public IHttpActionResult Test()
{
//string timenow = DateTime.UtcNow.ToString("dd/MM/yyyy HH:mm:ss");
//return Ok(LoginUtils.encryptToken("% u,{G l\u0003I0 X 7:\u001f ~\u001e _B\u001eq'\u0006㑋 \f P ҁګ F \u0011\t ݾ D du \u0003 \u00051_ Z\u0002 \u0018۩ .No\u0003k \u0002? r\t ]Q o .\u001f + I67 \t, ʂ \\ \u0013Zۉt ~kI p BR A \u001ea\r x E ٓ0 h 6 {0Tt\f0f,\u000b 6 Fs | ^ ZE lJS@W d dO\u0007 qv p [ \u001f \u001d L V Ձ 5+UN Tgʩq cc Vc \u0003 ", timenow));
decryptTokenData data = LoginUtils.decryptToken("JSB1LHtHICBsA0kwICAgIFggNzofIH4eICAgICBfQh5xJwbjkYsgIAwgICB/IFAg0oHaqyAgRiARCSAgIN2+IEQgIGR1IAMgIAUxXyAgWgIgGNupICAuTm8DayACPyByCSAgXVEgIG8gLh8gKyAgSTY3IAksICDKgiAgXCATWtuJdCB+a0kgIHAgQlIgIEEgIB5hDSB4IEUg2ZMwIGggICA2IHswVHQMMGYsCyA2IEZzIHwgXiBaRSAgIGxKU0BXICBkIGRPByAgIHF2ICAgcCAgICBbICAfIB0gIEwgViDVgSA1K1VOICAgVGfKqXEgY2MgVmMgAyAyNS8wNi8yMDE1IDE1OjIzOjAz");
return(Ok(data));
}
public static bool ValidateToken(string tokenInput, int idInput)
{
decryptTokenData data = LoginUtils.decryptToken(tokenInput);
WebApplication1Context context = new WebApplication1Context();
byte[] checkHash = LoginUtils.hashNoSalt(data.token);
TokenModel token = context.TokensModel.Where(a => a.tokenHash == checkHash).FirstOrDefault();
if (idInput == token.userid)
{
bool byteCheck = LoginUtils.SafeEquals(token.tokenHash, checkHash);
if (byteCheck == true)
{
if (data.utcDateTime == token.tokenDate) // TODO -- Add expiry system!
{
return(true);
}
else
{
// TODO - Log the possiblilty of tampering with the user tokens.
// This would mean the token had been decrypted and then had the date stamp edited. Suspicious activity!
return(false);
}
}
else
{
return(false);
}
}
else
{
// if the given id is not the same as the one connected to the token fail!
// saves on doing a byte check too! :)
return(false);
}
}
