//ZADANIE 8 //ZADANIE 7 //[HttpPut()] public IActionResult HashAll(string IndexNumber) { using (var client = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18291;Integrated Security=True")) using (var com = new SqlCommand()) { com.Connection = client; com.CommandText = "SELECT * FROM STUDENT WHERE IndexNumber = @Index"; com.Parameters.AddWithValue("Index", IndexNumber); client.Open(); var dr = com.ExecuteReader(); dr.Read(); string Password = (string)dr["Password"]; var salt = MyHashing.CreateSalt(); string hashedPass = MyHashing.Create(Password, salt); dr.Close(); com.CommandText = "UPDATE Student SET Password = @hashed WHERE IndexNumber = @Indexe"; com.Parameters.AddWithValue("hashed", hashedPass); com.Parameters.AddWithValue("Indexe", IndexNumber); dr = com.ExecuteReader(); dr.Close(); com.CommandText = "UPDATE Student SET salt = @salt WHERE IndexNumber = @Indexs"; com.Parameters.AddWithValue("salt", salt); com.Parameters.AddWithValue("Indexs", IndexNumber); dr = com.ExecuteReader(); dr.Close(); } return(Ok()); }
public IActionResult Login(String IndexNumber, String password) { LoginRequestDTO login = new LoginRequestDTO(IndexNumber, password); Console.WriteLine(IndexNumber + " " + password); using (var client = new SqlConnection("Data Source=db-mssql;Initial Catalog=s18291;Integrated Security=True")) using (var com = new SqlCommand()) { com.Connection = client; client.Open(); com.CommandText = "select * from student WHERE IndexNumber = @index"; com.Parameters.AddWithValue("index", IndexNumber); var dr = com.ExecuteReader(); if (!dr.Read()) { return(Unauthorized("Zle dane")); dr.Close(); } string Password = (string)dr["Password"]; string salt = (string)dr["salt"]; //Console.WriteLine(salt); //Console.WriteLine(Password); //Console.WriteLine(MyHashing.Create(password, salt)); dr.Close(); if (MyHashing.Create(password, salt).Equals(Password)) { var claims = new[] { new Claim(ClaimTypes.Name, IndexNumber), new Claim(ClaimTypes.Role, "student") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["SecretKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token2 = new JwtSecurityToken ( issuer: "Admin", audience: "student", claims: claims, expires: DateTime.Now.AddMinutes(10), signingCredentials: creds ); var token = new JwtSecurityTokenHandler().WriteToken(token2); var refreshtoken = Guid.NewGuid(); com.CommandText = "UPDATE Student SET RefreshToken = @refreshToken WHERE IndexNumber = @index"; com.Parameters.AddWithValue("index", IndexNumber); com.Parameters.AddWithValue("refreshToken", refreshtoken.ToString()); dr = com.ExecuteReader(); Console.WriteLine(refreshtoken.ToString()); return(Ok(new { token2, refreshtoken })); } else { return(Unauthorized("Zle dane")); } } }