response.IsSuccess = true;
}
else
{
response.IsSuccess = false;
response.Message = string.Format("Failed login using email <{0}> and password <{1}>", request.Email, request.Password);
}
if (response.IsSuccess)
{
var userlogin = new UserLogin
{
User = user,
IpAddress = request.IpAddress,
Browser = request.Browser,
HostName = request.HostName,
LastLogin = DateTime.Now
};
DataContext.UserLogins.Add(userlogin);
DataContext.SaveChanges();
response.UserLogin = userlogin.MapTo <LoginUserResponse.Login>();
response.UserLogin.Id = userlogin.Id;
}
}
catch (System.InvalidOperationException x)
{
response.IsSuccess = false;
response.Message = string.Format("Failed login using email <{0}> and password <{1}> {2}", request.Email, request.Password, x.Message);
}
return(response);
}
public void Login_User(LoginUserResponse loginResponse)
{
"Given I have an user".x(async() => await GivenUserAsync());
"When user logged in".x(async() => loginResponse = await LoginUserAsync());
"Then access token is generated".x(
() =>
{
loginResponse.AccessToken.Should().NotBeNull();
loginResponse.ExpiresIn.Should().BeGreaterThan(0);
});
}
public LoginUserResponse ValidateLogin(LoginUserRequest request)
{
LoginUserResponse response = new LoginUserResponse();
try
{
if (request.SecurityString == ConfigurationManager.AppSettings[Constants.APP_SETTING_SECURITY_TOKEN])
{
LacesDataModel.User.User user = new LacesDataModel.User.User();
user.UserName = request.UserName;
user.Password = request.Password;
if (user.ValidateLogin())
{
if (user.UserId > 0)
{
response.UserId = user.UserId;
response.Success = true;
response.Message = "Validation succesful.";
}
else
{
response.UserId = 0;
response.Success = false;
response.Message = "Invalid credentials";
}
}
else
{
response = new LoginUserResponse();
response.UserId = 0;
response.Success = false;
response.Message = "An error occurred when communicating with the database.";
}
}
else
{
response.Success = false;
response.Message = "Invalid security token.";
}
}
catch
{
response = new LoginUserResponse();
response.UserId = 0;
response.Success = false;
response.Message = "An unexpected error has occurred; please verify the format of your request.";
}
return(response);
}
public async Task Login(LoginUserResponse accessToken)
{
_refreshToken = accessToken.RefreshToken;
_accessToken = accessToken.AccessToken;
await _secureBlobCache.InsertObject(AccessTokenKey, accessToken.AccessToken);
await _secureBlobCache.InsertObject(RefreshTokenKey, accessToken.RefreshToken);
await _localMachineCache.InsertObject(IsNewUserKey, false);
IsNewUser = false;
AccessToken = accessToken.AccessToken;
}
public void SetUp()
{
_userRepository = new Mock <IUserRepository>();
_userRepository.Setup(x => x.GetByEmail(It.IsAny <string>(), It.IsAny <string>())).Returns(new GetUserResponse {
User = new UserRecord {
Id = 1
}
});
var subject = new UserService(_userRepository.Object);
_result = subject.Login("*****@*****.**", "password");
}
public async Task <IResponse> Process(IRequest request)
{
try
{
LoginUserRequest lr = request as LoginUserRequest;
LoginUserResponse response = new LoginUserResponse();
if (!string.IsNullOrEmpty(lr.UserName) && !string.IsNullOrEmpty(lr.Password))
{
//Compute actor id for user name
ActorId userid = lr.UserName.ToLowerInvariant().ToMD5GuidActorId();
var userproxy = userid.Proxy <IUser>();
bool exists = await userproxy.isCreatedAsync(); //Note: change to NOT create actors later, possible vector
if (exists)
{
var loginproxy = userid.Proxy <ILogin>();
if (await loginproxy.ValidatePassword(lr.Password))
{
response.UserId = userid.GetGuidId();
response.Status = System.Net.HttpStatusCode.OK;
}
else
{
response.UserId = Guid.Empty;
response.Status = System.Net.HttpStatusCode.Forbidden;
}
}
else
{
//Already exists
response.UserId = Guid.Empty;
response.Status = System.Net.HttpStatusCode.NotFound;
}
return(response);
}
else
{
response.UserId = Guid.Empty;
response.Status = System.Net.HttpStatusCode.BadRequest;
}
return(response);
}
catch (Exception E)
{
E.Log();
ErrorResponse errorresponse = new ErrorResponse(E.Message);
return(errorresponse);
}
}
public string Login(string name, string password)
{
LoginUserResponse response = _userService.Login(new LoginUserRequset()
{
Name = name, Password = password
});
if (response.IsSucess && response.User != null)
{
return(JsonHelper.SerializeObject(response.User));
}
else
{
return(JsonHelper.SerializeObject("false" + response.Message));
}
}
public void SetUp()
{
_userRepository = new Mock <IUserRepository>();
_userRepository.Setup(x => x.GetByEmail(It.IsAny <string>(), It.IsAny <string>())).Returns(new GetUserResponse
{
HasError = true,
Error = new Error
{
Code = ErrorCodes.DatabaseError
}
});
var subject = new UserService(_userRepository.Object);
_result = subject.Login("*****@*****.**", "password");
}
private async Task DoLogin(LoginUserResponse response)
{
var token = GetFormattedToken(response.AccessToken);
var claims = new List <Claim>();
claims.Add(new Claim("JWT", response.AccessToken));
claims.AddRange(token.Claims);
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties {
ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(60), IsPersistent = true
};
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);
}
public void TestGoogleLoginUserXmlGetAttributes()
{
string xml =
@"<roar tick=""128455369786"">
<google>
<login_user status=""ok"">
<auth_token>ABCDEF</auth_token>
<player_id>1231231</player_id>
</login_user>
</google>
</roar>" ;
System.Xml.XmlElement nn = RoarExtensions.CreateXmlElement(xml);
Roar.DataConversion.Responses.Google.LoginUser login_user_parser = new Roar.DataConversion.Responses.Google.LoginUser();
LoginUserResponse response = login_user_parser.Build(nn);
Assert.AreEqual(response.auth_token, "ABCDEF");
Assert.AreEqual(response.player_id, "1231231");
}
public void TestLoginUserXmlGetAttributes()
{
string xml =
@"<roar tick=""128455461333"">
<admin>
<login_user status=""ok"">
<!-- Used to identify this session in subsequent calls -->
<auth_token>2034623793</auth_token>
<player_id>12312312312</player_id>
</login_user>
</admin>
</roar>" ;
System.Xml.XmlElement nn = RoarExtensions.CreateXmlElement(xml);
Roar.DataConversion.Responses.Admin.LoginUser login_user_parser = new Roar.DataConversion.Responses.Admin.LoginUser();
LoginUserResponse response = login_user_parser.Build(nn);
Assert.AreEqual(response.auth_token, "2034623793");
Assert.AreEqual(response.player_id, "12312312312");
}
public HttpResponseMessage Login(LoginUserRequest request)
{
LoginUserResponse response = new LoginUserResponse();
ToDoUser tempUser = new ToDoUser();
tempUser.email = request.email;
tempUser.Password = request.Password;
//validating user
if (_authManager.ValidateUser(tempUser))
{
tempUser = _authManager.GetUser(tempUser.email);
response.SessionId = _sessionManager.CreateSession(tempUser);
return(Request.CreateResponse(HttpStatusCode.OK, response));
}
else
{
return(Request.CreateResponse(HttpStatusCode.NotFound, response));
}
}
private HttpCookie SetLoginCookie(LoginUserResponse response)
{
var customPrincipalViewModel = new CustomPrincipalViewModel
{
Id = response.UserLogin.Id,
FirstName = response.FirstName,
LastName = response.LastName
};
var userData = new JavaScriptSerializer().Serialize(customPrincipalViewModel);
var authTicket = new FormsAuthenticationTicket(1, response.CustomerId, DateTime.Now, DateTime.Now.AddMinutes(60), false,
userData);
var encryptedTicket = _formsAuthentication.Encrypt(authTicket);
return(new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
{
HttpOnly = true, Expires = authTicket.Expiration
});
}
private void AddSession(LoginUserRequest request, LoginUserResponse response)
{
var user = _usersRepository.ReturnIfExsists(request.Email, request.Password);
var sessionId = CreateSessionId();
var expires = DateTime.Now.AddMinutes(20);
var session = new Models.UserSession()
{
Expires = expires,
UserId = user.Id, //TODO fix
Ticket = sessionId
};
response.ExpireDate = expires;
_userSessionRepository.AddSession(session);
response.Ticket = sessionId;
}
public bool CheckUserName(UserForSingIn user)
{
using (var sqlConnection = new SqlConnection(_confidentialInfo.ConnectionString))
{
sqlConnection.Open();
LoginUserResponse responseUser = sqlConnection.Query <LoginUserResponse>("usp_GetUserDataForLogin", new { @username = user.Username }, commandType: CommandType.StoredProcedure).FirstOrDefault();
string passwordHashed = String.Concat(user.Password, responseUser.Salt);
string hashedPasswordAndSalt = GetSwcSHA1(passwordHashed);
if (!hashedPasswordAndSalt.Equals(responseUser.Password))
{
return(false);
}
else
{
return(true);
}
}
}
public override void Execute(string packet)
{
LoginUserResponse loginUserResponse = JsonConvert.DeserializeObject <LoginUserResponse>(packet);
switch (loginUserResponse.Status)
{
case ResponseStatus.Ok:
Application.Current.Dispatcher.Invoke(() =>
{
SetPage(new RoomsPage());
(ClientObject.view as RoomViewModel).Rooms = new ObservableCollection <Room>(loginUserResponse.Rooms);
});
break;
case ResponseStatus.Bad:
unlock();
(ClientObject.view as UserViewModel).Status = "Ошибка на стороне сервера";
break;
case ResponseStatus.UserDoesntExist:
unlock();
(ClientObject.view as UserViewModel).Status = "Пользователь с таким логином не существует";
break;
case ResponseStatus.WrongPassword:
unlock();
(ClientObject.view as UserViewModel).Status = "Был введён неверный пароль";
break;
case ResponseStatus.UserIsPlaying:
unlock();
(ClientObject.view as UserViewModel).Status = "Пользователь с таким логином уже играет";
break;
}
}
public LoginUserResponse Login(LoginUserRequest req)
{
LoginUserResponse res = new LoginUserResponse();
try
{
User user;
using (UserDatabase daUser = new UserDatabase())
{
user = daUser.LoginUserAsync(req.Email, $"{req.Email}:{req.Password}".GenerateSHA512());
}
if (user != null)
{
res.User = user;
//res.Token = BuildToken(user);
res.IsSuccessful = true;
}
else
{
res.IsSuccessful = false;
res.Errors.Add(new Error()
{
Code = ((int)ErrorCodes.NotFound).ToString(), Message = "Email or Password is incorrect"
});
}
}
catch (Exception)
{
res.IsSuccessful = false;
res.Errors.Add(new Error()
{
Code = ((int)ErrorCodes.Unknown).ToString(), Message = "There was a problem. Please try again later"
});
}
return(res);
}
public void UpdateUser()
{
try
{
UpdateUserResponse response = null;
LoginUserResponse login = _userService.Login(new LoginUserRequset()
{
Name = "hy", Password = "******"
});
response = _userService.UpdateUser(new UpdateUserRequest()
{
Id = login.User.Id,
RoleId = login.User.RoleId,
Email = login.User.Email,
Duty = login.User.Duty,
Password = "******",
Name = login.User.Name
});
Assert.IsTrue(response.IsSucess && response.User != null);
response = _userService.UpdateUser(new UpdateUserRequest()
{
Id = login.User.Id,
RoleId = login.User.RoleId,
Email = login.User.Email,
Duty = login.User.Duty,
Password = "******",
Name = login.User.Name
});
Assert.IsTrue(response.IsSucess && response.User != null);
}
catch (Exception ex)
{
Assert.IsTrue(false);
}
}
public async Task Return_200_When_User_Logged_In_Successfully()
{
var expectedResult = new LoginUserResponse
{
AccessToken = "access-token",
ExpiresIn = 100
};
_mediatorMock
.Setup(x => x.Send(It.IsAny <LoginUserCommand>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(new LoginUserCommandResult(expectedResult.AccessToken, expectedResult.ExpiresIn));
var actualResult = await _sut.LoginUserAsync(new LoginUserRequest
{
Email = "*****@*****.**",
Password = "******"
});
actualResult.Should().BeOfType <OkObjectResult>()
.Which.Value
.Should().BeEquivalentTo(expectedResult);
_mediatorMock.Verify(x => x.Send(It.IsAny <LoginUserCommand>(), It.IsAny <CancellationToken>()), Times.Once);
}
public void Login()
{
try
{
LoginUserResponse response = null;
response = _userService.Login(new LoginUserRequset()
{
Name = "hy", Password = "******"
});
Assert.IsTrue(response.IsSucess && response.User != null);
response = _userService.Login(new LoginUserRequset()
{
Name = "hy", Password = ""
});
Assert.IsTrue(response.IsSucess == false && response.Message.Contains("no suitable user!"));
}
catch (Exception ex)
{
Assert.IsTrue(false);
}
}
