Пример #1
0
        public IActionResult Login([FromBody] AuthenticationModel values)
        {
            try
            {
                LoggerBundle.Trace("Registered POST request on LoginsController.Login");

                //validate data
                String passwordBase64 = values?.Password;
                if (String.IsNullOrWhiteSpace(passwordBase64) || String.IsNullOrWhiteSpace(values.Username))
                {
                    LoggerBundle.Trace("Validation failed: empty username or password");
                    return(StatusCode((Int32)HttpStatusCode.Unauthorized));
                }

                // hash password
                Byte[] bPassword    = Convert.FromBase64String(passwordBase64);
                String password     = Encoding.UTF8.GetString(bPassword);
                String passwordHash = new Sha512HashPipe().Process(password);

                // normalize username
                values.Username = values.Username.Trim();

                // check database for given username
                User user;
                using (DataContext dc = DataContextFactory.GetInstance())
                {
                    user = dc.SetUsers.AsNoTracking().FirstOrDefault(x => x.Username.Equals(values.Username));
                }

                if (null == user)
                {
                    LoggerBundle.Trace($"No user found for given username '{values.Username}'");
                    return(StatusCode((Int32)HttpStatusCode.Unauthorized));
                }

                if (!user.Password.Equals(passwordHash))
                {
                    LoggerBundle.Trace($"Login attempt for user '{user.Username}' failed");
                    return(StatusCode((Int32)HttpStatusCode.Unauthorized));
                }

                // prepare token generation
                JwtPayload payload = UserJwtPayloadPipe.Process(user);
                return(ProcessPayload(payload));
            }
            catch (Exception ex)
            {
                LoggerBundle.Error(ex);
                return(StatusCode((Int32)HttpStatusCode.Unauthorized));
            }
        }
Пример #2
0
        public IActionResult Use(String token, [FromBody] InviteModel model)
        {
            try
            {
                LoggerBundle.Trace("Registered POST request on InviteController.Use");

                // validate
                if (null == token)
                {
                    LoggerBundle.Trace("Validation failed: token is null");
                    return(StatusCode((Int32)HttpStatusCode.BadRequest));
                }

                if (null == model)
                {
                    LoggerBundle.Trace("Validation failed: model is undefined");
                    return(StatusCode((Int32)HttpStatusCode.BadRequest));
                }

                String passwordBase64 = model.Password?.Trim();
                if (String.IsNullOrWhiteSpace(passwordBase64))
                {
                    LoggerBundle.Trace("Validation failed: password is empty");
                    return(StatusCode((Int32)HttpStatusCode.BadRequest));
                }

                String username = model.Username?.Trim();
                if (String.IsNullOrWhiteSpace(username))
                {
                    LoggerBundle.Trace("Validation failed: username is empty");
                    return(StatusCode((Int32)HttpStatusCode.BadRequest));
                }

                Byte[] bPassword = Convert.FromBase64String(passwordBase64);
                String password  = Encoding.UTF8.GetString(bPassword);

                if (password.Length < 8)
                {
                    LoggerBundle.Trace("Validation failed: password needs to be at least 8 characters long");
                    return(StatusCode((Int32)HttpStatusCode.BadRequest));
                }

                if (!new Regex("[0-9]").IsMatch(password))
                {
                    LoggerBundle.Trace("Validation failed: password must contain at least one number");
                    return(StatusCode((Int32)HttpStatusCode.BadRequest));
                }

                if (!new Regex("[a-zA-Z]").IsMatch(password))
                {
                    LoggerBundle.Trace("Validation failed: password must contain at least one letter");
                    return(StatusCode((Int32)HttpStatusCode.BadRequest));
                }

                if (!new Regex("[^a-zA-Z0-9]").IsMatch(password))
                {
                    LoggerBundle.Trace("Validation failed: password must contain at least one special character");
                    return(StatusCode((Int32)HttpStatusCode.BadRequest));
                }

                using (DataContext dc = DataContextFactory.GetInstance())
                {
                    Invite invite = dc.SetInvites.Include(x => x.CreateUser)
                                    .Include(x => x.RegisteredUser)
                                    .Where(x => x.CreateUser.CanInvite)
                                    .FirstOrDefault(x => x.Token.Equals(token));

                    if (null == invite)
                    {
                        LoggerBundle.Trace($"No invite found for given token '{token}'");
                        return(StatusCode((Int32)HttpStatusCode.NotFound));
                    }

                    if (null != invite.RegisteredUser)
                    {
                        LoggerBundle.Trace($"Invite with token '{token}' has already been used");
                        return(StatusCode((Int32)HttpStatusCode.Conflict));
                    }

                    if (invite.ExpirationDate < DateTime.Now)
                    {
                        LoggerBundle.Trace($"Invite with token '{token}' has expired");
                        return(StatusCode((Int32)HttpStatusCode.BadRequest));
                    }

                    String passwordHash = new Sha512HashPipe().Process(password);

                    User newUser = new User
                    {
                        Password    = passwordHash
                        , Username  = username
                        , CanInvite = false
                        , Invite    = invite
                    };

                    dc.SetUsers.Add(newUser);
                    dc.SaveChanges();
                    return(Ok());
                }
            }
            catch (Exception ex)
            {
                return(HandleException(ex));
            }
        }
Пример #3
0
        private void AddUser()
        {
            LoggerBundle.Debug("Starting process to add new user...");
            try
            {
                // read username
                LoggerBundle.Inform(Logger.DefaultLogFlags & ~LogFlags.SuffixNewLine, "Enter a username: "******"";

                if (String.IsNullOrWhiteSpace(username))
                {
                    LoggerBundle.Fatal(new ArgumentException("Username cannot be empty"));
                    Environment.Exit(1);
                }

                // check existance
                LoggerBundle.Debug("Checking if user already exists...");
                Boolean exists;
                using (DataContext dataContext = DataContextFactory.GetInstance())
                {
                    exists = dataContext.SetUsers.Any(x => x.Username.ToLower().Equals(username.ToLower()));
                }
                if (exists)
                {
                    LoggerBundle.Fatal(new ArgumentException("Username already exists"));
                    Environment.Exit(1);
                }

                LoggerBundle.Trace("User not found database. Allowed to proceed forward");

                // get password
                LoggerBundle.Inform(Logger.DefaultLogFlags & ~LogFlags.SuffixNewLine, "Enter a password: "******"Confirm password: "******"Passwords do not match"));
                    Environment.Exit(1);
                }

                // hash password
                Sha512HashPipe hashPipe = new Sha512HashPipe();
                String         hashedPw = hashPipe.Process(pw1);

                // save model
                User user = new User
                {
                    Username   = username
                    , Password = hashedPw
                };
                using (DataContext dataContext = DataContextFactory.GetInstance())
                {
                    dataContext.SetUsers.Add(user);
                    dataContext.SaveChanges();
                }
                LoggerBundle.Inform(
                    $"Successfully created user '{user.Username}' created with unique identifier '{user.UniqueId}'");
            }
            catch (Exception ex)
            {
                LoggerBundle.Error(ex);
            }
        }