public async Task <ActionResult <User> > Create(User user)
{
if (await _userService.GetWithEmail(user.Email) != null)
{
return(Unauthorized("Email already exists."));
}
var salt = HashProvider.GetSalt();
user.IV = salt;
user.Password = HashProvider.GetHash(user.Password, salt);
user.CreatedAt = DateTime.Now;
var claims = new[]
{
new Claim(ClaimTypes.Email, user.Email)
};
user.RefreshToken = TokenProvider.GetToken
(
user,
_configuration["SecurityKey"],
DateTime.Now.AddYears(100),
claims
);
await _userService.Create(user);
return(CreatedAtRoute("GetUser", new { id = user.Id.ToString() }, user));
}
public async Task <IActionResult> RequestTokenWithCredentials(LoginRequest loginRequest)
{
var user = await _userService.GetWithEmail(loginRequest.Email);
if (user == null)
{
return(Unauthorized());
}
var match = HashProvider.GetHash(loginRequest.Password, user.IV);
if (!user.Password.Equals(HashProvider.GetHash(loginRequest.Password, user.IV)))
{
return(Unauthorized());
}
var claims = new[]
{
new Claim(ClaimTypes.PrimarySid, user.Id),
new Claim(ClaimTypes.Email, user.Email)
};
return(Ok(new
{
token = TokenProvider.GetToken
(
user,
_configuration["SecurityKey"],
DateTime.Now.AddDays(1),
claims
),
refreshToken = user.RefreshToken
}));
}
public override SoftwareInfo GetSoftware(byte[] inBuffer, IProgress <double> progress, CancellationToken token)
{
var fileName = BootProvider.GetFileName(CategoryName);
var hash = HashProvider.GetHash(inBuffer, fileName, HashName);
var hashStr = hash.Values[fileName.ToLowerInvariant()];
var hashBytes = GetHashBytes(hashStr);
Hash2Software.TryGetValue(hashBytes, out SoftwareInfo software);
return(software);
}
private void btApply_Click(object sender, EventArgs e)
{
if (ValidateInput())
{
user.WebUsername = tbWebUsername.Text;
user.PasswordHash = HashProvider.GetHash(tbPassword.Text, HashProvider.SHA256);
UserCollectionSingletone.GetInstance().Save();
Close();
}
}
public void GetHashTest(string input, long expectedValue, bool checkIfNonZero)
{
HashProvider hashProvider = new HashProvider();
long result = hashProvider.GetHash(input);
result.Should().Be(expectedValue);
if (checkIfNonZero)
{
result.Should().NotBe(0L);
}
}
public static bool AddUser(string name, string password, string claims)
{
if (users.Count(u => u.Item1 == name) == 0)
{
string salt = HashProvider.GenerateSalt(16);
string hash = HashProvider.GetHash(password, salt);
users.Add(new Tuple <string, string, string, Guid, string>(name, hash, salt, Guid.NewGuid(), claims));
return(true);
}
return(false);
}
public virtual SoftwareInfo GetSoftware(byte[] inBuffer, IProgress <double> progress, CancellationToken token)
{
var detectors = GetDetectors();
var prefix = BootProvider.GetPrefix(CategoryName);
var software = GetSoftware(detectors, prefix, inBuffer, progress, token);
if (software != null)
{
var fileName = BootProvider.GetFileName(CategoryName);
software.Hash = HashProvider.GetHash(inBuffer, fileName, HashName);
}
return(software);
}
public static Guid?ValidateUser(string username, string password)
{
Tuple <string, string, string, Guid, string> userRow = users.Where(u => String.Compare(u.Item1, username, true) == 0).FirstOrDefault();
if (userRow != null)
{
if (userRow.Item2 == HashProvider.GetHash(password, userRow.Item3))
{
return(userRow.Item4);
}
}
return(null);
}
void EditPwdControl1_OnClick(object sender, EventArgs e)
{
if (user != null && HashProvider.GetHash(EditPwdControl1.Password) == user.Password)
{
user.Password = HashProvider.GetHash(EditPwdControl1.NewPwd);
UserService.UpdateUser(user);
Response.Redirect("~/UserInfo.aspx");
}
else
{
string msg = "<script type='text/javascript'>alert('原密码错误')</script>";
Response.Write(msg);
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(txUserAccount.Text))
{
account = txUserAccount.Text;
mainUser = Alading.Web.Bussiness.UserService.GetUserByAccount(account);
if (!string.IsNullOrEmpty(txPassword.Text) && mainUser != null)
{
if (mainUser.Password == HashProvider.GetHash(txPassword.Text))
{
Session.Add("UserCode", mainUser.UserCode);
Response.Redirect("~/UserInfo.aspx");
}
}
}
}
private IList <Migration> GetMigrations(MigrationOptions options)
{
var files = Directory.EnumerateFiles(options.MigrationPath, "*.sql", SearchOption.AllDirectories);
return(files
.Select(file => new FileInfo(file))
.OrderBy(file => file.Name)
.Select(file =>
{
var sql = File.ReadAllText(file.FullName);
var hash = _hashProvider.GetHash(sql);
return new Migration {
FileName = file.Name, Sql = sql, Hash = hash
};
}).ToList());
}
void AddShopControl1_AddButtonClick(object sender, EventArgs e)
{
if (shopCode != string.Empty && shop != null)
{
shop.ShopNick = AddShopControl1.ShopNick;
shop.Sign = HashProvider.GetHash(shop.UserCode, shop.ShopNick);
shop.ShopType = AddShopControl1.ShopType;
shop.ShopTypeName = AddShopControl1.ShopTypeName;
shop.Province = AddShopControl1.Province;
shop.City = AddShopControl1.City;
shop.Area = AddShopControl1.Area;
shop.Address = AddShopControl1.Address;
shop.Tel = AddShopControl1.Tel;
Alading.Web.Bussiness.ShopService.UpdateShop(shop);
Response.Redirect("~/UserInfo.aspx");
}
}
public virtual bool UpdateSoftware(SoftwareInfo software, byte[] inBuffer)
{
if (!CategoryName.Equals(software.Category.Name, StringComparison.Ordinal))
{
return(false);
}
var detectors = GetDetectors(software.Product);
var encoding = GetEncoding(software.Product, software.Camera, software.Encoding);
var fileName = BootProvider.GetFileName(CategoryName);
software.Hash = HashProvider.GetHash(inBuffer, fileName, HashName);
var software2 = GetSoftware(detectors, inBuffer, encoding);
if (software2 != null)
{
if (software2.Product.Created != null)
{
software.Product.Created = software2.Product.Created;
}
if (software2.Build.Changeset != null)
{
software.Build.Changeset = software2.Build.Changeset;
}
if (software2.Build.Creator != null)
{
software.Build.Creator = software2.Build.Creator;
}
if (software2.Compiler != null)
{
software.Compiler = software2.Compiler;
}
if (software.Encoding == null)
{
software.Encoding = software2.Encoding;
}
return(true);
}
return(false);
}
private void SaveShop()
{
if (mainUser.MaxShop > mainUser.HasShop)
{
Alading.Web.Entity.Shop shop = new Alading.Web.Entity.Shop();
shop.ShopCode = System.Guid.NewGuid().ToString();
shop.ShopNick = AddShopControl1.ShopNick;
shop.UserCode = userCode;
shop.Sign = HashProvider.GetHash(shop.UserCode, shop.ShopNick);
shop.ShopType = AddShopControl1.ShopType;
shop.ShopTypeName = AddShopControl1.ShopTypeName;
shop.Province = AddShopControl1.Province;
shop.City = AddShopControl1.City;
shop.Area = AddShopControl1.Area;
shop.Address = AddShopControl1.Address;
shop.Tel = AddShopControl1.Tel;
Alading.Web.Bussiness.ShopService.AddShop(shop);
}
}
/// <summary>
/// Checks authentication with ZMA
/// </summary>
/// <param name="request"></param>
/// <param name="session"></param>
private void Authenticate(IHttpRequest request, IHttpSession session)
{
if (request.Param["login"].Value != null)
{
if (!webLogin.ContainsKey(session.Id))
{
webLogin.Add(session.Id, false);
}
String username = request.Param["username"].Value;
String password = request.Param["password"].Value;
var userlist = UserCollectionSingletone.GetInstance();
var user = userlist.GetUserByLogin(username);
// First check if we have access and the if we can login :-)
// I use SHA256 with salt so avoid using other authentications
if (!user.Generated && user.HasWebAccess && HashProvider.GetHash(password, HashProvider.SHA256) == user.PasswordHash)
{
webLogin[session.Id] = true;
}
}
}
void UserRegisterControl1_OnSubmitButtonClick(object sender, EventArgs e)
{
string account = UserRegisterControl1.Account;
if (account.Contains(":"))
{
string msg = "<script type='text/javascript'>alert('用户帐号不能包含(:)冒号')</script>";
Response.Write(msg);
return;
}
Alading.Web.Entity.User x = Alading.Web.Bussiness.UserService.GetUserByAccount(mainUser.Account + ":" + account);
if (x != null)
{
string msg = "<script type='text/javascript'>alert('用户帐号重复')</script>";
Response.Write(msg);
}
else
{
if (mainUser != null && mainUser.MaxUser > mainUser.HasUser)
{
Alading.Web.Entity.User user = new Alading.Web.Entity.User();
user.UserName = UserRegisterControl1.UserName;
user.Account = mainUser.Account + ":" + UserRegisterControl1.Account;
user.Address = UserRegisterControl1.Address;
user.Company = UserRegisterControl1.Company;
user.Mobile = UserRegisterControl1.Mobile;
user.Password = HashProvider.GetHash(UserRegisterControl1.Password);
user.Tel = UserRegisterControl1.Tel;
user.UserCode = System.Guid.NewGuid().ToString();
user.MaxShop = 0;
user.MaxUser = 0;
user.FirstRun = true;
user.Approve = true;
Alading.Web.Bussiness.UserService.AddUser(user);
Response.Redirect("~/UserInfo.aspx");
}
}
}
protected void btn_login_Click(object sender, EventArgs e)
{
if ((!String.IsNullOrEmpty(top_account.Text)) && (!String.IsNullOrEmpty(top_password.Text)))
{
string account = top_account.Text;
string password = HashProvider.GetHash(top_password.Text);
//只有主号可以登录
var user = UserService.GetUser(c => c.Account == account && (!c.Account.Contains(":")) && c.Password == password).FirstOrDefault();
if (user != null)
{
Session["UserCode"] = user.UserCode;
Session["UserName"] = user.UserName;
Response.Redirect("UserInfo.aspx");
}
else
{
Session["UserName"] = null;
Session["UserCode"] = null;
}
}
}
