public async Task <IActionResult> ChangePassword(ChangePasswordRequest req)
{
if (HttpContext.User.IsAnonymous())
{
return(Challenge());
}
if (!ModelState.IsValid)
{
return(View());
}
var user = await Db.Users
.SingleOrDefaultAsync(x => x.Id == HttpContext.User.GetUserId());
byte[] newHash = AuthUtils.GetHashFor(req.OldPassword, user.PasswordSalt);
if (!Enumerable.SequenceEqual(newHash, user.PasswordHash))
{
ModelState.AddModelError("", "Incorrect password");
return(View());
}
user.PasswordSalt = AuthUtils.GetRandomData(64);
user.PasswordHash = AuthUtils.GetHashFor(req.NewPassword, user.PasswordSalt);
await Db.SaveChangesAsync();
return(RedirectToAction("News", "Issue"));
}
public async Task <IActionResult> Register(RegisterRequest req, [FromQuery] string redirect = "")
{
if (!ModelState.IsValid)
{
return(View());
}
try
{
ViewData["RedirectTo"] = new PathString(redirect);
}
catch (ArgumentException)
{
ViewData["RedirectTo"] = new PathString("");
}
var user = await Db.Users.SingleOrDefaultAsync(x => x.Username == req.Username && x.FullName == req.FullName);
if (user != null)
{
ModelState.AddModelError("", "User already exists");
return(View());
}
Invite inv = await Db.Invites
.SingleAsync(x => x.Uid == req.InviteID);
User newUser = new User()
{
RoleId = inv.RoleId, // Anonymous role
Username = req.Username,
FullName = req.FullName,
PasswordSalt = AuthUtils.GetRandomData(64)
};
newUser.PasswordHash = AuthUtils.GetHashFor(req.Password, newUser.PasswordSalt);
await Db.AddAsync(newUser);
Db.Remove(inv);
await Db.SaveChangesAsync();
var userIdentity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
userIdentity.AddClaims(new Claim[] {
new Claim(ClaimTypes.PrimarySid, newUser.Id.ToString()),
new Claim(ClaimTypes.NameIdentifier, newUser.Username),
new Claim(ClaimTypes.Name, newUser.FullName),
new Claim(ClaimTypes.Role, newUser.RoleId.ToString())
});
var principal = new ClaimsPrincipal(userIdentity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
try
{
return(Redirect(new PathString(redirect)));
}
catch (ArgumentException)
{
return(RedirectToAction("News", "Issue"));
}
}
public async Task <IActionResult> Login(LoginRequest req, [FromQuery] string redirect = "")
{
if (!ModelState.IsValid)
{
return(View());
}
try
{
ViewData["RedirectTo"] = new PathString(redirect);
}
catch (ArgumentException)
{
ViewData["RedirectTo"] = new PathString("");
}
var user = await Db.Users
.SingleOrDefaultAsync(x => x.Username == req.Username);
if (user == null)
{
ModelState.AddModelError("", "User not found");
return(View());
}
byte[] newHash = AuthUtils.GetHashFor(req.Password, user.PasswordSalt);
if (!Enumerable.SequenceEqual(newHash, user.PasswordHash))
{
ModelState.AddModelError("", "Incorrect password");
return(View());
}
var userIdentity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
userIdentity.AddClaims(new Claim[] {
new Claim(ClaimTypes.PrimarySid, user.Id.ToString()),
new Claim(ClaimTypes.NameIdentifier, user.Username),
new Claim(ClaimTypes.Name, user.FullName)
});
var principal = new ClaimsPrincipal(userIdentity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
try
{
return(Redirect(new PathString(redirect)));
}
catch (ArgumentException)
{
return(RedirectToAction("News", "Issue"));
}
}
public static void BuildDb()
{
var cfg = new ConfigurationBuilder()
.AddJsonFile("appsettings.json")
.Build();
var dbOpts = new DbContextOptionsBuilder <PBugContext>().UseMySql(cfg.GetConnectionString("Database"));
using (var ctx = new PBugContext(dbOpts.Options))
{
var logger = LoggerFactory.Create(opts => opts.AddConsole()).CreateLogger("PBug");
logger.LogInformation("Ensuring creation of DB");
ctx.Database.EnsureCreated();
if (!ctx.Users.Any())
{
Role anonymous = new Role()
{
Name = "Anonymous",
Permissions = ""
};
Role admin = new Role()
{
Name = "Administrator",
Permissions = "**"
};
ctx.AddRange(anonymous, admin);
User system = new User()
{
Role = admin,
Username = "******",
FullName = "PBug System"
};
string password = Convert.ToBase64String(AuthUtils.GetRandomData(64));
system.PasswordSalt = AuthUtils.GetRandomData(64);
system.PasswordHash = AuthUtils.GetHashFor(password, system.PasswordSalt);
ctx.Add(system);
ctx.SaveChanges();
File.WriteAllText("systempass.txt", password);
logger.LogInformation("Created database. System password is in systempass.txt", password);
}
}
}