// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.Run(async(context) => { string authHeader = context.Request.Headers["Authorization"]; string[] parts = authHeader.Split(" "); string token = parts[1]; context.Response.ContentType = "application/json"; JwtAuthManager jwtAuthManager = new JwtAuthManager(); bool isValid = jwtAuthManager.ValidateToken(token); if (isValid) { await context.Response.WriteAsync("{\"Hello\": \"World\"}"); } else { string newToken = jwtAuthManager.GenerateJWTToken(); Console.WriteLine(newToken); await context.Response.WriteAsync("{\"Hello\": \"Error\"}"); } }); }
public static clsKeyValue GetKeys() { DP_TPEntities db = new DP_TPEntities(); JwtAuthManager jwt = new JwtAuthManager(); string Key = db.AppKeys.Where(x => x.vKey == "key").FirstOrDefault().vvalue; string XIBMClientId = db.AppKeys.Where(x => x.vKey == "XIBMClientId").FirstOrDefault().vvalue; string easebuzzsalt = db.AppKeys.Where(x => x.vKey == "easebuzzsalt").FirstOrDefault().vvalue; string easebuzzkey = db.AppKeys.Where(x => x.vKey == "easebuzzkey").FirstOrDefault().vvalue; string easebuzzenv = db.AppKeys.Where(x => x.vKey == "easebuzzenv").FirstOrDefault().vvalue; string payUsalt = db.AppKeys.Where(x => x.vKey == "payUsalt").FirstOrDefault().vvalue; string payUkey = db.AppKeys.Where(x => x.vKey == "payUkey").FirstOrDefault().vvalue; string payUzenv = db.AppKeys.Where(x => x.vKey == "payUenv").FirstOrDefault().vvalue; string XIBMClientSecret = db.AppKeys.Where(x => x.vKey == "XIBMClientSecret").FirstOrDefault().vvalue; string SessionKey = DateTime.Now.ToString("yyyyMMddHHmmssfffffff"); string AxisSetuAPIURL = db.AppKeys.Where(x => x.vKey == "AxisSetuAPIURL").FirstOrDefault().vvalue; string JWT = "Bearer " + jwt.GenerateJWTToken(); return(new clsKeyValue() { Key = Key, XIBMClientId = XIBMClientId, XIBMClientSecret = XIBMClientSecret, SessionID = SessionKey, JWT = JWT, easebuzzenv = easebuzzenv, easebuzzkey = easebuzzkey, easebuzzsalt = easebuzzsalt, AxisSetuAPIURL = AxisSetuAPIURL, payUsalt = payUsalt, payUkey = payUkey, payUenv = payUzenv }); }
public async Task <LoggedUserResponse> FacebookLoginAsync(FacebookLoginRequest facebookLoginRequest) { if (string.IsNullOrEmpty(facebookLoginRequest.FacebookToken)) { throw new Exception("Token is null or empty"); } var facebookUser = await _facebookService.GetUserFromFacebookAsync(facebookLoginRequest.FacebookToken); var applicationUser = await _appDbContext.Users.SingleOrDefaultAsync(user => user.Email == facebookUser.Email); string token; if (applicationUser == null) { var user = await CreateFacebookUser(facebookUser); await _appDbContext.SaveChangesAsync(CancellationToken.None); token = await Task.Run(() => JwtAuthManager.GenerateToken(user)); return(LoggedUser(user, token)); } token = await Task.Run(() => JwtAuthManager.GenerateToken(applicationUser)); return(LoggedUser(applicationUser, token)); }
public IHttpActionResult PostNewPost(int courseId, Post post) { Course course = db.Courses.Find(courseId); if (course == null) { var resp = new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent( string.Format("Cannot add post. Course with ID = {0} doesn't exist", courseId) ) }; throw new HttpResponseException(resp); } post.CreatedAt = DateTime.Now; int userId = JwtAuthManager.GetUserIdFromRequest(Request); post.UserDetailsId = userId; course.Posts.Add(post); InitPopularityIfAbsent(userId, course); db.SaveChanges(); return(Ok(post)); }
public IHttpActionResult GetToken([FromBody] string[] credentials) { string username = credentials[0]; string password = credentials[1]; LoginService loginService = new LoginService(); ILoginToken loginToken; try { loginToken = loginService.TryLoginAllUsers(username, password); } catch (WrongPasswordException ex) { ex.GetType(); return(Unauthorized()); } if (loginToken != null) { return(Ok(JwtAuthManager.GenerateJWTToken(loginToken))); } else { return(Unauthorized()); } }
public HttpResponseMessage Authentication(AuthenticationDTO authentication) { try { AuthenticationValidation(authentication); IAuthentication blAuthentication = ApplicationInstance.ucApplication.Resolve <IAuthentication>(); UserBE objUserBE = blAuthentication.Login(authentication.username, authentication.password); if (objUserBE != null) { // crear token string strToken = JwtAuthManager.GenerateJWTToken(Convert.ToString(objUserBE.Id)); // establecer la cache de la session, permisos, roles, tiempo de session new ApplicationController().SetPrincipal(objUserBE.Id.Value, strToken); return(Request.CreateResponse(HttpStatusCode.OK, new { token = strToken, user = new { id = objUserBE.Id.ToString(), name = objUserBE.Name } })); } else { throw new ArgumentException(messageLoginError); } } catch (Exception ex) { ExceptionHandler.HandleException(ex, PolicyType.Api); return(Request.CreateResponse(HttpStatusCode.Unauthorized, ex.Message)); } }
public IHttpActionResult PostToggleFavourites(int courseId) { Course course = db.Courses.Find(courseId); if (course == null) { var resp = new HttpResponseMessage(HttpStatusCode.NotFound) { Content = new StringContent(string.Format("Course with ID = {0} " + "doesn't exists", courseId)) }; throw new HttpResponseException(resp); } int userId = JwtAuthManager.GetUserIdFromRequest(Request); User user = db.Users.Find(userId); if (user.Favorites.Count(c => c.Id == courseId) > 0) { user.Favorites.Remove(course); } else { user.Favorites.Add(course); } db.SaveChanges(); return(Ok()); }
public IHttpActionResult PostComment(int postId, Comment comment) { Post post = db.Posts.Find(postId); if (post == null) { var resp = new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent( string.Format("Post with ID = {0} doesn't exist", postId) ) }; throw new HttpResponseException(resp); } int userId = JwtAuthManager.GetUserIdFromRequest(Request); comment.UserDetails = db.Users.Find(userId).UserDetails; post.Comments.Add(comment); InitPopularityIfAbsent(userId, post.Course); db.SaveChanges(); return(Ok(comment)); }
public HttpResponseMessage PostChangePassword(ChangePasswordDTO changePasswordDTO) { string email = JwtAuthManager.GetEmailFromRequest(Request); if (CheckCredentials(email, changePasswordDTO.Password)) { int userId = JwtAuthManager.GetUserIdFromRequest(Request); User user = db.Users.Find(userId); byte[] salt; rngCsp.GetBytes(salt = new byte[16]); var pdkdf2 = new Rfc2898DeriveBytes(changePasswordDTO.NewPassword, salt, 1000); byte[] hash = pdkdf2.GetBytes(20); byte[] hashBytes = new byte[36]; Array.Copy(salt, 0, hashBytes, 0, 16); Array.Copy(hash, 0, hashBytes, 16, 20); user.Password = Convert.ToBase64String(hashBytes); user.Salt = Convert.ToBase64String(salt); db.SaveChanges(); return(Request.CreateResponse(HttpStatusCode.OK)); } return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Промената на лозинка е неуспешна, бидејќи внесовте погрешна стара лозинка")); }
public HttpResponseMessage PostRequestToken(UserDTO userDto) { if (CheckCredentials(userDto.Email, userDto.Password)) { DateTime expiration = DateTime.UtcNow.AddHours(1); string token = JwtAuthManager.GenerateJWTToken(userDto.Email, expiration, db); User user = db.Users.Where(u => u.Email.Equals(userDto.Email)).FirstOrDefault(); user.FavouritesIds = user.Favorites.Select(f => f.Id).ToList(); long expirationMillis = Convert.ToInt64( expiration .Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)) .TotalMilliseconds ); var resp = new SuccessfulSignInDTO { Token = token, Expiration = expirationMillis, User = user }; return(Request.CreateResponse(HttpStatusCode.OK, resp)); } return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Внесената email адреса или лозинка е погрешна")); }
public AccountController(ILogger <AccountController> logger, UserService userService, JwtAuthManager jwtAuthManager) { this.logger = logger; this.jwtAuthManager = jwtAuthManager; this.userService = userService; }
public async Task <IHttpActionResult> PatchUser() { if (!Request.Content.IsMimeMultipartContent()) { return(StatusCode(HttpStatusCode.UnsupportedMediaType)); } int userId = JwtAuthManager.GetUserIdFromRequest(Request); UserDetails userDetails = db.UserDetails.Find(userId); var filesReadToProvider = await Request.Content.ReadAsMultipartAsync(); var imageBytes = await filesReadToProvider.Contents[0].ReadAsByteArrayAsync(); int?oldImageId = Image.ExtractImageId(userDetails.ImageUrl); if (oldImageId != null) { ImageController.DeleteImage(oldImageId.Value, db); } userDetails.ImageUrl = ImageController.SaveImage(imageBytes, Request, db); db.SaveChanges(); return(Ok(userDetails)); }
public HttpResponseMessage PostDeactivateAccount(UserDTO userDTO) { string email = JwtAuthManager.GetEmailFromRequest(Request); if (CheckCredentials(email, userDTO.Password)) { int userId = JwtAuthManager.GetUserIdFromRequest(Request); User user = db.Users.Find(userId); List <Comment> allComments = db.Comments.Where(c => c.UserDetails.UserDetailsId == userId).ToList(); allComments.ForEach(c => db.Comments.Remove(c)); int?imageId = Image.ExtractImageId(user.UserDetails.ImageUrl); if (imageId != null) { ImageController.DeleteImage(imageId.Value, db); } db.UserDetails.Remove(user.UserDetails); db.Users.Remove(user); db.SaveChanges(); return(Request.CreateResponse(HttpStatusCode.OK)); } return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Профилот не е деактивиран бидејќи лозинката која ја внесовте е погрешна.")); }
private static bool ValidateToken(string token, out string username) { username = null; var simplePrinciple = JwtAuthManager.GetPrincipal(token); var identity = simplePrinciple?.Identity as ClaimsIdentity; if (identity == null) { return(false); } if (!identity.IsAuthenticated) { return(false); } var usernameClaim = identity.FindFirst(ClaimTypes.Name); username = usernameClaim?.Value; if (string.IsNullOrEmpty(username)) { return(false); } /*VALIDA SE O UTILIZADOR EXISTE**/ if (!AuthUser.UserExists(username)) { return(false); } return(true); }
public IActionResult logout() { HttpContext.Request.Headers.TryGetValue("HEADER_AUTHORIZATION", out var mbsExternal); var userName = User.FindFirstValue(Consts.CLAIM_USERNAME); string token = mbsExternal; JwtAuthManager.AddTokenToBlacklist(userName, token, token); return(Ok(ResultObject.Ok <NullDataType>(null, "Đăng xuất thành công."))); }
public IHttpActionResult GetFavouriteCourses(int page = 1, int pageSize = 10) { int userId = JwtAuthManager.GetUserIdFromRequest(Request); IQueryable <Course> favCourses = db.Users.Find(userId).Favorites.AsQueryable(); var coursesPage = Pagination.CreateMappedPage <Course, CourseCard>( favCourses, page, pageSize, "Title", true ); return(Ok(coursesPage)); }
public IHttpActionResult PutEditUser(UserDTO userDTO) { int userId = JwtAuthManager.GetUserIdFromRequest(Request); UserDetails userDetails = db.UserDetails.Find(userId); userDetails.FirstName = userDTO.FirstName; userDetails.LastName = userDTO.LastName; db.SaveChanges(); return(Ok(userDetails)); }
public async Task <LoggedUserResponse> Registration(RegisterRequest registerRequest) { var base64Encode = PasswordHelper.EncodeAndHash(registerRequest.Password, out var passwordHash); var user = await CreateUser(registerRequest, passwordHash, base64Encode); await _appDbContext.SaveChangesAsync(CancellationToken.None); var token = JwtAuthManager.GenerateToken(user); return(LoggedUser(user, token)); }
public HttpResponseMessage Post(Users user) { if (CheckUser(user)) { return(Request.CreateResponse(HttpStatusCode.OK, JwtAuthManager.GenerateJWTToken(user.username))); } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid Request")); } }
public HttpResponseMessage Get(string username, string password) { if (CheckUser(username, password)) { return(Request.CreateResponse(HttpStatusCode.OK, JwtAuthManager.GenerateJWTToken(username))); } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid Request")); } }
public bool ValidateToken(string token) { var simplePrinciple = JwtAuthManager.GetPrincipal(token); Console.WriteLine(simplePrinciple); if (simplePrinciple == null) { return(false); } // You can implement more validation to check whether username exists in your DB or not or something else. return(true); }
public HttpResponseMessage PostLogin(User user) { var message = new HttpResponseMessage(HttpStatusCode.NotAcceptable); if (!ModelState.IsValid) { message.Content = new StringContent("Invalid Model"); return(message); } if (repository.ValidateRegisteredUser(user)) { var mId = repository.GetLoggedUserID(user); User mUser = db.User.Find(mId); mUser.Token = JwtAuthManager.GenerateJWTToken(mId + ""); if (mUser != null) { db.Entry(mUser).State = EntityState.Modified; try { db.SaveChanges(); HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.OK, mUser); return(response); } catch (DbUpdateConcurrencyException) { if (!UserExists(mId)) { message.Content = new StringContent("User not exist"); return(message); } else { throw; } } } else { message.Content = new StringContent("User not exist"); return(message); } } else { message.Content = new StringContent("Wrong user name or password"); return(message); } }
public IHttpActionResult GetCourses([FromUri] CourseFilter courseFilter) { var queryable = Course.FilterCourses(db.Courses, courseFilter); if (courseFilter.Favourites) { int userId = JwtAuthManager.GetUserIdFromRequest(Request); var favouriteIds = db.Users.Find(userId).Favorites.Select(course => course.Id).ToList(); queryable = queryable.Where(c => favouriteIds.Contains(c.Id)); } var coursesPage = Pagination.CreateMappedPage <Course, CourseCard>( queryable, courseFilter.Page, courseFilter.PageSize, "Title", true ); return(Ok(coursesPage)); }
public HttpResponseMessage CreateToken([FromBody] UserDTO userDTO) { string username = null, password = null, clientId = null; username = userDTO.UserName; password = userDTO.UserPassword; clientId = userDTO.ClientID; if (CheckUser(username, password)) { return(Request.CreateResponse(HttpStatusCode.OK, JwtAuthManager.GenerateJWTToken(username))); } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid Request")); } }
public authReponse Authenticate(AuthRequest model) { string sql = "getUserByUnameAndPassWord"; DynamicParameters parameter = new DynamicParameters(); parameter.Add("@Username", model.Username, DbType.String, ParameterDirection.Input); parameter.Add("@Password", Helper.ToMD5(model.Password), DbType.String, ParameterDirection.Input); User user = _query.Query <User>(1, sql, parameter).FirstOrDefault(); if (user == null) { return(null); } var tokenResult = JwtAuthManager.GenerateTokens(model, user.access); return(new authReponse(tokenResult.AccessToken.ToString(), user)); }
public async Task <LoggedUserResponse> Authenticate(LoginRequest loginRequest) { var user = await _appDbContext.Users.FirstOrDefaultAsync(u => u.Email == loginRequest.Email); if (user == null) { return(null); } var passwordHash = HashingHelper.HashUsingPbkdf2(loginRequest.Password, user.PasswordSalt); if (user.Password != passwordHash) { return(null); } var token = JwtAuthManager.GenerateToken(user); return(LoggedUser(user, token)); }
public async Task <ActionResult> Login(LoginDTO loginDto) { var user = _context.TblUser.FirstOrDefault(x => x.Email == loginDto.Email); if (user == null) { return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized)); } if (!VerifyPasswordHash(loginDto.Password, user.Password, user.Salt)) { return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized)); } return(new HttpStatusCodeResult(HttpStatusCode.OK, JwtAuthManager.GenerateJWTToken(loginDto.Email))); // return Ok(new { token = tokenHandler.WriteToken(token), email = userFromRepo.Email, fullname = userFromRepo.FullName }); }
public HttpResponseMessage Validate(string email, string password) { loggerService.Logger().Info("Calling with parameter as : email and password: "******" and " + password); UserDTO user = _userService.ValidateUser(email, password); if (user == null) { var errorPayload = new { code = HttpStatusCode.Forbidden, message = "Invalid username or password", type = "ERROR" }; return(Request.CreateResponse(HttpStatusCode.Unauthorized, errorPayload, Configuration.Formatters.JsonFormatter)); } var tokenPayload = new { access_token = JwtAuthManager.GenerateJWTToken(user) }; return(Request.CreateResponse(HttpStatusCode.OK, tokenPayload, Configuration.Formatters.JsonFormatter)); }
public TokenController(IUserService userService, JwtAuthManager jwtAuthManager) { _userService = userService; _jwtAuthManager = jwtAuthManager; }
public HttpResponseMessage Post([FromBody] AuthUser user) { if (user == null) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Request")); } if (CheckUser(user.Email, user.Password)) { return(Request.CreateResponse(HttpStatusCode.OK, JObject.Parse("{'token':'" + JwtAuthManager.GenerateJWTToken(user.Email) + "'}") , JsonMediaTypeFormatter.DefaultMediaType)); } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Unauthorized")); } }