Exemplo n.º 1
0
        public void Register(RegisterViewModel registerViewModel, string publicKeyJson, string privateKeyJson, string host)
        {
            User user = new User();

            user.Email            = registerViewModel.Email;
            user.UserName         = registerViewModel.UserName;
            user.DisplayName      = registerViewModel.DisplayName;
            user.Password         = registerViewModel.Password;
            user.CreateTime       = DateTime.Now;
            user.LastModifiedTime = DateTime.Now;
            user.LastLoginTime    = DateTime.Now;
            user.LoginTimes       = 0;
            user.IsActivate       = false;
            userRepository.Insert(user);
            User gotUser = userRepository.SelectByUserName(registerViewModel.UserName);

            // 生成验证码
            dataProtectorUtil.PublicKeyJson = publicKeyJson;
            // 生成激活码,激活码由UserName字段和Password字段合并加密而成
            var code = dataProtectorUtil.EncryptString(gotUser.UserName + gotUser.Password);

            // 解决get不能传“+”的问题
            code = code.Replace("+", "_");
            // 发送验证邮件并记录
            var subject = $"博客园帐户激活邮件-{gotUser.DisplayName}";
            var message = new StringBuilder();

            message.Append("<div>您好!<br/><br/>");
            message.Append("感谢您在博客园注册账号!<br/><br/>");
            message.Append("账户需要激活才能使用,赶紧激活成为博客园正式的一员吧:");
            message.Append("点击下面的链接立即激活账户(或将网址复制到浏览器中打开):<br/><br/>");
            message.Append($"<a href='http://{host}/User/ActivateUser?code={code}&email={gotUser.Email}'>");
            message.Append($"http://{host}/User/ActivateUser?code={code}&email={gotUser.Email}");
            message.Append("</a></div>");
            emailUtil.Send(gotUser.Email, subject, message.ToString());
            emailRepository.Insert(new Email()
            {
                UserId         = gotUser.Id,
                CreateTime     = DateTime.Now,
                PublicKeyJson  = publicKeyJson,
                PrivateKeyJson = privateKeyJson,
                ActionType     = 0                  // 0,表示邮件用于注册
            });
        }
Exemplo n.º 2
0
        public IActionResult Login(LoginViewModel model)
        {
            var result = new LoginResult();

            result.IsValidUserName = true;
            result.IsValidPassword = true;
            if (model.UserName == null || model.UserName.Equals(string.Empty))
            {
                result.UserNameErrorMessage = "登陆用户名不可为空!";
                result.IsValidUserName      = false;
            }
            if (model.Password == null || model.Password.Equals(string.Empty))
            {
                result.PasswordErrorMessage = "密码不可为空!";
                result.IsValidPassword      = false;
            }
            if (result.IsValidUserName && result.IsValidPassword)
            {
                // 使用非对称解密算法,获取用户登录名和密码
                dataProtectorUtil.PrivateKeyJson = HttpContext.Session.GetString("PrivateKeyJson");
                dataProtectorUtil.PublicKeyJson  = HttpContext.Session.GetString("PublicKeyJson");
                model.UserName = dataProtectorUtil.DecryptString(model.UserName);
                model.Password = dataProtectorUtil.DecryptString(model.Password);

                User user = userService.GetUserByUserName(model.UserName);

                if (user == null)
                {
                    result.IsValidUserName      = false;
                    result.UserNameErrorMessage = "该登陆用户名不存在!";
                }
                else
                {
                    result.IsValidUserName = true;
                    if (model.Password.Equals(user.Password))
                    {
                        if (!user.IsActivate)
                        {
                            result.IsSuccess = false;
                            result.message   = "该用户没有被激活!";
                            return(new JsonResult(result));
                        }
                        // 登陆信息正确,将用户信息写入Session
                        HttpContext.Session.SetString("User", Newtonsoft.Json.JsonConvert.SerializeObject(user));
                        result.IsValidPassword = true;
                        result.IsSuccess       = true;
                        userService.AddLoginTimes(user.Id);
                        // 如果用户选择下次自动登陆,则将用户密码和用户登录名使用公钥加密后写入Cookie中
                        // Cookie加密使用本机上设置的密钥,不用现在生成
                        if (model.IsRemember)
                        {
                            dataProtectorUtil.PublicKeyJson  = cookieSettings.CookiePublicKeyJson;
                            dataProtectorUtil.PrivateKeyJson = cookieSettings.CookiePrivateKeyJson;
                            HttpContext.Response.Cookies.Append("UserName", dataProtectorUtil.EncryptString(user.DisplayName), new CookieOptions()
                            {
                                Expires = DateTime.Now.AddDays(cookieSettings.ExpiresValue)
                            });
                            HttpContext.Response.Cookies.Append("Password", dataProtectorUtil.EncryptString(user.Password), new CookieOptions()
                            {
                                Expires = DateTime.Now.AddDays(cookieSettings.ExpiresValue)
                            });
                        }
                        return(new JsonResult(result));
                    }
                    else
                    {
                        result.IsValidPassword      = false;
                        result.PasswordErrorMessage = "密码不正确!";
                    }
                }
            }
            result.IsSuccess = false;
            return(new JsonResult(result));
        }