protected bool CheckAuth(RequestHead header)
{
if (header == null || header.UId <= 0 || string.IsNullOrEmpty(header.Token))
{
return(false);
}
//校验token,防止爬取用户数据
string token = TokenUtil.GenerateToken(header.Platform.ToString(), header.UId);
if (!string.Equals(token, header.Token))
{
return(false);
}
return(true);
}
public async Task <ActionResult <IEnumerable <TodoList> > > Get(int page, int count)
{
var u = await _context.Users.SingleOrDefaultAsync(u => u.Email == TokenUtil.GetUserEmail(Request.Headers["Authorization"], _jwtSettings));
if (u == null)
{
return(Unauthorized());
}
return(await _context.TodoLists
.Where(t => t.User == u)
.OrderByDescending(td => td.Id)
.Skip((page - 1) * count)
.Take(count).ToListAsync());
}
public dynamic ExpiredTime()
{
string UserHeaderBearer = Request.Headers[HeaderNames.Authorization];
string AccessToken = UserHeaderBearer.Split("Bearer ")[1];
if (AccessToken.Length <= 0)
{
return(BadRequest());
}
return(new
{
isExpiredTime = TokenUtil.isExpiredTime(AccessToken)
});
}
public dynamic Remove([FromRoute] int PostID)
{
string accessToken = Request.Headers[HeaderNames.Authorization];
string token = accessToken.Split("Bearer ")[1];
UserReadDTO userRead = TokenUtil.GetSubFromToken(token);
Task <CustomResponse> remove_task = _postService.Remove(PostID, userRead.UserID);
return(new
{
status = remove_task.Result.status,
code = (remove_task.Result.status ? ReturnCodes.DataRemoveSucceeded : ReturnCodes.DataRemoveFailed),
message = remove_task.Result.message
});
}
private LambdaDeclr CreateCurriedMethod(FuncInvoke ast, MethodSymbol functionType)
{
var srcMethod = functionType.MethodDeclr;
var fixedAssignments = new List <VarDeclrAst>();
var count = 0;
foreach (var argValue in ast.Arguments)
{
var srcArg = srcMethod.Arguments[count] as VarDeclrAst;
var token = new Token(srcArg.DeclarationType.Token.TokenType, argValue.Token.TokenValue);
var declr = new VarDeclrAst(token, srcArg.Token, new Expr(argValue.Token));
// if we're creating a curry using a variable then we need to resolve the variable type
// otherwise we can make a symbol for the literal
var newArgType = argValue.Token.TokenType == TokenType.Word ?
ast.CurrentScope.Resolve(argValue).Type
: ScopeUtil.CreateSymbolType(argValue);
// create a symbol type for the target we're invoking on so we can do type checking
var targetArgType = ScopeUtil.CreateSymbolType(srcArg.DeclarationType);
if (!TokenUtil.EqualOrPromotable(newArgType, targetArgType))
{
throw new InvalidSyntax(String.Format("Cannot pass argument {0} of type {1} to partial function {2} as argument {3} of type {4}",
argValue.Token.TokenValue,
newArgType.TypeName,
srcMethod.MethodName.Token.TokenValue,
srcArg.VariableName.Token.TokenValue,
targetArgType.TypeName));
}
fixedAssignments.Add(declr);
count++;
}
var newBody = fixedAssignments.Concat(srcMethod.Body.ScopedStatements).ToList();
var curriedMethod = new LambdaDeclr(srcMethod.Arguments.Skip(ast.Arguments.Count).ToList(), new ScopeDeclr(newBody));
SetScope(curriedMethod);
return(curriedMethod);
}
public IActionResult Login([FromBody] LoginViewModel login)
{
LoginViewModel usuarioBuscado = _mapper.Map <LoginViewModel>(_usuarioRepository.Login(login.Email, login.Senha));
if (usuarioBuscado == null)
{
return(BadRequest("Usuário ou senha inválidas."));
}
var token = new TokenUtil().GenerateToken(usuarioBuscado.Email, usuarioBuscado.Id.ToString(), usuarioBuscado.TipoUsuario);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token)
}));
}
public async Task <ResponseDataEntity> Login(LoginFormEntity formEntity)
{
if (string.IsNullOrEmpty(formEntity.LoginName) || string.IsNullOrEmpty(formEntity.Password))
{
return(ResponseUtil.Fail("请输入账号密码"));
}
if (formEntity.LoginName == "admin")
{
//这里实际应该通过db获取管理员
string password = EncryptUtil.MD5Encrypt(formEntity.Password, AprilConfig.SecurityKey);
if (password == "B092956160CB0018")
{
//获取管理员相关权限,同样是db获取,这里只做展示
AdminEntity admin = new AdminEntity
{
UserName = "******",
Avator = "",
IsSuperManager = true,
TokenType = (int)AprilEnums.TokenType.Web
};
string token = TokenUtil.GetToken(admin, out string expiretimestamp);
int expiretime = 0;
int.TryParse(expiretimestamp, out expiretime);
//可以考虑记录登录日志等其他信息
return(ResponseUtil.Success("", new { username = admin.UserName, avator = admin.Avator, token = token, expire = expiretime }));
}
}
else if (formEntity.LoginName == "test")
{
//这里做权限演示
AdminEntity admin = new AdminEntity
{
UserName = "******",
Avator = "",
TokenType = (int)AprilEnums.TokenType.Web
};
admin.Controllers.Add("weatherforecast");
admin.Permissions.Add("weatherforecast_log");//控制器_事件(Add,Update...)
string token = TokenUtil.GetToken(admin, out string expiretimestamp);
int expiretime = 0;
int.TryParse(expiretimestamp, out expiretime);
//可以考虑记录登录日志等其他信息
return(ResponseUtil.Success("", new { username = admin.UserName, avator = admin.Avator, token = token, expire = expiretime }));
}
//这里其实已经可以考虑验证码相关了,但是这是示例工程,后续可持续关注我,会有基础工程(带权限)的实例公开
return(ResponseUtil.Fail("账号密码错误"));
}
public static RetornoApi <RetornoLogin> GetToken(ConfiguracaoGeral config)
{
var result = TokenUtil.GetToken <RetornoLogin>(config);
if (result.Sucesso)
{
config.Token = result.Data.Data.AccesToken;
ConfiguracaoDTO.GetInstance.ConfSync = config;
if (!TokenUtil.IsTokenValido(config.Token))
{
result.Sucesso = false;
result.StatusCode = 401;
result.Mensagem = "Token Inválido.";
}
}
return(result);
}
public void OnActionExecuting(ActionExecutingContext context)
{
AdminEntity admin = TokenUtil.GetUserByToken();
if (admin == null || admin.ExpireTime <= DateTime.Now)
{
context.Result = new ObjectResult(new { msg = "未登录", code = -2 });
}
if (!admin.IsSuperManager)
{
string controller_permission = $"{Controller}_{Permission}";
if (!admin.Controllers.Contains(Controller) || !admin.Permissions.Contains(controller_permission))
{
context.Result = new ObjectResult(new { msg = "无权访问", code = 401 });
}
}
}
public BaseResponse <Object> GetUserInfo(string token)
{
BaseResponse <Object> s = new BaseResponse <Object>();
try
{
int uid = TokenUtil.GetUserId(token);
var uif = context.user.Where(p => p.id == uid).Select(p => new { screenName = p.name, desc = p.desc, portrait = p.portrait, background = p.background }).FirstOrDefault();
s.setContent(uif);
}
catch (Exception e)
{
s.setFailed(e.Message);
}
return(s);
}
private static SafeNativeHandle GetPrimaryTokenForUser(SecurityIdentifier sid, List <string> requiredPrivileges = null)
{
// According to CreateProcessWithTokenW we require a token with
// TOKEN_QUERY, TOKEN_DUPLICATE and TOKEN_ASSIGN_PRIMARY
// Also add in TOKEN_IMPERSONATE so we can get an impersonated token
TokenAccessLevels dwAccess = TokenAccessLevels.Query |
TokenAccessLevels.Duplicate |
TokenAccessLevels.AssignPrimary |
TokenAccessLevels.Impersonate;
foreach (SafeNativeHandle hToken in TokenUtil.EnumerateUserTokens(sid, dwAccess))
{
// Filter out any Network logon tokens, using become with that is useless when S4U
// can give us a Batch logon
NativeHelpers.SECURITY_LOGON_TYPE tokenLogonType = GetTokenLogonType(hToken);
if (tokenLogonType == NativeHelpers.SECURITY_LOGON_TYPE.Network)
{
continue;
}
// Check that the required privileges are on the token
if (requiredPrivileges != null)
{
List <string> actualPrivileges = TokenUtil.GetTokenPrivileges(hToken).Select(x => x.Name).ToList();
int missing = requiredPrivileges.Where(x => !actualPrivileges.Contains(x)).Count();
if (missing > 0)
{
continue;
}
}
// Duplicate the token to convert it to a primary token with the access level required.
try
{
return(TokenUtil.DuplicateToken(hToken, TokenAccessLevels.MaximumAllowed, SecurityImpersonationLevel.Anonymous,
TokenType.Primary));
}
catch (Process.Win32Exception)
{
continue;
}
}
return(null);
}
public BaseResponse <Object> CreateTimeline(IFormFile[] files, string token, int lesson_id, string location, string content)
{
BaseResponse <Object> rsp = new BaseResponse <object>();
int uid = TokenUtil.GetUserId(token);
Timeline tl = new Timeline();
tl.userId = uid;
tl.content = content;
tl.lessonId = lesson_id;
tl.location = location;
try
{
if (files != null && files.Length > 0)
{
if (string.IsNullOrWhiteSpace(_environment.WebRootPath))
{
_environment.WebRootPath = Path.Combine(Directory.GetCurrentDirectory(), "wwwroot");
}
var uploads = Path.Combine(_environment.WebRootPath, "uploads");
List <string> pictures = new List <string>();
foreach (IFormFile file in files)
{
if (file != null)
{
string fileName = uid + "timeline" + file.FileName;
string path = Path.Combine(uploads, fileName);
using (var fileStream = new FileStream(path, FileMode.Create))
{
file.CopyTo(fileStream);
}
pictures.Add(PicutreUrl + fileName);
}
}
tl.pictures = ConvertPictureList(pictures);
}
mContext.timeline.Add(tl);
mContext.SaveChanges();
}
catch (Exception e)
{
rsp.setFailed(e.Message);
}
return(rsp);
}
public ResponseWrapper <string> GetClientId()
{
ResponseWrapper <string> response = new ResponseWrapper <string>();
string clientId = TokenUtil.NewToken();
MyQQEntity myQQEntity = new MyQQEntity();
myQQEntity.ClientID = clientId;
myQQEntity.Online = MyQQEntity.OnlineStatus.None;
CacheUtil.Add(clientId, myQQEntity);
response.ReturnCode = 1;
response.Message = "Get client id successfully.";
response.InnerMessage = "Please remember to append the client id value for the next api request.";
response.Result = clientId;
return(response);
}
public BaseResponse <Object> RemoveLessonFromTimetable(string token, int id)
{
BaseResponse <Object> rsp = new BaseResponse <Object>();
try
{
var lm = mContext.lesson_map.Where(p => p.uid == TokenUtil.GetUserId(token) && p.lid == id).FirstOrDefault();
if (lm != null)
{
mContext.lesson_map.Remove(lm);
mContext.SaveChanges();
}
}
catch (Exception e)
{
rsp.setFailed(e.Message);
}
return(rsp);
}
public HttpResponseMessage IsTokenValid(string Token)
{
try
{
if (MethodHelper.IsNullOrEmpty(Token))
{
throw new ArgumentNullException("登入失敗");
}
var tokenTechnician = TokenUtil <TvenderTechnician> .Parse(Token);
if (tokenTechnician == default(TvenderTechnician))
{
throw new Exception("登入失敗");
}
var con = new Conditions <DataBase.TVenderTechnician>();
//取得MD5資訊
var md5Password = Identity.ClearPassword.GetMd5Hash(tokenTechnician.Password).ToUpper();
con.And(x => x.Account == tokenTechnician.Account &&
x.Password == md5Password);
var currentTechnician = _technicianRepo.Get(con);
if (currentTechnician == null)
{
throw new Exception("登入失敗");
}
return(Request.CreateResponse(
HttpStatusCode.OK,
new JsonResult <Boolean>(true, "使用者驗證成功", 1, true)));
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
$"{ ex.GetType().Name}:Message:{ex.Message}"));
}
}
public HttpResponseMessage VendorLogin(string Account, string Password, string UUID)
{
try
{
if (MethodHelper.IsNullOrEmpty(Account, Password, UUID))
{
throw new ArgumentNullException($"未輸入帳號密碼");
}
//取得MD5資訊
var md5Password = Identity.ClearPassword.GetMd5Hash(Password).ToUpper();
TvenderTechnician result = _userService.VendorLogin(Account, md5Password, UUID);
return(Request.CreateResponse(
HttpStatusCode.OK,
new JsonResult <TechnicianResultApiViewModel>(new TechnicianResultApiViewModel(result)
{
Password = Password,
Token = TokenUtil <TvenderTechnician> .Create(new TvenderTechnician()
{
Account = result.Account,
Password = Password,
DeviceID = UUID,
})
}, "登入成功", 1, true)));
}
catch (ArgumentOutOfRangeException ex)
{
return(Request.CreateResponse(
HttpStatusCode.OK,
new JsonResult <object>(new { clearUUID = true }, ex.ParamName, 1, true)));
}
catch (Exception ex)
{
_logger.Error(ex.Message);
return(Request.CreateResponse(
HttpStatusCode.OK,
new JsonResult <TechnicianResultApiViewModel>(null, ex.Message, 1, false)));
}
}
public async Task <bool> RequestResetPassword(string email)
{
return(await Task.Run(() =>
{
var user = _userRepository.GetUsers().FirstOrDefault(u => u.Email.Equals(email));
if (user == null)
{
return false;
}
var token = TokenUtil.GenerateToken();
var newUser = user.Clone();
newUser.ResetPasswordToken = token;
_userRepository.UpdateUser(user, newUser);
Mailer.SendResetRequest(user.Email, token);
return true;
}));
}
public BaseResponse <string> Login(string username, string password)
{
BaseResponse <string> rsp = new BaseResponse <string>();
try
{
var uif = context.user.Where(p => p.name.Equals(username) && p.password.Equals(password)).ToList()[0];
if (uif != null)
{
rsp.setContent(TokenUtil.CreateToken(uif.id));
}
}
catch (Exception e)
{
rsp.setContent(null);
rsp.setFailed("用户名或密码错误");
}
return(rsp);
}
public BaseResponse <List <List <Lesson> > > GetTimetable(string token)
{
BaseResponse <List <List <Lesson> > > timetable = new BaseResponse <List <List <Lesson> > >();
try
{
var lessonList = mContext.lesson_map.Where(p => p.uid == TokenUtil.GetUserId(token)).Select(p => p.lid).ToList();
if (lessonList != null)
{
Timetable t = new Timetable(lessonList);
timetable.setContent(t.timetable);
}
}
catch (Exception e)
{
timetable.setFailed(e.Message);
}
return(timetable);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// EF数据库配置
var connectionString = Configuration.GetConnectionString("DefaultConnection");
if (connectionString == null)
{
throw new Exception("ConnectionString is null...");
}
services.AddDbContext <UserContext>(options => options.UseMySql(connectionString, ServerVersion.AutoDetect(connectionString)));
// 添加认证,此处使用Bearer的Jwt Token
//https://forums.asp.net/t/2105147.aspx?Authorization+using+cookies+for+views+and+bearer+tokens+for+json+results
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = TokenUtil.Create();
});
// MVC设置,此处使用camelCase的Json格式
services.AddControllers().AddJsonOptions(options =>
options.JsonSerializerOptions.PropertyNamingPolicy =
System.Text.Json.JsonNamingPolicy.CamelCase);
// 添加Swagger
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo {
Title = "My API", Version = "v1"
});
AddXmlComments(c);
});
// 添加自定义服务接口及实现
services.AddScoped <IUserService, UserService>();
services.AddScoped <IPasswordHasher, PasswordHasher>();
services.AddScoped <DbContext, UserContext>();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// EF数据库配置
var connectionString = Configuration.GetConnectionString("DefaultConnection");
if (connectionString == null)
{
throw new Exception("ConnectionString is null...");
}
services.AddDbContext <UserContext>(options => options.UseSqlite(connectionString));
// 添加认证,此处使用Bearer的Jwt Token
//https://forums.asp.net/t/2105147.aspx?Authorization+using+cookies+for+views+and+bearer+tokens+for+json+results
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = TokenUtil.Create();
});
// MVC设置,此处使用camelCase的Json格式
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1).AddJsonOptions(options =>
options.SerializerSettings.ContractResolver =
new CamelCasePropertyNamesContractResolver());
// 添加Swagger
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "My API", Version = "v1"
});
AddXmlComments(c);
});
// 添加自定义服务接口及实现
services.AddScoped <IUserService, UserService>();
services.AddScoped <IPasswordHasher, PasswordHasher>();
services.AddScoped <DbContext, UserContext>();
}
private static NativeHelpers.SECURITY_LOGON_TYPE GetTokenLogonType(SafeNativeHandle hToken)
{
TokenStatistics stats = TokenUtil.GetTokenStatistics(hToken);
SafeLsaMemoryBuffer sessionDataPtr;
UInt32 res = NativeMethods.LsaGetLogonSessionData(ref stats.AuthenticationId, out sessionDataPtr);
if (res != 0)
{
// Default to Network, if we weren't able to get the actual type treat it as an error and assume
// we don't want to run a process with the token
return(NativeHelpers.SECURITY_LOGON_TYPE.Network);
}
using (sessionDataPtr)
{
NativeHelpers.SECURITY_LOGON_SESSION_DATA sessionData = (NativeHelpers.SECURITY_LOGON_SESSION_DATA)Marshal.PtrToStructure(
sessionDataPtr.DangerousGetHandle(), typeof(NativeHelpers.SECURITY_LOGON_SESSION_DATA));
return(sessionData.LogonType);
}
}
public BaseResponse <Object> EditDescription(string token, string desc)
{
BaseResponse <Object> rsp = new BaseResponse <object>();
try
{
int uid = TokenUtil.GetUserId(token);
var uif = context.user.Where(p => p.id == uid).FirstOrDefault();
if (uif != null)
{
uif.desc = desc;
}
context.SaveChanges();
}
catch (Exception e)
{
rsp.setFailed(e.Message);
}
return(rsp);
}
public void UpdateUserInfor_NullParameters_ActualFalse()
{
//Arrange
UserReadDTO userReadDTO = null;
Utilities.JWT.TokenResponse tokens = TokenUtil.GenerateTokens(userReadDTO, tokenProviderOption);
DTO.ReadDTO.TokenReadDTO tokenReadDTO = new DTO.ReadDTO.TokenReadDTO
{
AccessToken = tokens.AccessToken,
AccessTokenExpriesIn = tokens.AccessTokenExpiresIn,
RefreshToken = tokens.RefreshToken,
RefreshTokenExpriesIn = tokens.RefreshTokenExpiresIn,
};
//Act
var status = userService.UpdateUserInfor(userReadDTO).Result.status;
//Assert
Assert.AreEqual(status, false);
}
public void UpdateUserInfor_Success_ActualFalse()
{
//Arrange
db.Users.RemoveRange(db.Users);
db.SaveChanges();
User user = new User();
user.UserID = Guid.NewGuid();
user.UserName = "******";
user.Email = "*****@*****.**";
user.HashPassword = BCryptUtil.HashPassword("123456");
user.isAuthenticated = false;
db.Users.Add(user);
db.SaveChanges();
UserReadDTO userReadDTO = new UserReadDTO
{
UserID = user.UserID.ToString(),
Email = "*****@*****.**",
UserName = "******"
};
Utilities.JWT.TokenResponse tokens = TokenUtil.GenerateTokens(userReadDTO, tokenProviderOption);
DTO.ReadDTO.TokenReadDTO tokenReadDTO = new DTO.ReadDTO.TokenReadDTO
{
AccessToken = tokens.AccessToken,
AccessTokenExpriesIn = tokens.AccessTokenExpiresIn,
RefreshToken = tokens.RefreshToken,
RefreshTokenExpriesIn = tokens.RefreshTokenExpiresIn,
};
//Act
var status = userService.UpdateUserInfor(userReadDTO).Result.status;
//Assert
Assert.AreEqual(status, true);
}
public async Task <bool> RefreshToken()
{
string refresh_token = await TokenUtil.GetRefreshToken();
if (string.IsNullOrEmpty(refresh_token))
{
return(false);
}
HttpResponseMessage response = await _restService.Post(Urls.TokenRefresh, "refresh_token", refresh_token);
if (response == null || response.StatusCode == System.Net.HttpStatusCode.NoContent)
{
return(false);
}
string result = await response.Content.ReadAsStringAsync();
TokenResponse res = JsonConvert.DeserializeObject <TokenResponse>(result);
TokenUtil.SetAccessToken(res);
return(true);
}
private UserModel ReAuthenticate(string refreshToken, out bool isValidated)
{
UserModel model;
try
{
// refreshTokenのデコード
model = TokenUtil.DecodeRefreshToken(refreshToken, this._config.Jwt.RefreshTokenKey, this._config.Jwt.TokenKey, this._config.Jwt.Issuer);
// DBデータとの整合性を図る
using (this._context)
{
var userData =
(
from users in this._context.Users
where
users.IsDeleted == false &&
users.UserId == model.UserName &&
users.MailAddress == model.MailAddress &&
users.IsConfirmed == true
select users
).FirstOrDefault();
if (userData == null)
{
isValidated = false;
return(null);
}
}
}
catch
{
isValidated = false;
return(null);
}
isValidated = true;
return(model);
}
public async Task <bool> PerformResetPassword(ResetPasswordDto dto)
{
return(await Task.Run(() =>
{
var user = _userRepository.GetUsers().FirstOrDefault(u => u.Email.Equals(dto.Email));
if (user == null)
{
return false;
}
if (TokenUtil.IsValid(dto.Token) && user.ResetPasswordToken.Equals(dto.Token))
{
var newUser = user.Clone();
newUser.Password = dto.Password;
newUser.ResetPasswordToken = null;
_userRepository.UpdateUser(user, newUser);
return true;
}
return false;
}));
}
public async Task <ActionResult <TodoListItem> > Post(TodoListItem todoListItem)
{
try
{
var u = await _context.Users.SingleOrDefaultAsync(u => u.Email == TokenUtil.GetUserEmail(Request.Headers["Authorization"], _jwtSettings));
if (u == null)
{
return(Unauthorized());
}
var t = await _context.TodoListItems.AddAsync(todoListItem);
await _context.SaveChangesAsync();
return(t.Entity);
}
catch
{
return(BadRequest());
}
}
public async Task <IActionResult> GetConvitesAsync()
{
IEnumerable <ConvitesViewModel> convites = new List <ConvitesViewModel>();
var accessToken = HttpContext.User.Claims.First(c => c.Type == ClaimTypes.Role);
int idToken = Convert.ToInt32(HttpContext.User.Claims.First(c => c.Type == "id").Value);
var token = new TokenUtil();
if (accessToken.Value.ToString() == EnTiposUsuario.ADMINISTRADOR.ToString())
{
// busca todos
convites = _conviteRepository.TodosOsEventos();
}
else
{
// busca somente seus próprios convites
convites = _conviteRepository.MeusEventos(idToken);
}
return(Ok(convites));
}
