//ZADANIE 8
//ZADANIE 7
//[HttpPut()]
public IActionResult HashAll(string IndexNumber)
{
using (var client = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18291;Integrated Security=True"))
using (var com = new SqlCommand())
{
com.Connection = client;
com.CommandText = "SELECT * FROM STUDENT WHERE IndexNumber = @Index";
com.Parameters.AddWithValue("Index", IndexNumber);
client.Open();
var dr = com.ExecuteReader();
dr.Read();
string Password = (string)dr["Password"];
var salt = MyHashing.CreateSalt();
string hashedPass = MyHashing.Create(Password, salt);
dr.Close();
com.CommandText = "UPDATE Student SET Password = @hashed WHERE IndexNumber = @Indexe";
com.Parameters.AddWithValue("hashed", hashedPass);
com.Parameters.AddWithValue("Indexe", IndexNumber);
dr = com.ExecuteReader();
dr.Close();
com.CommandText = "UPDATE Student SET salt = @salt WHERE IndexNumber = @Indexs";
com.Parameters.AddWithValue("salt", salt);
com.Parameters.AddWithValue("Indexs", IndexNumber);
dr = com.ExecuteReader();
dr.Close();
}
return(Ok());
}
public IActionResult Login(String IndexNumber, String password)
{
LoginRequestDTO login = new LoginRequestDTO(IndexNumber, password);
Console.WriteLine(IndexNumber + " " + password);
using (var client = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18291;Integrated Security=True"))
using (var com = new SqlCommand())
{
com.Connection = client;
client.Open();
com.CommandText = "select * from student WHERE IndexNumber = @index";
com.Parameters.AddWithValue("index", IndexNumber);
var dr = com.ExecuteReader();
if (!dr.Read())
{
return(Unauthorized("Zle dane"));
dr.Close();
}
string Password = (string)dr["Password"];
string salt = (string)dr["salt"];
//Console.WriteLine(salt);
//Console.WriteLine(Password);
//Console.WriteLine(MyHashing.Create(password, salt));
dr.Close();
if (MyHashing.Create(password, salt).Equals(Password))
{
var claims = new[]
{
new Claim(ClaimTypes.Name, IndexNumber),
new Claim(ClaimTypes.Role, "student")
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token2 = new JwtSecurityToken
(
issuer: "Admin",
audience: "student",
claims: claims,
expires: DateTime.Now.AddMinutes(10),
signingCredentials: creds
);
var token = new JwtSecurityTokenHandler().WriteToken(token2);
var refreshtoken = Guid.NewGuid();
com.CommandText = "UPDATE Student SET RefreshToken = @refreshToken WHERE IndexNumber = @index";
com.Parameters.AddWithValue("index", IndexNumber);
com.Parameters.AddWithValue("refreshToken", refreshtoken.ToString());
dr = com.ExecuteReader();
Console.WriteLine(refreshtoken.ToString());
return(Ok(new
{
token2,
refreshtoken
}));
}
else
{
return(Unauthorized("Zle dane"));
}
}
}
