public bool CreateUserAccount(string username, string emailAddress, string password, string confirmPassword, int empireID, Coordinates focus, out UserAccount user, out string errors)
{
string validatedErrors;
if(this.Validate(username, emailAddress, password, confirmPassword, out validatedErrors))
{
var created = DateTime.UtcNow;
created = created.AddMilliseconds(-created.Millisecond); // strip off milliseconds so SQL doesn't do it for us
var salt = _cryptographyManager.CreateSalt();
var hash = _cryptographyManager.CreateHash(created, password, salt);
var securityUser = new SecurityUserAccount
{
CreateTS = created,
EmailAddress = emailAddress,
PasswordSalt = salt,
PasswordHash = hash,
Username = username
};
_users.CreateUserAccount(securityUser, empireID, focus);
user = _users.GetUserByUsername(username);
errors = null;
return true;
}
else
{
errors = validatedErrors;
user = null;
return false;
}
}
public void InsertSecurityUserAccount(SecurityUserAccount securityUserAccount)
{
using (IMcpDataBaseRepository Db = new McpDataBaseRepository(_connectionProvider))
{
Db.SecurityUserAccountTable.Insert(securityUserAccount);
Db.Commit();
}
}
public void Insert(SecurityUserAccount securityUserAccount)
{
#region SQL
string sql = @"INSERT INTO SecurityUserAccount
(GroupID,
AccountID,
Name,
Description,
Password,
Startup,
PWLastUpdateTime,
PWType,
CreateTime,
dModifyTime,
iFailTimes,
dLockTime,
cRoleID,
AD_CheckFlag,
cCallID,
cPWD,
DomainName)
VALUES
(@GroupID,
@AccountID,
@Name,
@Description,
@Password,
@Startup,
@PWLastUpdateTime,
@PWType,
@CreateTime,
@dModifyTime,
@iFailTimes,
@dLockTime,
@cRoleID,
@AD_CheckFlag,
@cCallID,
@cPWD,
@DomainName)";
#endregion SQL
try
{
_Connection.Execute(sql, securityUserAccount, _Transaction, commandType: CommandType.Text);
}
catch (Exception ex)
{
throw ex;
}
}
public void CreateUserAccount(SecurityUserAccount securityUser, int empireID, Coordinates coordinates)
{
if (securityUser == null) throw new ArgumentNullException("securityUser");
using (var cmd = this.SessionManager.GetCurrentUnitOfWork().CreateCommand("INSERT INTO UserAccounts (Username, EmailAddress, PasswordHash, PasswordSalt, CreateTS, EmpireID, X, Y, Z) VALUES (@Username, @EmailAddress, @PasswordHash, @PasswordSalt, @CreateTS, @Empire, @X, @Y, @Z) SELECT Scope_Identity()"))
{
cmd.AddParameter("Username", DbType.String, securityUser.Username);
cmd.AddParameter("EmailAddress", DbType.String, securityUser.EmailAddress);
cmd.AddParameter("PasswordHash", DbType.Binary, securityUser.PasswordHash);
cmd.AddParameter("PasswordSalt", DbType.String, securityUser.PasswordSalt);
cmd.AddParameter("CreateTS", DbType.DateTime, securityUser.CreateTS);
cmd.AddParameter("Empire", DbType.Int32, empireID);
cmd.AddParameter("X", DbType.Int64, coordinates.X);
cmd.AddParameter("Y", DbType.Int64, coordinates.Y);
cmd.AddParameter("Z", DbType.Int64, coordinates.Z);
securityUser.UserAccountID = (int)(decimal)cmd.ExecuteScalar();
}
}
public bool Login(string emailAddress, string password, out SecurityUserAccount currentUserAccount)
{
if (emailAddress == null) throw new ArgumentNullException("emailAddress");
if (password == null) throw new ArgumentNullException("password");
var userAccountFromRepository = _users.GetUserAccount(emailAddress);
if (userAccountFromRepository == null)
{
logger.Info("UserAcount with email address '{0}' not found", emailAddress);
currentUserAccount = null;
return false;
}
var hashForEnteredUser = _cryptographyManager.CreateHash(userAccountFromRepository.CreateTS, password, userAccountFromRepository.PasswordSalt);
var trimmedHash = userAccountFromRepository.PasswordHash.Take(hashForEnteredUser.Count()).ToArray();
if (!Enumerable.SequenceEqual(trimmedHash, hashForEnteredUser))
{
logger.Info("Password was incorrect for user '{0}'", emailAddress);
currentUserAccount = null;
return false;
}
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(userAccountFromRepository.Username), new string[] { });
currentUserAccount = userAccountFromRepository;
return true;
}
