Exemplo n.º 1
0
        public async Task <IdentityResult> CreateAsync(T user, CancellationToken cancellationToken = default(CancellationToken))
        {
            cancellationToken.ThrowIfCancellationRequested();
            ThrowIfDisposed();
            if (user == null)
            {
                throw new ArgumentNullException(nameof(user));
            }
            _context.Add(user);
            await SaveChanges(cancellationToken);

            return(IdentityResult.Success);
        }
    public IActionResult Login([FromBody] LoginData login_data)
    {
        var    item      = _context.Admin.FirstOrDefault(t => t.Username == login_data.Username || t.Email == login_data.Email);
        string currentIp = HttpContext.Request.Headers["X-Forwarded-For"];

        if (currentIp == null)
        {
            currentIp = HttpContext.Connection.RemoteIpAddress.ToString();
        }
        var attempt = _context.LoginAttempt.Where(a => a.IpAddress == currentIp && a.Email == login_data.Email).FirstOrDefault();

        if (attempt == null)
        {
            attempt = new LoginAttempt {
                Email = login_data.Email, IpAddress = currentIp, Attempts = 0, LastAttempt = DateTime.Now
            };
            _context.Add(attempt);
        }

        if (attempt.Attempts >= 5 && attempt.LastAttempt.AddSeconds(30).CompareTo(DateTime.Now) > 0)
        {
            return(StatusCode(403, new { message = "temporarily_blocked" }));
        }
        else if (attempt.Attempts >= 5 && attempt.LastAttempt.AddSeconds(30).CompareTo(DateTime.Now) < 0)
        {
            attempt.Attempts = 0;
        }

        if (item != null)
        {
            var last_login_attempt = item.LastLoginAttempt;
            item.LastLoginAttempt = DateTime.Now;
            _context.Update(item);
            _context.SaveChanges();

            if (login_data.Password != null && (last_login_attempt != null || (DateTime.Now - last_login_attempt).TotalSeconds > 3) && item.EmailConfirmed)
            {
                if (PasswordHasher.CheckHash(login_data.Password, new PasswordAndSalt()
                {
                    PasswordHash = item.PasswordHash, PasswordSalt = item.PasswordSalt
                }))
                {
                    // Remove this IP from the attempts table since the login is successfull
                    _context.LoginAttempt.Remove(attempt);
                    _context.LoginAttempt.RemoveRange(_context.LoginAttempt.Where(a => a.LastAttempt.AddDays(1).CompareTo(DateTime.Now) < 0));
                    _context.SaveChanges();

                    HttpContext.Login <LoggableEntities, Admin>(env, _context, "Admin", item, new LoggableEntities()
                    {
                        Admin = item
                    });

                    return(Ok(AdminViewData.FromAdmin(item)));
                }
            }
        }

        // The login is unsuccesfull, update the attempts for this IP
        attempt.Attempts    = attempt.Attempts + 1;
        attempt.LastAttempt = DateTime.Now;
        _context.SaveChanges();

        return(StatusCode(401, new { message = "login_failed" }));
    }