public HttpResponseMessage Login([FromBody] UserLoginModel userLogin) { try { using (var db = new OnlineMusicEntities()) { bool success = false; var user = (from u in db.Users where u.Username.ToLower() == userLogin.Username.ToLower() select u).FirstOrDefault(); if (user != null) { // Prevent if user is blocked if (user.Blocked) { return(Request.CreateResponse(HttpStatusCode.Forbidden)); } MemoryCacher cache = new MemoryCacher(); string cachePassword = cache.Get(user.Username) != null ? (string)cache.Get(user.Username) : String.Empty; success = HashingPassword.ValidatePassword(userLogin.Password, user.Password); if (!success) { success = !String.IsNullOrEmpty(cachePassword) && HashingPassword.ValidatePassword(userLogin.Password, cachePassword); if (success) { Notification notification = new Notification() { Title = "Đăng nhập với mật khẩu tạm thời", Message = "Bạn vừa đăng nhập bằng mật khẩu tạm thời của mình vào " + DateTime.Now.ToString() + "\nNếu đây không phải là bạn, khuyên cáo bạn nên đổi lại mật khẩu của mình", UserId = user.Id, IsMark = false, CreatedAt = DateTime.Now, Action = NotificationAction.LOGIN_TEMPORARILY }; db.Notifications.Add(notification); db.SaveChanges(); } } } if (success) { return(Request.CreateResponse(HttpStatusCode.OK, new UserModel { User = user })); } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized)); } } } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message)); } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { using (var db = new OnlineMusicEntities()) { var user = (from u in db.Users where u.Username.ToLower() == context.UserName.ToLower() select u).FirstOrDefault(); MemoryCacher cache = new MemoryCacher(); string cachePassword = string.Empty; if (user != null && cache.Get(user.Username) != null) { cachePassword = (string)cache.Get(user.Username); } if (user != null && (HashingPassword.ValidatePassword(context.Password, user.Password) || (!String.IsNullOrEmpty(cachePassword) && HashingPassword.ValidatePassword(context.Password, cachePassword)))) { var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, user.Id.ToString())); if (user.RoleId == (int)RoleManager.Administrator) { identity.AddClaim(new Claim(ClaimTypes.Role, "Administrator")); identity.AddClaim(new Claim(ClaimTypes.Role, "Admin")); identity.AddClaim(new Claim(ClaimTypes.Role, "User")); } else if (user.RoleId == (int)RoleManager.Admin) { identity.AddClaim(new Claim(ClaimTypes.Role, "Admin")); identity.AddClaim(new Claim(ClaimTypes.Role, "User")); } else if (user.RoleId == (int)RoleManager.VIP) { identity.AddClaim(new Claim(ClaimTypes.Role, "VIP")); identity.AddClaim(new Claim(ClaimTypes.Role, "User")); } else if (user.RoleId == (int)RoleManager.User) { identity.AddClaim(new Claim(ClaimTypes.Role, "User")); } else { return; } context.Validated(identity); } else { context.SetError("Invalid Grant", "Provided username and password is incorrect"); return; } } }
public HttpResponseMessage ChangePassword([FromUri] int id, PasswordModel passwordModel) { var identity = (ClaimsIdentity)User.Identity; if (identity.Name != id.ToString()) { return(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "Invalid Token")); } using (var db = new OnlineMusicEntities()) { try { var user = (from u in db.Users where u.Id == id select u).FirstOrDefault(); if (user == null) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, $"Tài khoản với id={id} không tồn tại")); } else { MemoryCacher cache = new MemoryCacher(); string cachePassword = cache.Get(user.Username) != null ? (string)cache.Get(user.Username) : String.Empty; bool isValid = HashingPassword.ValidatePassword(passwordModel.OldPassword, user.Password); if (!isValid) { // Try check cache password isValid = !String.IsNullOrEmpty(cachePassword) && HashingPassword.ValidatePassword(passwordModel.OldPassword, cachePassword); } if (!isValid) { return(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "Mật khẩu cũ không đúng")); } else { user.Password = HashingPassword.HashPassword(passwordModel.NewPassword); cache.Delete(user.Username); db.SaveChanges(); return(Request.CreateResponse(HttpStatusCode.OK)); } } } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message)); } } }