public LoginResponseWrapper Post(LoginRequest request)
{
LoginResponseWrapper rsp = new LoginResponseWrapper();
{
try
{
var usr = database.GetUser(request.Username);
if (PasswordHasher.CheckHash(request.Password, usr.LoginHash))
{
rsp.ResponseCode = (int)ResponseConstants.SUCCES;
rsp.Description = "ok";
rsp.ApiKey = usr.ApiKey;
}
}
catch
{
rsp.ResponseCode = (int)ResponseConstants.FAIL;
rsp.Description = "Wrong password/username";
}
}
return(rsp);
}
public IActionResult ChangePassword([FromBody] ChangePasswordData change_password_data)
{
if (ModelState.IsValid == false || change_password_data.NewPassword != change_password_data.NewPasswordConfirmation)
{
return(BadRequest());
}
var currentSessionId = HttpContext.Get <Session>(_context).Id;
var session = HttpContext.Get <LoggableEntities>(_context);
var current_Admin = session == null ? null : session.Admin;
if (current_Admin != null)
{
var admin = _context.Admin.FirstOrDefault(u => u.Id == current_Admin.Id);
if (!PasswordHasher.CheckHash(change_password_data.Password, new PasswordAndSalt()
{
PasswordHash = admin.PasswordHash, PasswordSalt = admin.PasswordSalt
}))
{
return(Unauthorized());
}
var hassedPassword = PasswordHasher.Hash(change_password_data.NewPassword);
admin.PasswordHash = hassedPassword.PasswordHash;
admin.PasswordSalt = hassedPassword.PasswordSalt;
_context.Admin.Update(admin);
_context.SaveChanges();
return(Ok());
}
return(Unauthorized());
}
public IActionResult Login([FromBody] LoginData login_data)
{
var item = _context.Admin.FirstOrDefault(t => t.Username == login_data.Username || t.Email == login_data.Email);
string currentIp = HttpContext.Request.Headers["X-Forwarded-For"];
if (currentIp == null)
{
currentIp = HttpContext.Connection.RemoteIpAddress.ToString();
}
var attempt = _context.LoginAttempt.Where(a => a.IpAddress == currentIp && a.Email == login_data.Email).FirstOrDefault();
if (attempt == null)
{
attempt = new LoginAttempt {
Email = login_data.Email, IpAddress = currentIp, Attempts = 0, LastAttempt = DateTime.Now
};
_context.Add(attempt);
}
if (attempt.Attempts >= 5 && attempt.LastAttempt.AddSeconds(30).CompareTo(DateTime.Now) > 0)
{
return(StatusCode(403, new { message = "temporarily_blocked" }));
}
else if (attempt.Attempts >= 5 && attempt.LastAttempt.AddSeconds(30).CompareTo(DateTime.Now) < 0)
{
attempt.Attempts = 0;
}
if (item != null)
{
var last_login_attempt = item.LastLoginAttempt;
item.LastLoginAttempt = DateTime.Now;
_context.Update(item);
_context.SaveChanges();
if (login_data.Password != null && (last_login_attempt != null || (DateTime.Now - last_login_attempt).TotalSeconds > 3) && item.EmailConfirmed)
{
if (PasswordHasher.CheckHash(login_data.Password, new PasswordAndSalt()
{
PasswordHash = item.PasswordHash, PasswordSalt = item.PasswordSalt
}))
{
// Remove this IP from the attempts table since the login is successfull
_context.LoginAttempt.Remove(attempt);
_context.LoginAttempt.RemoveRange(_context.LoginAttempt.Where(a => a.LastAttempt.AddDays(1).CompareTo(DateTime.Now) < 0));
_context.SaveChanges();
HttpContext.Login <LoggableEntities, Admin>(env, _context, "Admin", item, new LoggableEntities()
{
Admin = item
});
return(Ok(AdminViewData.FromAdmin(item)));
}
}
}
// The login is unsuccesfull, update the attempts for this IP
attempt.Attempts = attempt.Attempts + 1;
attempt.LastAttempt = DateTime.Now;
_context.SaveChanges();
return(StatusCode(401, new { message = "login_failed" }));
}
public IActionResult ChangePassword([FromBody] ChangePasswordData change_password_data)
{
var item = _context.User.FirstOrDefault(t => t.Username == change_password_data.Username);
var session = HttpContext.Get <LoggableEntities>(_context);
var current_User = session == null ? null : session.User;
var current_Admin = session == null ? null : session.Admin;
if (item != null &&
change_password_data.Username != null && change_password_data.Password != null &&
change_password_data.NewPassword != null && change_password_data.NewPasswordConfirmation != null)
{
var allowed_items = ApiTokenValid ? _context.User : (current_User != null ? (from _User in _context.User where _User.Id == current_User.Id
select _User) : _context.User);
if (!allowed_items.Any(i => i.Id == item.Id))
{
return(Unauthorized());
}
if (change_password_data.NewPassword == change_password_data.NewPasswordConfirmation && PasswordHasher.CheckHash(change_password_data.Password, new PasswordAndSalt()
{
PasswordHash = item.PasswordHash, PasswordSalt = item.PasswordSalt
}))
{
var new_password = PasswordHasher.Hash(change_password_data.NewPassword);
item.PasswordHash = new_password.PasswordHash;
item.PasswordSalt = new_password.PasswordSalt;
_context.User.Update(item);
_context.SaveChanges();
HttpContext.ChangedPassword <User>(_context, "User", item);
// HttpContext.Login<LoggableEntities, User>(_context, "User", item, new LoggableEntities() { User = item });
return(Ok());
}
}
return(Unauthorized());
}
