public async Task <ActionResult <DBUser> > createUser([FromBody] DBUser user) { // // using (var context = new MobileBackendContext(null)) { //if (_context.DBUser.Any(e => e.UUID == user.UUID)) Console.WriteLine(user); if (user.login.userName == null) { return(BadRequest("Username required")); } if (_context.DBUser.Any(e => e.login.userName == user.login.userName)) { return(BadRequest("Username already Registered")); } rfc2898pwd hasher = new rfc2898pwd(); var salt = hasher.Pepper(); var encriptedPWD = hasher.hash(user.login.pwd, salt); user.login.encrypted = encriptedPWD; user.login.salt = salt; var exsisting = _context.device.FirstOrDefault(x => x.DeviceID == user.devices.First().DeviceID); if (exsisting != null) { user.devices.Clear(); user.devices.Add(exsisting); } user.pingAll(); _context.DBUser.Add(user); await _context.SaveChangesAsync(); return(CreatedAtAction("GetUser", user));//new { id = user.ID }, }
public async Task <ActionResult <DBUser> > loginUser([FromBody] DBUser user) { // // using (var context = new MobileBackendContext(null)) { //if (_context.DBUser.Any(e => e.UUID == user.UUID)) // Console.WriteLine(user); string username = user.login.userName; if (username == null) { return(BadRequest("Username required")); } var potential = _context.DBUser.Include(x => x.login).FirstOrDefault(e => e.login.userName == username); if (potential == null) { return(BadRequest("Username not exist")); } rfc2898pwd hasher = new rfc2898pwd(); /*string encriptedPWD = ""; * try { * encriptedPWD = hasher.deHash(potential.login.encrypted, user.login.pwd, potential.login.salt); * }catch(Exception err) { * Console.WriteLine(err); * }*/ var encriptedPWD = hasher.hash(user.login.pwd, potential.login.salt); if (!ArrayEquals(encriptedPWD, potential.login.encrypted)) { Console.WriteLine("salt: " + potential.login.salt); Console.WriteLine("stored: " + user.login.pwd); Console.WriteLine("new : " + encriptedPWD); Console.WriteLine("old : " + potential.login.encrypted); var uf8 = new System.Text.UTF8Encoding(false); Console.WriteLine("old : " + System.Text.Encoding.Unicode.GetString(potential.login.encrypted)); Console.WriteLine("old : " + uf8.GetString(potential.login.encrypted)); return(BadRequest("password")); } // user.pingAll(); //_context.DBUser.Add(user); //await _context.SaveChangesAsync(); user.login = null; return(CreatedAtAction("GetUser", potential));//new { id = user.ID }, }