public override bool AuthorizeAdmin(AuthorizationFilterContext context)
{
bool result = base.AuthorizeAdmin(context);
if (!result)
{
return(false);
}
string sessionId = context.HttpContext.Request.Cookies["SessionId"];
string userName = EncoderUtils.Base64Decode(sessionId.Split("-")[USER_NAME_INDEX]);
IUserDAO userDAO = context.HttpContext.RequestServices.GetRequiredService <IUserDAO>();
UserDBModel user = userDAO.GetUser(userName);
if (user.Role < ADMIN_ROLE)
{
CtfOptions ctfOptions = context.HttpContext.RequestServices.GetRequiredService <IOptions <CtfOptions> >().Value;
CtfChallangeModel ctfChallange = ctfOptions.CtfChallanges
.Where(x => x.Type == CtfChallengeTypes.ChangeRoleInCookie)
.Single();
context.HttpContext.Response.Headers.Add(ctfChallange.FlagKey, ctfChallange.Flag);
}
return(true);
}
private void AddCredit()
{
bool exists = _context.UserData
.Where(x => x.UserName == SecureBankConstants.CREDIT_USERNAME)
.Any();
if (exists)
{
return;
}
UserDBModel creditDbModel = new UserDBModel
{
Name = "credit",
Surname = "credit",
UserName = SecureBankConstants.CREDIT_USERNAME,
Password = Guid.NewGuid().ToString(),
Confirmed = true,
Role = 100
};
_context.UserData.Add(creditDbModel);
int changes = _context.SaveChanges();
if (changes <= 0)
{
throw new Exception("Failed to add credit");
}
}
public IActionResult Register(UserModel user)
{
UserDBModel db = new UserDBModel();
UserModel luser = db.UserRegister(user.fUsername, user.fPassword);
return(RedirectToAction("../Home/Index"));
}
private AuthResultModel GenerateAuthResultForUser(UserDBModel userModel)
{
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_jwtSettings.Secret));
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim("UserName", userModel.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, userModel.Email),
new Claim("PhoneNumber", userModel.PhoneNumber),
new Claim("id", userModel.Id),
}),
Expires = DateTime.UtcNow.AddHours(2),
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return(new AuthResultModel
{
Token = tokenHandler.WriteToken(token),
Success = true,
UserName = userModel.UserName,
});
}
public User(UserDBModel user)
{
Username = user.Username;
Password = user.Password;
Cash = user.Cash;
Admin = user.Admin;
}
public IActionResult Login(UserModel user)
{
if (user.fUsername != null && user.fPassword != null)
{
UserDBModel db = new UserDBModel();
UserModel luser = db.UserLogin(user.fUsername, user.fPassword);
if (luser.fUsername != null)
{
Response.Cookies.Append("user", luser.fUsername);
Response.Cookies.Append("userID", luser.fID);
if (db.AdminChecking(luser.fUsername, luser.fPassword))
{
string id = luser.fID;
return(Redirect(@"../Admin/Index/?id=" + id));
}
return(Redirect("../Home/Index/?id=" + luser.fID));
}
else
{
ModelState.AddModelError("", "Wrong username or password");
}
}
else
{
ModelState.AddModelError("", "should not empty username or password");
}
return(RedirectToAction("../User/Login/"));
}
public async Task <ChangedInformationResultModel> RegisterAsync(RegUserRequest userInfo)
{
var existingUser = await _userManager.FindByEmailAsync(userInfo.Email);
if (existingUser != null)
{
return(new ChangedInformationResultModel {
Success = false, ErrorsMessages = new[] { "User with this email addres already exist" }
});
}
var userName = userInfo.Email.Substring(0, userInfo.Email.LastIndexOf('@'));
var newUser = new UserDBModel
{
Email = userInfo.Email,
UserName = userName,
FirstName = userInfo.FirstName,
LastName = userInfo.LastName,
PhoneNumber = userInfo.PhoneNumber,
};
var createdUser = await _userManager.CreateAsync(newUser, userInfo.Password);
if (!createdUser.Succeeded)
{
return(new ChangedInformationResultModel {
Success = false, ErrorsMessages = createdUser.Errors.Select(x => x.Description)
});
}
return(new ChangedInformationResultModel {
Success = true
});
}
public ActionResult GetData()
{
using (UserDBModel db = new UserDBModel())
{
List <UserCourse> courList = db.UserCourses.ToList <UserCourse>();
return(Json(new { data = courList }, JsonRequestBehavior.AllowGet));
}
}
public virtual Task <UserModel> Login(UserModel loginModel)
{
if (loginModel == null || string.IsNullOrEmpty(loginModel.UserName) || string.IsNullOrEmpty(loginModel.Password))
{
return(Task.FromResult <UserModel>(null));
}
var accessLogModel = new
{
Ip = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString(),
Username = loginModel.UserName,
Password = loginModel.Password
};
_accessLogger.Info($"{Newtonsoft.Json.JsonConvert.SerializeObject(accessLogModel)}");
if (!_userDAO.ValidatePassword(loginModel.UserName, loginModel.Password))
{
return(Task.FromResult <UserModel>(null));
}
UserDBModel userModel = _userDAO.GetUser(loginModel.UserName);
Random random = new Random();
var byteArray = new byte[256];
random.NextBytes(byteArray);
string cookie = Sha256HashUtils.ComputeSha256Hash(byteArray);
string inrole = userModel.Role > 0 ? "1" : "0";
if (userModel.Role > 50)
{
inrole = "100";
}
string allCookie = $"{EncoderUtils.Base64Encode(loginModel.UserName)}-{cookie}-{inrole}";
if (!_userDAO.SaveSession(cookie, DateTime.UtcNow.AddDays(1)))
{
return(Task.FromResult <UserModel>(null));
}
loginModel.Password = null;
loginModel.Cookie = allCookie;
loginModel.Status = "ok";
_httpContextAccessor.HttpContext.Response.Cookies.Append(AUTH_COOKIE, loginModel.Cookie, new CookieOptions
{
Expires = DateTime.Now.AddDays(3),
HttpOnly = false
});
return(Task.FromResult(loginModel));
}
public virtual UserModel GetUser(string userName)
{
UserDBModel user = _userDAO.GetUser(userName);
return(new UserModel
{
UserName = user.UserName,
Password = user.Password
});
}
public void CheckingExistUser()
{
UserDBModel db = new UserDBModel();
string username = "******";
bool um = db.UserNameExistChecking(username);
Assert.IsFalse(um); //false mean does not exist, true mean user exist
}
public IActionResult Edit(UserModel user)
{
UserDBModel db = new UserDBModel();
bool userEdit = db.EditUser(Int32.Parse(user.fID), user);
if (userEdit)
{
return(Redirect("Index/?Id=" + user.fID));
}
return(Redirect("Edit/?Id=" + user.fID));
}
public IActionResult Delete(int id, int value)
{
UserDBModel db = new UserDBModel();
bool removeUser = db.RemoveUserById(id.ToString());
if (removeUser)
{
return(Redirect(@"../Index/?id=" + value));
}
return(View("Cannot remove this user"));
}
public void RegisterTest()
{
UserDBModel db = new UserDBModel();
//Model that contains user details
string email = "*****@*****.**";
string password = "******";
UserModel um = db.UserRegister(email, password);
Assert.AreEqual(um.fUsername, email);
Assert.AreEqual(um.fPassword, password);
}
public void LoginTest()
{
UserDBModel db = new UserDBModel();
string email = "*****@*****.**";
string password = "******";
UserModel um = db.UserLogin(email, password);
Assert.AreEqual(um.fUsername, email);
Assert.AreEqual(um.fPassword, password);
}
public UserDBModel AddUserToDatabase(UserDBModel user)
{
string PasswordHash = SecurePasswordHasher.Hash(user.Pass);
user.Pass = PasswordHash;
user.Created = DateTime.Now;
user.IsVerify = false;
user.VeryficationToken = TokenManager.RandomTokenString();
_context.userDBModels.Add(user);
_context.SaveChanges();
return(user);
}
public IActionResult RegisterUser(UserDBModel user)
{
try
{
_userService.CreateAsync(user);
return(Ok(new { message = "Registration successful, please check your email for verification instructions" }));
}
catch (ApplicationException ex)
{
// return error message if there was an exception
return(BadRequest(new { message = ex.Message }));
}
}
public ActionResult AddOrEdit(int id = 0)
{
if (id == 0)
{
return(View(new UserCourse()));
}
else
{
using (UserDBModel db = new UserDBModel())
{
return(View(db.UserCourses.Where(x => x.CourseID == id).FirstOrDefault <UserCourse>()));
}
}
}
public UserDBModel CreateAsync(UserDBModel user)
{
// validation
_userAuthenticate.ValidateUser(user);
var newUser = _userAuthenticate.AddUserToDatabase(user);
var newMessage = _mailService.GenerateMessageForUserVerification(UserController.ClientBaseUrl, TokenManager.GenerateRegisterToken(newUser.VeryficationToken));
_mailService.SendMail(newUser.Email, newMessage.Item1, newMessage.Item2);
BackgroundTask task = new BackgroundTask(_logger, _scopeFactory);
Task.Factory.StartNew(() => task.RemoveUnverifiedUserAsync(user.VeryficationToken));
return(user);
}
public virtual bool UpdatePassword(string userName, string password)
{
UserDBModel user = GetUser(userName);
if (user == null)
{
return(false);
}
user.Password = password;
_portalDBContext.Entry(user).State = Microsoft.EntityFrameworkCore.EntityState.Modified;
int changes = _portalDBContext.SaveChanges();
return(changes > 0);
}
public virtual bool ConfirmToken(string userName)
{
UserDBModel user = GetUser(userName);
if (user == null)
{
return(false);
}
user.Confirmed = true;
_portalDBContext.Entry(user).State = Microsoft.EntityFrameworkCore.EntityState.Modified;
int changes = _portalDBContext.SaveChanges();
return(changes > 0);
}
public IActionResult Edit(int id = 0)
{
UserDBModel db = new UserDBModel();
if (Request.Cookies["userID"] != null)
{
id = Int32.Parse(Request.Cookies["userID"]);
}
else
{
return(RedirectToAction("/Home/Index/"));
}
UserModel user = db.GetUserById(id);
return(View(user));
}
public IActionResult Index(int id = 0)
{
if (Request.Cookies["userID"] != null)
{
string userID = Request.Cookies["userID"];
UserDBModel db = new UserDBModel();
UserModel user = db.GetUserById(Int32.Parse(userID));
//get the total novel uploaded
return(View(user));
}
else
{
return(RedirectToAction("/Home/Index/"));
}
}
public void ValidateUser(UserDBModel user)
{
if (string.IsNullOrWhiteSpace(user.Pass))
{
throw new ApplicationException("Password is required");
}
if (_context.userDBModels.Any(x => x.Name == user.Name))
{
throw new ApplicationException("Username " + user.Name + " is already taken");
}
if (_context.userDBModels.Any(x => x.Email == user.Email))
{
throw new ApplicationException("Email " + user.Email + " is already taken");
}
}
public ActionResult AddOrEdit(UserCourse cour)
{
using (UserDBModel db = new UserDBModel())
{
if (cour.CourseID == 0)
{
db.UserCourses.Add(cour);
db.SaveChanges();
return(Json(new { success = true, message = "Saved Successfully" }, JsonRequestBehavior.AllowGet));
}
else
{
db.Entry(cour).State = EntityState.Modified;
db.SaveChanges();
return(Json(new { success = true, message = "Book Successfully" }, JsonRequestBehavior.AllowGet));
}
}
}
public override bool AuthorizeAdmin(AuthorizationFilterContext context)
{
bool result = base.AuthorizeAdmin(context);
if (!result)
{
return(false);
}
IEnumerable <Claim> claims = _cookieService.GetClaims(context.HttpContext);
string userName = claims
.Where(x => x.Type == CookieConstants.USERNAME_CALIM_TYPE)
.Select(x => x.Value)
.SingleOrDefault();
IUserDAO userDAO = context.HttpContext.RequestServices.GetRequiredService <IUserDAO>();
UserDBModel user = userDAO.GetUser(userName);
if (_ctfOptions.CtfChallengeOptions.ChangeRoleInCookie)
{
if (user.Role < 50)
{
CtfOptions ctfOptions = context.HttpContext.RequestServices.GetRequiredService <IOptions <CtfOptions> >().Value;
CtfChallangeModel ctfChallange = ctfOptions.CtfChallanges
.Where(x => x.Type == CtfChallengeTypes.ChangeRoleInCookie)
.Single();
context.HttpContext.Response.Headers.Add(ctfChallange.FlagKey, ctfChallange.Flag);
}
}
else
{
if (user.Role < 50)
{
return(false);
}
}
return(true);
}
public IActionResult Index(string id = "0")
{
UserDBModel db = new UserDBModel();
if (Request.Cookies["userID"] != null)
{
id = Request.Cookies["userID"];
}
UserModel user = db.GetUserById(Int32.Parse(id));
List <UserModel> nv = db.GetAllUser(user.fUsername, user.fPassword);
if (!db.AdminChecking(Int32.Parse(id)))
{
return(RedirectToAction("../Home/Index"));
}
return(View(nv));
}
private void AddAdmin(string admin, string adminPassword)
{
if (string.IsNullOrEmpty(admin) || string.IsNullOrEmpty(adminPassword))
{
return;
}
bool exists = _context.UserData
.Where(x => x.UserName == admin)
.Any();
if (exists)
{
return;
}
UserDBModel adminDbModel = new UserDBModel
{
Name = "admin",
Surname = "admin",
UserName = admin,
Password = adminPassword,
Confirmed = true,
Role = 100
};
_context.UserData.Add(adminDbModel);
int changes = _context.SaveChanges();
if (changes <= 0)
{
throw new Exception("Failed to add admin");
}
GiveMoney(new List <string> {
adminDbModel.UserName
});
}
public virtual bool RegisterUser(UserModel userModel)
{
if (_portalDBContext.UserData.Any(t => t.UserName == userModel.UserName))
{
return(false);
}
UserDBModel user = new UserDBModel
{
Name = userModel.Name,
UserName = userModel.UserName,
Password = userModel.Password,
Surname = userModel.Surname,
Role = userModel.UserRight
};
_portalDBContext.UserData.Add(user);
int changes = _portalDBContext.SaveChanges();
return(changes > 0);
}
//return default user database index
private int GetDefaultUser()
{
SQLiteAsyncConnection db = UserDB;
try
{
UserDBModel user = db.GetAsync <UserDBModel>(1).Result;
int userid = user.userid;
if (userid == -1)
{
return(Constants.DEFAULT_USER_NOT_EXIST);
}
string queryString = "SELECT * From UserDBModel WHERE userid = ?";
var queryResult = UserDB.QueryAsync <UserDBModel>(queryString, user.userid).Result;
int DBIndex = queryResult[1].DBIndex;
return(DBIndex);
}
catch (AggregateException)
{
return(Constants.DEFAULT_USER_NOT_EXIST);
}
}
