/// <summary>
/// 作为注册用户登录
/// </summary>
/// <param name="userDto">用户信息</param>
/// <returns>异步获取Token的任务,发生错误时返回错误信息</returns>
public async Task <(AccessTokenResponseDto, Dictionary <string, string> error)> LoginAsRegisteredUserAsync(UserLoginRequestDto userDto)
{
User user = await _dbContext.User
.FirstOrDefaultAsync(u => u.Username == userDto.Username);
if (user != null &&
ValidatePassword(userDto.Password, user.Salt, user.PasswordHash))
{
AccessTokenResponseDto tokenDto = new AccessTokenResponseDto
{
AccessToken = await _tokenAuthService.GenerateAccessTokenAsync(user),
RefreshToken = await _tokenAuthService.GenerateRefreshTokenAsync(user)
};
return(tokenDto, null);
}
else
{
// 用户名或密码错误
var error = new Dictionary <string, string>
{
["username"] = _msg.GetMessage("E001", "用户名或密码")
};
return(null, error);
}
}
/// <summary>
/// 用户注册
/// </summary>
/// <param name="userDto">用于注册的用户信息</param>
/// <returns>异步获取Token的任务,如果发生异常则会返回错误信息</returns>
public async Task <(AccessTokenResponseDto, Dictionary <string, string>)> RegisterAsync(UserRegisterRequestDto userDto)
{
// 如果用户不是通过浏览器在请求接口,失去焦点时验证用户名的动作就没意义
var error = await ValidateUsernameAsync(userDto.Username);
if (!string.IsNullOrEmpty(error))
{
return(null, new Dictionary <string, string>
{
["username"] = error
});
}
// 验证验证码
error = await ValidateCaptchaAsync(userDto.CaptchaId, userDto.CaptchaText);
if (!string.IsNullOrEmpty(error))
{
return(null, new Dictionary <string, string>
{
["captcha"] = error
});
}
try
{
Guid salt = Guid.NewGuid();
var user = new User
{
Username = userDto.Username,
PasswordHash = GeneratePasswordHash(userDto.Password, salt.ToString()),
Salt = salt.ToString(),
// 默认为普通用户
RoleId = (int)Roles.User
};
_dbContext.User.Add(user);
await _dbContext.SaveChangesAsync();
var token = new AccessTokenResponseDto
{
AccessToken = await _tokenAuthService.GenerateAccessTokenAsync(user),
RefreshToken = await _tokenAuthService.GenerateRefreshTokenAsync(user)
};
return(token, null);
}
catch
{
// 因为是多线程,依旧可能用户名重复
// 用户名重复会导致异常
return(null, new Dictionary <string, string>
{
["username"] = _msg.GetMessage("E003", "用户名")
});
}
}
/// <summary>
/// 更新用户密码
/// </summary>
/// <param name="uid">用户ID</param>
/// <param name="newPassword">新密码</param>
/// <returns>用于更新密码的任务,如果成功则返回新的TOKEN</returns>
public async Task <AccessTokenResponseDto> UpdatePasswordAsync(int uid, string newPassword)
{
var user = await _dbContext.User.FindAsync(uid);
Guid salt = Guid.NewGuid();
user.Salt = salt.ToString();
user.PasswordHash = PasswordHelper.GeneratePasswordHash(newPassword, user.Salt);
_dbContext.User.Update(user);
await _dbContext.SaveChangesAsync();
return(new AccessTokenResponseDto
{
AccessToken = await _tokenAuthService.GenerateAccessTokenAsync(user),
RefreshToken = await _tokenAuthService.GenerateRefreshTokenAsync(user)
});
}