private void AuditLogin(string username, string ipAddress, bool isValidLogin)
{
CPDatabase database = null;
try
{
database = new CPDatabase();
// Audit login
AuditLogin audit = new AuditLogin();
audit.IPAddress = ipAddress;
audit.Username = username;
audit.LoginStatus = isValidLogin;
audit.AuditTimeStamp = DateTime.Now;
database.AuditLogins.Add(audit);
database.SaveChanges();
this.logger.Debug(username + "attempted to login to CloudPanel. Is valid login? " + isValidLogin.ToString());
}
catch (Exception ex)
{
this.logger.Error("Error adding entry to the login audit table.", ex);
throw;
}
finally
{
if (database != null)
{
database.Dispose();
}
}
}
private void AuditLogin(ref AuditLogin data)
{
var repo = new AuditLoginRepository(_uow);
try
{
var UserID = data.UserID;
var currentData = repo.ReadByLambda(x => x.UserID == UserID & x.IsActive).FirstOrDefault();
if (currentData != null)
{
data = currentData;
data.UserKey = Guid.NewGuid().ToString();
data.LoginDate = DateTime.Now;
data.IPAddress = data.IPAddress;
data.ModifiedBy = data.UserID;
data.ModifiedDate = DateTime.Now;
_uow.BeginTransaction();
repo.Update(data);
_uow.CommitTransaction();
}
else
{
data.LogID = Helper.GeneratedID(Convert.ToInt32(_uow.GetAppSettings("LengthRandomString")), data.UserID);
data.UserKey = Guid.NewGuid().ToString();
data.IsActive = true;
data.CreatedBy = data.UserID;
data.CreatedDate = DateTime.Now;
data.LoginDate = DateTime.Now;
_uow.BeginTransaction();
repo.Insert(data);
_uow.CommitTransaction();
}
}
catch (Exception ex)
{
_uow.RollbackTransaction();
throw;
}
finally
{
_uow.Dispose();
}
}
public void OnActionExecuting(ActionExecutingContext context)
{
var response = new ApiResponseModel();
var validations = new List <Validation>();
var AuthToken = (context.HttpContext.Request.Headers.TryGetValue("AuthToken", out var authorizationToken)) ? authorizationToken.ToString() : string.Empty;
var ip = context.HttpContext.Connection.RemoteIpAddress;
var auditLoginRepo = new AuditLoginRepository(_uow);
var currentData = new AuditLogin();
try
{
if (string.IsNullOrEmpty(AuthToken))
{
validations.Add(new Validation()
{
Key = "Token", Value = "Please send your Token to Access this resource"
});
}
else
{
var val = AuthToken.Split(".");
if (val.Length != int.Parse(_uow.GetAppSettings("SecuredTokenLength")))
{
validations.Add(new Validation()
{
Key = "Token", Value = "Incorrect Token Format"
});
}
else
{
var UserClaim = Helper.Decrypt(val[0], _uow.GetAppSettings("passPhrase"), _uow.GetAppSettings("SaltFixed"), _uow.GetAppSettings("hashAlgorithm"), int.Parse(_uow.GetAppSettings("passwordIterations")), _uow.GetAppSettings("initVector"), int.Parse(_uow.GetAppSettings("keySize")));
var UserToken = Helper.Decrypt(val[1], _uow.GetAppSettings("passPhrase"), _uow.GetAppSettings("SaltFixed"), _uow.GetAppSettings("hashAlgorithm"), int.Parse(_uow.GetAppSettings("passwordIterations")), _uow.GetAppSettings("initVector"), int.Parse(_uow.GetAppSettings("keySize")));
var IpAddress = Helper.Decrypt(val[2], _uow.GetAppSettings("passPhrase"), _uow.GetAppSettings("SaltFixed"), _uow.GetAppSettings("hashAlgorithm"), int.Parse(_uow.GetAppSettings("passwordIterations")), _uow.GetAppSettings("initVector"), int.Parse(_uow.GetAppSettings("keySize")));;
var ExecutedDate = Helper.Decrypt(val[3], _uow.GetAppSettings("passPhrase"), _uow.GetAppSettings("SaltFixed"), _uow.GetAppSettings("hashAlgorithm"), int.Parse(_uow.GetAppSettings("passwordIterations")), _uow.GetAppSettings("initVector"), int.Parse(_uow.GetAppSettings("keySize")));;
UserClaim UserClaimResult = Helper.JSONDeserialize <UserClaim>(UserClaim);
_uow.OpenConnection("dbConnection");
currentData = auditLoginRepo.ReadByLambda(x => x.UserID == UserClaimResult.UserID).FirstOrDefault();
if (currentData == null)
{
validations.Add(new Validation()
{
Key = "User", Value = "We couldnt find your user id"
});
}
else
{
if (currentData.UserKey != UserToken)
{
validations.Add(new Validation()
{
Key = "User", Value = "Incorrect User Token"
});
}
else
{
if (currentData.IPAddress != IpAddress)
{
validations.Add(new Validation()
{
Key = "User", Value = "Oooppsss another user use your user id"
});
}
else
{
if (currentData.IPAddress != ip.ToString())
{
validations.Add(new Validation()
{
Key = "User", Value = "Oooppsss there is someone on middle"
});
}
else
{
////7GgDQjrzTdLDVkw/2q6U3xYt3Kk7pKtWp1WHyMHhE3s= --> 2020-05-22 13:35:53
var date = DateTime.Parse(ExecutedDate);
}
}
}
}
}
}
response.Validations = validations;
if (response.Validations.Count > 0)
{
context.HttpContext.Response.StatusCode = (int)ResponseMessageEnum.UnAuthorized;
context.Result = ApiHelper.Response(ResponseMessageEnum.UnAuthorized, response);
}
}
catch
{
context.Result = ApiHelper.Response(ResponseMessageEnum.InternalServerError, response);
}
}
public ApiResponseModel Login(MasterUser data, string ipAddress)
{
var response = new ApiResponseModel();
var validations = new List <Validation>();
_uow.OpenConnection(base.SQLDBConn);
var SaltFixed = _uow.GetAppSettings("SaltFixed");
var passPhrase = _uow.GetAppSettings("passPhrase");
var hashAlgorithm = _uow.GetAppSettings("hashAlgorithm");
var passwordIterations = _uow.GetAppSettings("passwordIterations");
var initVector = _uow.GetAppSettings("initVector");
var keySize = _uow.GetAppSettings("keySize");
MasterUser currentData = new MasterUser();
var UserRepository = new MasterUserRepository(_uow);
var dataAudit = new AuditLogin();
var AuthToken = string.Empty;
var UserKey = string.Empty;
var Ip = string.Empty;
var UserClaimResult = string.Empty;
try
{
currentData = UserRepository.GetSingleData(data);
if (currentData == null)
{
validations.Add(new Validation()
{
Key = "Username", Value = "We could not find your username, make sure you input the right username"
});
}
else
{
data.Password = Helper.HashWithSalt(data.Password, currentData.PasswordSalt, SHA384.Create());
if (data.Password != currentData.Password)
{
validations.Add(new Validation()
{
Key = "Password", Value = "Password is incorrect"
});
}
else
{
dataAudit.UserID = currentData.UserID;
dataAudit.IPAddress = ipAddress;
AuditLogin(ref dataAudit);
var userClaim = GetUserClaim(data);
var obj = new UserClaim
{
UserID = dataAudit.UserID,
UserEmail = userClaim.Email,
UserName = userClaim.UserName,
UserFullName = userClaim.FullName
};
UserClaimResult = Helper.Encrypt(Helper.JSONSerialize(obj), passPhrase, SaltFixed, hashAlgorithm, int.Parse(passwordIterations), initVector, int.Parse(keySize));
UserKey = Helper.Encrypt(dataAudit.UserKey, passPhrase, SaltFixed, hashAlgorithm, int.Parse(passwordIterations), initVector, int.Parse(keySize));
Ip = Helper.Encrypt(ipAddress, passPhrase, SaltFixed, hashAlgorithm, int.Parse(passwordIterations), initVector, int.Parse(keySize));
AuthToken = UserClaimResult + "." + UserKey + "." + Ip;
response.Result = new { AuthToken = AuthToken };
}
}
response.Validations = validations;
return(response);
}
catch
{
throw;
}
finally
{
_uow.Dispose();
}
}
