public async Task <IActionResult> SignIn([FromBody] SignInModel model)
{
// Валидация
if (string.IsNullOrEmpty(model.login.Trim()) || string.IsNullOrEmpty(model.pass.Trim()))
{
throw new Exception(TextResource.Auth_EmptyValues);
}
if (model.login.Length < 5 || model.login.Length > 20)
{
throw new Exception(TextResource.Auth_LoginWrongLength);
}
if (model.pass.Length < 4 || model.pass.Length > 30)
{
throw new Exception(TextResource.Auth_PassWrongLength);
}
var dbUser = await _dbContext.Users.FirstOrDefaultAsync(x => x.Login == model.login)
.ConfigureAwait(false);
if (dbUser == null)
{
throw new Exception("Неправильный логин или пароль");
}
var password = PasswordHelpers.EncryptPassword(model.pass, dbUser.Pass.Salt);
if (!PasswordHelpers.SlowEquals(password, dbUser.Pass.Password))
{
throw new Exception("Неправильный логин или пароль");
}
var now = DateTime.UtcNow;
var user = new
{
dbUser.Id,
dbUser.Login,
dbUser.FirstName,
dbUser.MiddleName,
dbUser.Surname,
dbUser.Email,
dbUser.BirthDate,
dbUser.City
};
var dbToken = await _dbContext.Tokens.FirstOrDefaultAsync(x => x.Id == dbUser.TokenId)
.ConfigureAwait(false);
if (dbToken != null && dbToken.TokenExpiredDate >= now)
{
return(new JsonResult(new SignInResponse
{
access_token = dbToken.AccessToken,
refresh_token = dbToken.RefreshToken,
expired_in = (dbToken.TokenExpiredDate - now).TotalSeconds,
user = user
}));
}
bool isFirst = false;
// Если пользователь авторизуется впервые
if (dbToken == null)
{
dbToken = new Token();
isFirst = true;
}
await TokenHelpers.GenerateToken(dbUser.Id.ToString(), dbToken, _dbContext, isFirst)
.ConfigureAwait(false);
dbUser.TokenId = dbToken.Id;
await _dbContext.SaveChangesAsync(true)
.ConfigureAwait(false);
return(new JsonResult(new SignInResponse
{
access_token = dbToken.AccessToken,
refresh_token = dbToken.RefreshToken,
expired_in = (dbToken.TokenExpiredDate - now).TotalSeconds,
user = user
}));
}
public async Task <JsonResult> Update(MyPageModel model)
{
var dbUser = await _dbContext.GetUserAsync(User.Identity.Name, true)
.ConfigureAwait(false);
var passwordChanged = !string.IsNullOrEmpty(model.Pass);
if (passwordChanged)
{
var password = PasswordHelpers.EncryptPassword(model.CurrentPass, dbUser.Pass.Salt);
if (!PasswordHelpers.SlowEquals(password, dbUser.Pass.Password))
{
throw new Exception(TextResource.API_NoAccess);
}
var salt = PasswordHelpers.GenerateSalt();
var hash = PasswordHelpers.EncryptPassword(model.Pass, salt);
dbUser.Pass.Password = hash;
dbUser.Pass.Salt = salt;
}
var IV = dbUser.IV;
var firstName = PasswordHelpers.EncryptData(model.FirstName, IV);
var surName = PasswordHelpers.EncryptData(model.Surname, IV);
var email = PasswordHelpers.EncryptData(model.Email, IV);
var middleName = string.IsNullOrEmpty(model.MiddleName) ? null : PasswordHelpers.EncryptData(model.MiddleName, IV);
var birthdate = string.IsNullOrEmpty(model.BirthDate) ? null : PasswordHelpers.EncryptData(model.BirthDate, IV);
var city = string.IsNullOrEmpty(model.City) ? null : PasswordHelpers.EncryptData(model.City, IV);
dbUser.FirstName = firstName;
dbUser.Surname = surName;
dbUser.MiddleName = middleName;
dbUser.City = city;
dbUser.Email = email;
dbUser.BirthDate = birthdate;
_dbContext.Update(dbUser);
await _dbContext.SaveChangesAsync()
.ConfigureAwait(false);
var user = new
{
dbUser.Login,
FirstName = model.FirstName,
Surname = model.Surname,
MiddleName = model.MiddleName,
City = model.City,
Email = model.Email,
BirthDate = model.BirthDate
};
await _dbContext.GetUserAsync(User.Identity.Name, true)
.ConfigureAwait(false);
return(new JsonResult(new
{
status = HttpStatusCode.OK,
newUser = user,
passwordChanged = passwordChanged
}, _jsonOptions));
}