예제 #1
0
        public async Task <IActionResult> Post([FromForm] UserViewModel model)
        {
            var    passwordSalt = EncyrptionUtility.GenerateSalt();
            var    hashPassword = EncyrptionUtility.GenerateHashWithSalt(model.Password, passwordSalt);
            string newFileName  = "";

            if (model.ThumbnailFile != null && model.ThumbnailFile.Length > 0)
            {
                newFileName = passwordSalt + "_" + model.ThumbnailFile.FileName;

                //save user thumbnail in disk
                var uploads  = Path.Combine(_hostingEnvironment.WebRootPath, "medias/users");
                var filePath = Path.Combine(uploads, newFileName);
                using (var fileStream = new FileStream(filePath, FileMode.Create))
                {
                    await model.ThumbnailFile.CopyToAsync(fileStream);
                }
            }

            var user = new Users
            {
                Id           = Guid.NewGuid(),
                CreateDate   = DateTime.Now,
                IsActive     = true,
                Password     = hashPassword,
                PasswordSalt = passwordSalt,
                UserName     = model.UserName,
                Thumbnail    = newFileName,
            };

            await _userRepo.AddAsync(user);

            return(Ok(user.Id));
        }
예제 #2
0
        public async Task <IActionResult> Register(RegisterViewModel model)
        {
            if (ModelState.IsValid)
            {
                //check password with confirmpassword
                //check user name already!!!!!
                var saltPassword = Guid.NewGuid().ToString();
                var hashPassword = EncyrptionUtility.GenerateHashWithSalt(model.Password, saltPassword); //EncyrptionUtility.HashSHA256($"{saltPassword}{model.Password}");

                var user = new Users
                {
                    CreateDate   = DateTime.Now,
                    Id           = Guid.NewGuid(),
                    IsActive     = true,
                    UserName     = model.UserName,
                    PasswordSalt = saltPassword,
                    Password     = hashPassword
                };
                await _context.AddAsync(user);

                await _context.SaveChangesAsync();

                return(RedirectToAction("Login"));
            }
            return(View(model));
        }
예제 #3
0
        public async Task <IActionResult> Login(string userName, string password)
        {
            var user = _context.Users.SingleOrDefault(q => q.UserName == userName);

            if (user == null)
            {
                return(BadRequest("invalid username & password"));
            }

            var hashPassword = EncyrptionUtility.GenerateHashWithSalt(password, user.PasswordSalt);

            if (user.Password != hashPassword)
            {
                return(BadRequest("invalid username & password"));
            }

            var refreshToken = GenerateNewRefreshToken();
            //step 1 : invalid user refresh token
            //step 2 : insert new refreshtoken in db
            var userToken = new UserTokens
            {
                CreateDate   = DateTime.Now,
                ExpireDate   = DateTime.Now.AddMinutes(_tokenTimeOut),
                IsValid      = true,
                RefreshToken = refreshToken,
                UserId       = user.Id
            };
            await _context.AddAsync(userToken);

            await _context.SaveChangesAsync();

            var model = new LoginViewModel
            {
                FirstName    = user.UserName,
                LastName     = "Rezaei",
                Token        = GenerateNewToken(user.Id.ToString()),
                RefreshToken = refreshToken
            };

            return(Ok(model));
        }
예제 #4
0
        public async Task <IActionResult> Login([FromBody] LoginViewModel loginInfo)
        {
            var user = await _userRepo.FindAsync(q => q.UserName == loginInfo.UserName);

            if (user == null)
            {
                return(BadRequest("invalid username & password"));
            }

            var hashPassword = EncyrptionUtility.GenerateHashWithSalt(loginInfo.Password, user.PasswordSalt);

            if (user.Password != hashPassword)
            {
                return(BadRequest("invalid username & password"));
            }

            var refreshToken = GenerateNewRefreshToken();
            //step 1 : invalid user refresh token
            //step 2 : insert new refreshtoken in db
            var userToken = new UserTokens
            {
                CreateDate   = DateTime.Now,
                ExpireDate   = DateTime.Now.AddMinutes(_tokenTimeOut),
                IsValid      = true,
                RefreshToken = refreshToken,
                UserId       = user.Id
            };
            await _userTokenRepo.AddAsync(userToken);

            var model = new LoginResultViewModel
            {
                UserId       = user.Id,
                FirstName    = user.UserName,
                LastName     = "Rezaei",
                Token        = GenerateNewToken(user.Id.ToString()),
                RefreshToken = refreshToken
            };

            return(Ok(model));
        }
예제 #5
0
        public async Task <IActionResult> Login(LoginViewModel model)
        {
            if (ModelState.IsValid)
            {
                var user = _context.Users.SingleOrDefault(q => q.UserName == model.UserName);
                if (user == null)
                {
                    _logger.LogError("Invalid UserName {0}", model.UserName);
                    ModelState.AddModelError("", "invalid username & password");
                    return(View(model));
                }

                var hashPassword = EncyrptionUtility.GenerateHashWithSalt(model.Password, user.PasswordSalt);
                if (user.Password != hashPassword)
                {
                    ModelState.AddModelError("", "invalid username & password");
                    return(View(model));
                }
                var userRoles = _context.UserRoles.Where(q => q.UserId == user.Id).Select(q => q.RoleId).ToList();
                var roles     = string.Join(',', userRoles);

                var claims = new List <Claim>
                {
                    new Claim(ClaimTypes.Name, user.UserName),
                    new Claim("FullName", user.UserName),
                    new Claim("Role", roles),
                    //new Claim(ClaimTypes.Role, "Administrator"),
                };

                var claimsIdentity = new ClaimsIdentity(
                    claims, CookieAuthenticationDefaults.AuthenticationScheme);

                var authProperties = new AuthenticationProperties
                {
                    //AllowRefresh = <bool>,
                    // Refreshing the authentication session should be allowed.

                    ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(10),
                    // The time at which the authentication ticket expires. A
                    // value set here overrides the ExpireTimeSpan option of
                    // CookieAuthenticationOptions set with AddCookie.

                    //IsPersistent = true,
                    // Whether the authentication session is persisted across
                    // multiple requests. When used with cookies, controls
                    // whether the cookie's lifetime is absolute (matching the
                    // lifetime of the authentication ticket) or session-based.

                    //IssuedUtc = <DateTimeOffset>,
                    // The time at which the authentication ticket was issued.

                    //RedirectUri = <string>
                    // The full path or absolute URI to be used as an http
                    // redirect response value.
                };

                List <Permissions> userPermissions =
                    _context.Permissions.Where(q => q.RolePermissions.Any(r => userRoles.Contains(r.RoleId))).ToList();
                var key = string.Format(CacheConstants.UserPermissionsCacheKey, user.UserName);
                _cache.Set(key, userPermissions);


                await HttpContext.SignInAsync(
                    CookieAuthenticationDefaults.AuthenticationScheme,
                    new ClaimsPrincipal(claimsIdentity),
                    authProperties);
            }
            return(RedirectToAction("Index", "Home"));
        }