public IActionResult Register([FromBody] RegistrationModel id)
{
try
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!this._IsUsernameAvailable(id.Username))
{
return(BadRequest());
}
string salt = PasswordFactory.GenerateSalt();
Entities.User item = new Entities.User(id)
{
PasswordHash = PasswordFactory.Hash(id.Password, salt),
PasswordSalt = salt,
UTCRegistrationDate = DateTime.UtcNow,
Status = "A"
};
this._usersRepository.Add(item, true);
return(CreatedAtAction("LoginAsync", "Token", new { id = item.ID }, item));
}
catch (Exception ex)
{
//TODO: SaveException
return(StatusCode(StatusCodes.Status500InternalServerError));
}
}
/// <summary>
/// Authenticate the <paramref name="user"/>
/// </summary>
/// <param name="user">The user to be authenticated.</param>
/// <param name="password">The password.</param>
/// <param name="rememberMe">remember user or not</param>
public Role Authenticate(User user, string password, bool rememberMe = false)
{
WebUser webUser = user as WebUser;
if (webUser != null)
{
PasswordFactory passwordFactory = new PasswordFactory();
bool result = passwordFactory.CheckPassword(webUser, password);
if (result)
{
UpdateAuthentication(user, rememberMe);
return(user.Role);
}
}
else
{
FCUser fcUser = (FCUser)user;
UpdateAuthentication(user, rememberMe);
return(fcUser.Role);
}
return(null);
}
private async Task <User> AuthenticateAsync(LoginModel login)
{
User user = await this._usersRepository.FindByUsernameAsync(login.Username);
if (user != null &&
user.Username == login.Username &&
PasswordFactory.Hash(login.Password, user.PasswordSalt) == user.PasswordHash)
{
return(user);
}
else
{
return(null);
}
}
public async Task <IActionResult> ResetPasswordAsync([FromRoute] Guid id, [FromBody] PasswordResetModel item)
{
try
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (item.ID != id)
{
return(BadRequest());
}
PasswordReset reset = await this._passwordResetRepository.FindValidAsync(id);
if (reset != null)
{
User user = await this._usersRepository.FindAsync(reset.UserId);
string salt = PasswordFactory.GenerateSalt();
user.PasswordSalt = salt;
user.PasswordHash = PasswordFactory.Hash(item.Password, salt);
await this._usersRepository.UpdateAsync(user, true);
reset.Used = true;
reset.UtcExpiration = DateTime.UtcNow;
await this._passwordResetRepository.UpdateAsync(reset, true);
return(NoContent());
}
return(Unauthorized());
}
catch (Exception ex)
{
//TODO: SaveException
return(StatusCode(StatusCodes.Status500InternalServerError));
}
}
public async Task <IActionResult> UpdateAsync(long id, [FromBody] User item)
{
try
{
ModelState.Remove("Password");
ModelState.Remove("PasswordHash");
ModelState.Remove("PasswordSalt");
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != item.ID)
{
return(BadRequest());
}
if (this.UserExists(id))
{
if (item.Password != null)
{
item.PasswordSalt = PasswordFactory.GenerateSalt();
item.PasswordHash = PasswordFactory.Hash(item.Password, item.PasswordSalt);
}
await this._usersRepository.UpdateAsync(item, true);
}
else
{
return(NotFound());
}
return(NoContent());
}
catch (Exception ex)
{
//TODO: SaveException
return(StatusCode(StatusCodes.Status500InternalServerError));
}
}
public ActionResult Login(string name, string pass, string Submit)
{
if (Submit == "LogOut")
{
new SessionManager(this).LogOut();
ViewBag.Status = "Logged out";
return(View("Index"));
}
var user = sql.Users.Where(r => r.Login == name).FirstOrDefault();
if (user == null)
{
ViewBag.Status = "User not found";
ViewBag.Error = true;
return(View("Index"));
}
if (!user.HasPermission(Misc.Permission.Login))
{
ViewBag.Status = "You don't have the required permissions";
ViewBag.Error = true;
}
else if (!PasswordFactory.ComparePasswordsPbkdf2(pass, user.Password))
{
ViewBag.Status = "Incorrect name or password";
ViewBag.Error = true;
}
else
{
var sessionManager = new SessionManager(this);
sessionManager.LoggedInUser = user;
ViewBag.Status = "Logged in as " + user.Name;
}
return(View("Index"));
}
public void TestPasswordFactory()
{
string passwordHash = PasswordFactory.GetPasswordHash("options4", "SfvazjIY97UZDui3oTeNM4JkQtH1AphmQ1WxcdOncpc=");
Assert.AreEqual(passwordHash, "ozv8q0bDO80txn83Cc5t7Un72s4yGPe1");
}
