예제 #1
0
        public void Verify(SMSBusiness business, string uniqueKey, string code, bool deleteCode)
        {
            bool isOnlyCellphoneVerify = business != SMSBusiness.SecurityValidate;
            var  securityVerify        = new SecurityVerification(Platform);

            if (isOnlyCellphoneVerify)
            {
                securityVerify.CheckErrorCount(business, uniqueKey);
            }

            var keyByCode = $"{Platform.ToString()}:{SecurityMethod.CellphoneCode.ToString()}:{business.ToString()}:Code:{uniqueKey}";
            var codeInDb  = RedisHelper.StringGet(Constant.REDIS_SMS_DBINDEX, keyByCode);

            if (codeInDb != null && codeInDb == code)//验证通过
            {
                if (deleteCode)
                {
                    DeleteSMSCode(business, uniqueKey);
                }
                else
                {
                    //如果验证通过,并且不删除这个验证码,表示以后还要用这个验证码验证
                    RedisHelper.KeyExpire(keyByCode, TimeSpan.FromMinutes(Constant.SMS_EXPIRED_TIME));
                }
                if (isOnlyCellphoneVerify)
                {
                    securityVerify.DeleteErrorCount(business, uniqueKey);
                }
                return;
            }
            if (isOnlyCellphoneVerify)
            {
                securityVerify.IncreaseErrorCount(business, uniqueKey);
            }
            else
            {
                securityVerify.IncreaseErrorCount(SecurityMethod.SecurityValidate, uniqueKey, SecurityMethod.CellphoneCode);
            }
        }
예제 #2
0
        private InvestorAccount CheckUser(string username, string password)
        {
            var user = new InvestorAccountDAC().GetByUsername(username);

            if (user == null)
            {
                throw new CommonException(ReasonCode.ACCOUNT_NOT_EXISTS, R.AccountNotExist);
            }
            var securityVerify      = new SecurityVerification(SystemPlatform.FiiiCoinWork);
            var loginErrorCountsInt = securityVerify.CheckErrorCount(SecurityMethod.Password, user.Id.ToString());

            if (user.Status == 0)
            {
                throw new CommonException(ReasonCode.ACCOUNT_DISABLED, R.该账户已被禁用);
            }
            if (!PasswordHasher.VerifyHashedPassword(user.Password, password))
            {
                securityVerify.IncreaseErrorCount(SecurityMethod.Password, user.Id.ToString());
            }
            securityVerify.DeleteErrorCount(SecurityMethod.Password, user.Id.ToString());
            return(user);
        }
예제 #3
0
        private UserAccount CheckUser(int countryId, string cellphone, string password)
        {
            var user = new UserAccountDAC().GetByCountryIdAndCellphone(countryId, cellphone);

            if (user == null)
            {
                throw new CommonException(ReasonCode.ACCOUNT_NOT_EXISTS, MessageResources.AccountNotFound);
            }
            var securityVerify      = new SecurityVerification(SystemPlatform.FiiiPay);
            var loginErrorCountsInt = securityVerify.CheckErrorCount(SecurityMethod.Password, user.Id.ToString());

            if (user.Status == 0)
            {
                throw new CommonException(ReasonCode.ACCOUNT_DISABLED, MessageResources.AccountDisabled);
            }
            if (IsNullOrWhiteSpace(user.Password) || IsNullOrWhiteSpace(password) || !PasswordHasher.VerifyHashedPassword(user.Password, password))
            {
                securityVerify.IncreaseErrorCount(SecurityMethod.Password, user.Id.ToString());
            }
            securityVerify.DeleteErrorCount(SecurityMethod.Password, user.Id.ToString());
            return(user);
        }
예제 #4
0
        public ActionResult Index(Account account, string TokenGid, string VerificationCode)
        {
            var securityVerify = new SecurityVerification(SystemPlatform.BackOffice);

            var    loginBll     = new LoginBLL();
            string loginMessage = String.Empty;

            try
            {
                var loginErrorCountsInt = securityVerify.CheckErrorCount(SecurityMethod.Password, account.Username);

                var cacheCode = RedisHelper.StringGet(TokenGid);
                if (string.IsNullOrEmpty(cacheCode))
                {
                    loginMessage = "Verification code was expired";
                    securityVerify.IncreaseErrorCount(SecurityMethod.Password, account.Username);
                }
                if (VerificationCode.ToUpper() != cacheCode.ToUpper())
                {
                    loginMessage = "Verification code is wrong";
                    securityVerify.IncreaseErrorCount(SecurityMethod.Password, account.Username);
                }
                bool checkResult = loginBll.CheckUser(account.Username, account.Password, out account, ref loginMessage);
                if (!checkResult)
                {
                    securityVerify.IncreaseErrorCount(SecurityMethod.Password, account.Username);
                }
                RedisHelper.KeyDelete(TokenGid);
                securityVerify.DeleteErrorCount(SecurityMethod.Password, account.Username);
            }
            catch (Framework.Exceptions.CommonException ex)
            {
                ViewBag.LoginMessage = string.IsNullOrEmpty(loginMessage) ? ex.Message : loginMessage;
                return(View(account));
            }

            LoginUser lu     = new LoginUser();
            int       roleId = account.RoleId.Value;

            lu.UserId   = account.Id;
            lu.UserName = account.Username;
            lu.RoleId   = roleId;
            lu.IsAdmin  = false;// account.Username == "fiiipayadmin";
            if (lu.IsAdmin)
            {
                lu.PerimissionList = loginBll.GetAllPermission(roleId);
            }
            else
            {
                lu.PerimissionList = loginBll.GetUserPermissionByRoleId(roleId);
            }

            RedisHelper.Set("loginuser" + account.Id, lu, new TimeSpan(1, 0, 0));

            var userCookie = Request.Cookies["LoginUser"];

            if (userCookie == null)
            {
                var cookie = Response.Cookies["LoginUser"];
                cookie.Value    = Encrypts.GetEncryptString(account.Id.ToString());
                cookie.HttpOnly = true;
                cookie.Expires  = DateTime.Now.AddDays(1);
            }
            else
            {
                Response.Cookies.Add(Request.Cookies["LoginUser"]);
                Response.Cookies["LoginUser"].Value    = Encrypts.GetEncryptString(account.Id.ToString());
                Response.Cookies["LoginUser"].Expires  = DateTime.Now.AddDays(1);
                Response.Cookies["LoginUser"].HttpOnly = true;
            }

            return(RedirectToAction("Index", "Home"));
        }