public virtual Task <UserModel> Login(UserModel loginModel)
{
if (loginModel == null || string.IsNullOrEmpty(loginModel.UserName) || string.IsNullOrEmpty(loginModel.Password))
{
return(Task.FromResult <UserModel>(null));
}
var accessLogModel = new
{
Ip = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString(),
Username = loginModel.UserName,
Password = loginModel.Password
};
_accessLogger.Info($"{Newtonsoft.Json.JsonConvert.SerializeObject(accessLogModel)}");
if (!_userDAO.ValidatePassword(loginModel.UserName, loginModel.Password))
{
return(Task.FromResult <UserModel>(null));
}
UserDBModel userModel = _userDAO.GetUser(loginModel.UserName);
Random random = new Random();
var byteArray = new byte[256];
random.NextBytes(byteArray);
string cookie = Sha256HashUtils.ComputeSha256Hash(byteArray);
string inrole = userModel.Role > 0 ? "1" : "0";
if (userModel.Role > 50)
{
inrole = "100";
}
string allCookie = $"{EncoderUtils.Base64Encode(loginModel.UserName)}-{cookie}-{inrole}";
if (!_userDAO.SaveSession(cookie, DateTime.UtcNow.AddDays(1)))
{
return(Task.FromResult <UserModel>(null));
}
loginModel.Password = null;
loginModel.Cookie = allCookie;
loginModel.Status = "ok";
_httpContextAccessor.HttpContext.Response.Cookies.Append(AUTH_COOKIE, loginModel.Cookie, new CookieOptions
{
Expires = DateTime.Now.AddDays(3),
HttpOnly = false
});
return(Task.FromResult(loginModel));
}
public override string CreateCookie(UserDBModel user, HttpContext context)
{
Random random = new Random();
var byteArray = new byte[256];
random.NextBytes(byteArray);
string cookieHash = Sha256HashUtils.ComputeSha256Hash(byteArray);
string inrole = user.Role.ToString();
if (user.Role > ADMIN_ROLE)
{
inrole = ADMIN_ROLE_COOKIE_VALUE;
}
IUserDAO userDAO = context.RequestServices.GetRequiredService <IUserDAO>();
bool saveSessionResult = userDAO.SaveSession(cookieHash, DateTime.UtcNow.Add(COOKIE_VALID_FOR));
if (!saveSessionResult)
{
return(null);
}
string allCookie = string.Format(COOKIE_FORMAT, EncoderUtils.Base64Encode(user.UserName), cookieHash, inrole);
string encodedCookie = _protector.Protect(allCookie);
CookieOptions cookieOptions = new CookieOptions
{
Expires = DateTime.UtcNow.AddDays(1)
};
context.Response.Cookies.Append(COOKIE_KEY, encodedCookie, cookieOptions);
return(encodedCookie);
}
