public IActionResult Login([FromForm] string email, [FromForm] string password)
{
email = StringSanitization.Sanitize(email);
password = SHA512.Hash(password);
User user = UserDatabase.GetUser(email, null);
if (HttpContext.User.Identity.IsAuthenticated)
{
return(Unauthorized("User already signed in"));
}
if (user == null)
{
return(NotFound("Email not found in database"));
}
if (user.password != password)
{
return(Unauthorized("Incorrect password"));
}
if (!user.confirmed)
{
return(Problem("User has not confirmed his account yet"));
}
HttpContext.User = user.ClaimsPrincipal(TokenScope.UserLogin);
return(NoContent());
// return Ok(new
// {
// token = Jwt.Sign(user, Scope.Authentication), user.username
// });
}
public void TestStringSanitization(string test)
{
string sanitize = StringSanitization.Sanitize(test);
// string sanitize = test;
Regex rgx = new Regex(@"^[a-zA-Z0-9\\_\.\@]*$");
Assert.IsTrue(rgx.IsMatch(sanitize), "Check if the string is correctly sanitized");
}
public IActionResult Register([FromForm] string username, [FromForm] string email, [FromForm] string password, [FromForm] DateTime birthday)
{
if (String.IsNullOrEmpty(username) | String.IsNullOrEmpty(email) | String.IsNullOrEmpty(password))
{
return(BadRequest());
}
if (username.Length <= 5)
{
return(Problem("Username too short"));
}
if (password.Length <= 5)
{
return(Problem("Password too weak"));
}
password = SHA512.Hash(password);
username = StringSanitization.Sanitize(username);
email = StringSanitization.Sanitize(email);
if (UserDatabase.GetUser(email, username) != null)
{
return(Conflict("Email / username already registered"));
}
int apiTokenLength = Int32.Parse(Environment.GetEnvironmentVariable("apitokenlength") ?? throw new Exception("apitokenlength_ENV_VAR_NULL"));
User user = new User
{
password = password,
username = username,
email = email,
confirmed = false,
date_of_birth = birthday,
plan = Plans.Basic,
registration_timestamp = DateTime.Now,
role = Roles.User,
api_token = StringGeneration.RandomString(apiTokenLength) // Generate a random api token which will be used to access the kew value database
};
if (!MailService.SendConfirmation(user, user.ClaimsPrincipal(TokenScope.Registration).Identity as ClaimsIdentity))
{
return(Problem("Internal server error", null, 500));
}
UserDatabase.RegisterUser(user);
return(Ok());
}
private static User GetUser(string email, string username, int id, string apitoken)
{
email = StringSanitization.Sanitize(email);
username = StringSanitization.Sanitize(username);
apitoken = StringSanitization.Sanitize(apitoken);
var command =
new NpgsqlCommand("SELECT * FROM \"Users\" WHERE \"email\"=@email OR \"username\"=@usr OR \"ID\"=@id OR \"api_token\"=@apitoken",
database);
command.Parameters.AddWithValue("email", email);
command.Parameters.AddWithValue("usr", username);
command.Parameters.AddWithValue("id", id);
command.Parameters.AddWithValue("apitoken", apitoken);
var dr = command.ExecuteReader();
dr.Read();
if (!dr.HasRows)
{
dr.Close(); return(null);
}
User user = new User
{
ID = dr.GetInt32("ID"),
username = dr.GetString("username"),
email = dr.GetString("email"),
password = dr.GetString("password"),
registration_timestamp = dr.GetDateTime("registration_timestamp"),
date_of_birth = dr.GetDateTime("date_of_birth"),
role = dr.GetString("role"),
plan = Plans.GetPlanByName(dr.GetString("plan")) ?? throw new Exception("Unknown plan type"),
confirmed = dr.GetBoolean("confirmed")
};
dr.Close();
return(user);
}
