public async Task <IHttpActionResult> Validate(NoncePairDto noncePair) { if (ModelState.IsValid) { var session = await db.Sessions.SingleOrDefaultAsync( QueryHelper.GetSessionObjectValidationQuery(noncePair.Session)); if (session != null) { var validator = db.UserPhoneNumberValidators.Where(v => v.UserId == session.User.Id).OrderByDescending(v => v.CreatedAt) .First(); if (validator.SecurityToken == HasherHelper.sha256_hash(noncePair.Nonce.ToString())) { validator.IsValidated = true; validator.ValidatedAt = DateTime.Now; return(Ok()); } return(NotFound()); //Wrong Nonce } return(Unauthorized()); } return(BadRequest()); }
public UserController(SqliteContext sqliteContext, UserHelper userHelper, ValidationHelper validationHelper, HasherHelper hasherHelper, TokenHelper tokenHelper, ApplicationSettings applicationSettings) { db = sqliteContext; UserHelper = userHelper; ValidationHelper = validationHelper; HasherHelper = hasherHelper; TokenHelper = tokenHelper; ApplicationSettings = applicationSettings; }
public bool Register(UserRegisterDTO userRegisterDTO) { _userService.Add(new User { FullName = userRegisterDTO.FullName, Username = userRegisterDTO.UserName, Password = HasherHelper.ComputeSha256Hash(userRegisterDTO.Password), }); return(_userService.SaveChanges()); }
/// <summary> /// Checks whether token is equal to security token, if yes set the primary phone number with temporary. /// </summary> /// <param name="token"></param> /// <returns> /// True : if old phone number has replaced with new one. /// False : if old phone number has not replaced with new one. /// </returns> public bool ValidateNewPhoneNumber(AppDbContext db, int token) { var validator = db.UserPhoneNumberValidators.Where(v => v.UserId == Id).OrderByDescending(v => v.CreatedAt) .First(); if (validator.SecurityToken == HasherHelper.sha256_hash(token.ToString())) { PhoneNumber = validator.TargetNumber; validator.IsValidated = true; validator.ValidatedAt = DateTime.Now; return(true); } return(false); }
public async Task <IHttpActionResult> Active(NoncePairDto pendingSession) { if (ModelState.IsValid) { var session = await db .Sessions .Where(QueryHelper.GetPendingSessionQuery(pendingSession)) .SingleOrDefaultAsync(); if (session == null) { return(NotFound()); //Wrong Nonce Entered } session.User.State = UserState.ACTIVE; session.User.UpdatedAt = DateTime.Now; session.ActivationMoment = DateTime.Now; session.State = SessionState.ACTIVE; //We add the registered phone number to user's validated phone number. if (session.User.PhoneNumber != null) { var newValidator = new UserPhoneNumberValidator() { UserId = session.User.Id, TargetNumber = session.User.PhoneNumber, SecurityToken = HasherHelper.sha256_hash(pendingSession.Nonce.ToString()), IsValidated = true, CreatedAt = DateTime.Now, ValidatedAt = DateTime.Now }; db.UserPhoneNumberValidators.Add(newValidator); } await db.SaveChangesAsync(); SessionInfoObject sessionInfo = new SessionInfoObject() { SessionKey = session.SessionKey, SessionId = session.Id }; return(Ok(sessionInfo)); } return(BadRequest()); }
public void Hash_password() { var Password = "******"; var result = string.Empty; try { result = HasherHelper.Hash(Password); } catch (Exception ex) { result = null; } Assert.IsNotNull(result); }
public IActionResult PasswordReset(string token, [FromBody] ResetPasswordDataModel model) { //http://stackoverflow.com/questions/25372035/not-able-to-validate-json-web-token-with-net-key-to-short if (ModelState.IsValid) { if (model.NewPassword == null || model.NewPassword == "") { return(BadRequest("Password is required")); } if (model.NewPassword != model.ConfirmPassword) { return(BadRequest("Passwords do not match")); } if (!UserHelper.IsValidPassword(model.NewPassword)) { return(BadRequest("Password is not complex enough.")); } PasswordRecoveryToken recoveryToken = TokenHelper.DecodeStandardJwtToken <PasswordRecoveryToken>(token); User user = UserHelper.GetUserById(recoveryToken.UserId); string newSalt = UserHelper.CreatUserSalt(); string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt); var updatePasswordAndSalt = Builders <User> .Update .Set(u => u.Salt, newSalt) .Set(u => u.Password, newPasswordHash); user.Salt = newSalt; user.Password = newPasswordHash; db.Users.Update(user); return(Ok()); } else { return(BadRequest(ModelState)); } }
public bool Login(UserLoginDTO userLoginDTO, out SessionUser sessionUser) { sessionUser = null; var hasshedpass = HasherHelper.ComputeSha256Hash(userLoginDTO.Password); var user = _userService.FirstOrDefault(x => x.Username.ToLower() == userLoginDTO.UserName && x.Password == hasshedpass); if (user != null) { sessionUser = new SessionUser { Id = user.Id, FullName = user.FullName, Username = user.Username, Role = user.Role, }; return(true); } return(false); }
public ActionResult Edit(AdminViewModel admin) { if (ModelState.IsValid) { var adminInDb = db.Admins.SingleOrDefault(s => s.Id == admin.Id); if (adminInDb != null) { adminInDb.Username = admin.Username; adminInDb.Password = HasherHelper.sha256_hash(admin.Password); adminInDb.Email = admin.Email; adminInDb.FirstName = admin.FirstName; adminInDb.LastName = admin.LastName; adminInDb.IsCompleted = true; db.SaveChanges(); return(RedirectToAction("Index", "Home")); } } return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "Bad Request")); }
public async Task <IHttpActionResult> ForgotPasswordReset( ForgotPasswordValidationDto forgotPasswordValidationDto) { if (ModelState.IsValid) { User user = await db.Users.SingleOrDefaultAsync(q => q.SecurityToken == forgotPasswordValidationDto.ForgetPassCode); if (user == null) { return(NotFound()); //Wrong Code } user.Password = HasherHelper.sha256_hash(forgotPasswordValidationDto.Password); user.SecurityToken = 0; await db.SaveChangesAsync(); return(Ok()); } return(BadRequest()); }
/// <summary> /// Set temporary phone number and send security token to the user's new phone number. /// </summary> /// <param name="newPhoneNumber"></param> /// <returns>smsSent</returns> public bool ChangePhoneNumber(AppDbContext db, string newPhoneNumber) { bool smsSent = true; int nonce = RandomHelper.RandomInt(10000, 99999); var validator = new UserPhoneNumberValidator() { UserId = Id, TargetNumber = newPhoneNumber, SecurityToken = HasherHelper.sha256_hash(nonce.ToString()), IsValidated = false, CreatedAt = DateTime.Now }; db.UserPhoneNumberValidators.Add(validator); if (MessageHelper.SendSMS_K(nonce.ToString(), newPhoneNumber, MessageHelper.SMSMode.VERIFICATION) != null) { smsSent = false; } return(smsSent); }
public async Task <IHttpActionResult> Create(PhoneNumberValidatorDto phoneNumberValidatorDto) { if (ModelState.IsValid) { var session = await db.Sessions.SingleOrDefaultAsync( QueryHelper.GetSessionObjectValidationQuery(phoneNumberValidatorDto.Session)); if (session != null) { var smsSent = true; int nonce = RandomHelper.RandomInt(10000, 99999); var validator = new UserPhoneNumberValidator() { UserId = session.User.Id, TargetNumber = phoneNumberValidatorDto.PhoneNumber, SecurityToken = HasherHelper.sha256_hash(nonce.ToString()), IsValidated = false, CreatedAt = DateTime.Now }; db.UserPhoneNumberValidators.Add(validator); await db.SaveChangesAsync(); if (MessageHelper.SendSMS_K(nonce.ToString(), phoneNumberValidatorDto.PhoneNumber, MessageHelper.SMSMode.VERIFICATION) != null) { smsSent = false; } return(Ok()); } return(Unauthorized()); } return(BadRequest()); }
public ActionResult Login(AdminLoginViewModel adminLogin) { if (ModelState.IsValid) { var admin = db.Admins.SingleOrDefault(a => a.Username == adminLogin.Username); if (admin != null) { if (!admin.IsCompleted) { CreateSession(admin); return(RedirectToAction("Edit")); } var hashPassword = HasherHelper.sha256_hash(adminLogin.Password); if (admin.Password == hashPassword) { CreateSession(admin); if (adminLogin.RememberMe) { HttpCookie cookie = new HttpCookie("Login"); cookie.Values.Add("Username", adminLogin.Username); cookie.Expires.AddDays(15); Response.Cookies.Add(cookie); } return(RedirectToAction("Index", "Home")); } } ModelState.AddModelError(string.Empty, "The user name or password is incorrect."); return(View(adminLogin)); } return(View(adminLogin)); }
public void Hash_Verify() { var Password = "******"; var HashKey = "Qs4gIHiM$TFHASH$V2$dCnbEg1Xb44bZ2GuZuk2/nDm6QUqfUiCmnj6RnDa"; var result = string.Empty; try { if (HasherHelper.Verify(Password, HashKey)) { result = "TRUE"; } else { result = HasherHelper.Message; } } catch (Exception ex) { result = null; } Assert.Equals(result, "TRUE"); }
public string ComputeSha256Hash(string data) { return(HasherHelper.ComputeSha256Hash(data)); }
public async Task <IHttpActionResult> SignUp(UserSignUpViewModel userSignUp) { if (ModelState.IsValid) { User user = null; if (!string.IsNullOrEmpty(userSignUp.PhoneNumber)) { user = await db.Users.OrderByDescending(v => v.CreatedAt).FirstOrDefaultAsync(q => q.PhoneNumber == userSignUp.PhoneNumber); } else if (!string.IsNullOrEmpty(userSignUp.Email)) { user = await db.Users.OrderByDescending(v => v.CreatedAt).FirstOrDefaultAsync(q => q.Email == userSignUp.Email); } else { return(BadRequest()); } Session session = null; var randomNonce = RandomHelper.RandomInt(10000, 99999); if (user == null || user.State == UserState.DELETED) //New User { user = new User() { FirstName = userSignUp.FirstName, LastName = userSignUp.LastName, PhoneNumber = userSignUp.PhoneNumber, Email = userSignUp.Email, Password = HasherHelper.sha256_hash(userSignUp.Password), CreatedAt = DateTime.Now, UpdatedAt = DateTime.Now, State = UserState.PENDING }; db.Users.Add(user); session = new Session() { Nonce = randomNonce, State = SessionState.PENDING, InitMoment = DateTime.Now, SessionKey = RandomHelper.RandomString(32), FCMToken = userSignUp.FCMToken, SessionPlatform = (SessionPlatform)userSignUp.SessionPlatform, UniqueCode = userSignUp.UniqueCode, User = user }; db.Sessions.Add(session); await db.SaveChangesAsync(); } else { if (user.State == UserState.PENDING) //multiple requests { // We abolish the old sessions first, then we create new sessions db.Sessions .Where(q => q.UniqueCode == userSignUp.UniqueCode) .Where(q => q.State == SessionState.PENDING) .ToList() .ForEach(q => q.State = SessionState.ABOLISHED); session = new Session() { Nonce = randomNonce, State = SessionState.PENDING, InitMoment = DateTime.Now, SessionKey = RandomHelper.RandomString(32), FCMToken = userSignUp.FCMToken, SessionPlatform = (SessionPlatform)userSignUp.SessionPlatform, UniqueCode = userSignUp.UniqueCode, User = user }; db.Sessions.Add(session); user.FirstName = userSignUp.FirstName; user.LastName = userSignUp.LastName; user.PhoneNumber = userSignUp.PhoneNumber; user.Email = userSignUp.Email; user.Password = HasherHelper.sha256_hash(userSignUp.Password); user.UpdatedAt = DateTime.Now; await db.SaveChangesAsync(); } else if (user.State == UserState.ACTIVE) //already registered user - use login form { return(Conflict()); } else if (user.State == UserState.SUSPENDED) //this phonenumber/email has been suspended { return(StatusCode(HttpStatusCode.Forbidden)); } } var receptorPhone = userSignUp.PhoneNumber; var receptorMail = userSignUp.Email; var token = randomNonce.ToString(); if (receptorMail != null) //Mail { MessageHelper.CodeVerificationEmail(token, receptorMail, MessageHelper.EmailMode.VERIFICATION); } if (receptorPhone != null) { if (MessageHelper.SendSMS_K(token, receptorPhone, MessageHelper.SMSMode.VERIFICATION) != null) //SMS { return(InternalServerError()); } } return(Json(new { SessionId = session?.Id ?? -1, SessionKey = session?.SessionKey ?? null })); } return(BadRequest()); }
public async Task <IHttpActionResult> SignUp(UserSignUpEmailViewModel userSignUpEmail) { if (ModelState.IsValid) { User user = await db.Users.OrderByDescending(v => v.CreatedAt).FirstOrDefaultAsync(q => q.Email == userSignUpEmail.Email); Session session = null; var randomNounce = RandomHelper.RandomInt(10000, 99999); if (user == null || user.State == UserState.DELETED) //New User { user = new User() { FirstName = userSignUpEmail.FirstName, LastName = userSignUpEmail.LastName, PhoneNumber = userSignUpEmail.PhoneNumber, Email = userSignUpEmail.Email, Password = HasherHelper.sha256_hash(userSignUpEmail.Password), CreatedAt = DateTime.Now, UpdatedAt = DateTime.Now, State = UserState.PENDING }; db.Users.Add(user); session = new Session() { Nonce = randomNounce, State = SessionState.PENDING, InitMoment = DateTime.Now, SessionKey = RandomHelper.RandomString(32), FCMToken = userSignUpEmail.FCMToken, SessionPlatform = (SessionPlatform)userSignUpEmail.SessionPlatform, UniqueCode = userSignUpEmail.UniqueCode, User = user }; db.Sessions.Add(session); await db.SaveChangesAsync(); } else { if (user.State == UserState.PENDING) //multiple requests { db.Sessions .Where(q => q.UniqueCode == userSignUpEmail.UniqueCode) .Where(q => q.State == SessionState.PENDING) .ToList() .ForEach(q => q.State = SessionState.ABOLISHED); session = new Session() { Nonce = randomNounce, State = SessionState.PENDING, InitMoment = DateTime.Now, SessionKey = RandomHelper.RandomString(32), FCMToken = userSignUpEmail.FCMToken, SessionPlatform = (SessionPlatform)userSignUpEmail.SessionPlatform, UniqueCode = userSignUpEmail.UniqueCode, User = user }; db.Sessions.Add(session); await db.SaveChangesAsync(); } else if (user.State == UserState.ACTIVE) //already registered user - use login form { return(Conflict()); } else if (user.State == UserState.SUSPENDED) //this user has been suspended { return(StatusCode(HttpStatusCode.Forbidden)); } } var receptor = userSignUpEmail.Email; var token = randomNounce.ToString(); MessageHelper.CodeVerificationEmail(token, receptor, MessageHelper.EmailMode.VERIFICATION); return(Json(new { SessionId = session?.Id ?? -1 })); } return(BadRequest()); }
public async Task <IHttpActionResult> Login(LoginDto loginInfo) { if (ModelState.IsValid) { User user = null; var hashPassword = HasherHelper.sha256_hash(loginInfo.Password); if (!string.IsNullOrEmpty(loginInfo.Email)) { user = await db.Users.SingleOrDefaultAsync(q => q.Email == loginInfo.Email && q.Password == hashPassword); } else if (!string.IsNullOrEmpty(loginInfo.PhoneNumber)) { user = await db.Users.SingleOrDefaultAsync(q => q.PhoneNumber == loginInfo.PhoneNumber && q.Password == hashPassword); } else { return(BadRequest()); } if (user == null) //Not Registered User - Use Sign up form { return(NotFound()); } switch (user.State) { case UserState.ACTIVE: var sessionKey = RandomHelper.RandomString(32); Session newSession = new Session() { Nonce = null, State = SessionState.ACTIVE, InitMoment = DateTime.Now, ActivationMoment = DateTime.Now, SessionKey = sessionKey, FCMToken = loginInfo.FCMToken, SessionPlatform = (SessionPlatform)loginInfo.SessionPlatform, UniqueCode = loginInfo.UniqueCode, User = user }; db.Sessions.Add(newSession); await db.SaveChangesAsync(); SessionInfoObject sessionIfInfoObject = new SessionInfoObject() { SessionKey = sessionKey, SessionId = newSession.Id, }; //OK return(Ok(sessionIfInfoObject)); case UserState.PENDING: //Not confirmed user return(Conflict()); case UserState.SUSPENDED: return(StatusCode(HttpStatusCode.Forbidden)); case UserState.DELETED: return(StatusCode(HttpStatusCode.Gone)); } } return(BadRequest()); }
public IActionResult ChangePassword(string id, [FromBody] ChangePasswordDataModel model) { if (ModelState.IsValid) { User user = UserHelper.GetUserById(User.Identity.Name); //Ensure that the requesting user is changing their own password. Change this to allow administrators to modify passwords. if (user?.Id != id) { return(BadRequest("Invalid Permissions")); } if (model.NewPassword == null || model.NewPassword == "") { return(BadRequest("Password is required")); } //Password confirm must match if (model.NewPassword != model.ConfirmPassword) { return(BadRequest("Password and Confirmation must match")); } //Validate that the password meets the complexity requirements. if (!UserHelper.IsValidPassword(model.NewPassword)) { return(BadRequest("Password is not strong enough")); } //Ensure they passed the old password if (model.OldPassword == null) { return(BadRequest("Invalid Password")); } //Check that they know the existing password string password = HasherHelper.GetHash(model.OldPassword + user.Salt); if (user.Password == password) { } else { return(BadRequest("Invalid Password")); } //Change password is difficult, just remove the password and then add a new password based on the user input. string newSalt = UserHelper.CreatUserSalt(); string newPasswordHash = HasherHelper.GetHash(model.NewPassword + newSalt); user.Salt = newSalt; user.Password = newPasswordHash; db.Users.Update(user); return(Ok()); } else { return(BadRequest(ModelState)); } }
public IActionResult CreateUser([FromBody] RegisterDataModel model) { if (ModelState.IsValid) { if (model.Email == null || model.Email == "") { return(BadRequest("Email is required")); } if (ValidationHelper.ValidateEmail(model.Email) == false) { return(BadRequest("Valid email address is required")); } User existing = UserHelper.GetUserByEmail(model.Email); if (existing != null) { return(BadRequest("Email address already used.")); } if (model.Password == null || model.Password == "") { return(BadRequest("Password is required")); } if (model.Password != model.ConfirmPassword) { return(BadRequest("Passwords do not match")); } if (!UserHelper.IsValidPassword(model.Password)) { return(BadRequest("Password is not complex enough.")); } //Create the user User user = new User(); user.Email = model.Email; user.Salt = UserHelper.CreatUserSalt(); user.Password = HasherHelper.GetHash(model.Password + user.Salt); //As part of this demo, manually activate the account here. There are activation services available - just finish tying in the email logic. user.EmailValidated = true; bool result = UserHelper.CreateUser(user); if (result) { return(Ok(new IdResponse() { Id = user.Id })); } else { return(BadRequest("Could not create user profile.")); } } else { return(BadRequest("Invalid data")); } }