public void AuthToken(ref HttpRequest request) { string message = null; string admin_email = request.FormField("admin_email"); string admin_password = request.FormField("admin_password"); AdminCache admin = new AdminCache(); admin.admin_role = "admin"; if (Database.admin.SelectAdmin(ref admin_email, ref admin)) { if (Validator.VerifyHashedPassword(ref admin.admin_password, ref admin_password)) { string admin_bearer_token = AdminPanel.AddAdminSession(admin.admin_role, admin_email); request.ResponseJsonData(admin_bearer_token); Logger.WriteLog("Auth token for admin.admin_email->" + admin.admin_email, LogLevel.Usual); return; } else { message = "Wrong password."; } } else { message = "Server can't identify admin. Invalid email."; } request.ResponseJsonAnswer(false, message); Logger.WriteLog(message, LogLevel.Usual); }
public static void AddAdmin(string email, string password) { string message = string.Empty; if (Validator.ValidatePassword(ref password, ref message)) { if (!Database.admin.CheckAdminByEmail(email)) { AdminCache admin = new AdminCache(); admin.admin_email = email; admin.admin_password = Validator.HashPassword(ref password); admin.admin_created_at = (int)(DateTime.Now - new DateTime(1970, 1, 1, 1, 1, 1)).TotalSeconds; admin.admin_role = "admin"; admin.recovery_code = 0; Database.admin.AddAdmin(ref admin); Logger.WriteLog("Add new admin to server, admin_id=" + admin.admin_id, LogLevel.Usual); return; } else { message = "Server have this admin address. Check admin_email or admin_login."; } } Logger.WriteLog(message, LogLevel.Warning); }
public bool ChangePassword(AdminCache cache, ref string message) { Admin admin = context.Admins.Where(a => a.recoveryCode == cache.recovery_code).FirstOrDefault(); if (admin != null) { if (cache.admin_password.Equals(cache.confirm_password)) { if (profileCondition.PasswordIsTrue(cache.admin_password, ref message)) { admin.adminPassword = profileCondition.HashPassword(cache.admin_password); admin.recoveryCode = null; context.Admins.Update(admin); context.SaveChanges(); log.Information("Change password for admin, id -> " + admin.adminId); return(true); } } else { message = "Passwords aren't equal to each other."; } } else { message = "Incorrect code entered"; } return(false); }
public ActionResult <dynamic> ChangePassword(AdminCache cache) { string message = null; if (admins.ChangePassword(cache, ref message)) { return(new { success = true, message = "Your password was changed." }); } return(Return500Error(message)); }
public ActionResult <dynamic> RecoveryPassword(AdminCache cache) { string message = null; if (admins.RecoveryPassword(cache.admin_email, ref message)) { return(new { success = true, message = "Every thing is fine. Check your email to get recovery code." }); } return(Return500Error(message)); }
public ActionResult <dynamic> SignIn(AdminCache cache) { string message = string.Empty; string authToken = admins.AuthToken(cache, ref message); if (!string.IsNullOrEmpty(authToken)) { return(new { success = true, data = new { auth_token = authToken } }); } return(Return500Error(message)); }
public ActionResult <dynamic> AuthToken(AdminCache cache) { Admin admin = null; string message = string.Empty, authToken; if ((authToken = module.AuthToken(cache, ref admin, ref message)) != null) { return new { success = true, data = new { auth_token = authToken } } } ; return(Error500(message)); }
public string AuthToken(AdminCache cache, ref string message) { Admin admin = GetNonDelete(cache.admin_email, ref message); if (admin != null) { if (profileCondition.VerifyHashedPassword(admin.adminPassword, cache.admin_password)) { return(Token(admin)); } else { message = "Wrong password."; } } return(string.Empty); }
public void RecoveryPassword(ref HttpRequest request) { string admin_email = request.FormField("admin_email"); AdminCache admin = new AdminCache(); if (Database.admin.SelectAdmin(ref admin_email, ref admin)) { admin.recovery_code = Validator.random.Next(100000, 999999); MailF.SendEmail(admin.admin_email, "Recovery password", "Recovery code=" + admin.recovery_code); Database.admin.UpdateRecoveryCode(admin.admin_id, admin.recovery_code); request.ResponseJsonAnswer(true, "Recovery password. Send message with code to email=" + admin.admin_email); Logger.WriteLog("Recovery password, admin_id=" + admin.admin_id, LogLevel.Usual); } else { request.ResponseJsonAnswer(false, "No admin with that email."); Logger.WriteLog("No admin with that email.", LogLevel.Error); } }
public Admin CreateAdmin(AdminCache cache, ref string message) { if (profileCondition.EmailIsTrue(cache.admin_email, ref message) && FullNameIsTrue(cache.admin_fullname, ref message) && profileCondition.PasswordIsTrue(cache.admin_password, ref message)) { if (GetNonDelete(cache.admin_email, ref message) == null) { cache.admin_fullname = WebUtility.UrlDecode(cache.admin_fullname); Admin admin = AddAdmin(cache); return(admin); } else { message = "Admin with this email is exist"; } } return(null); }
public Admin AddAdmin(AdminCache cache) { Admin admin = new Admin() { adminEmail = cache.admin_email, adminFullname = cache.admin_fullname, adminPassword = profileCondition.HashPassword(cache.admin_password), adminRole = "default", passwordToken = profileCondition.CreateHash(10), createdAt = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds(), lastLoginAt = 0, recoveryCode = null, deleted = false, }; context.Admins.Add(admin); context.SaveChanges(); log.Information("Add new admin, id -> " + admin.adminId); return(admin); }
public void ChangePassword(ref HttpRequest request) { string message = null; string recovery_token = request.FormField("recovery_token"); AdminCache admin = new AdminCache(); if (Database.admin.SelectByRecoveryToken(ref recovery_token, ref admin)) { string admin_password = request.FormField("admin_password"); string admin_confirm_password = request.FormField("admin_confirm_password"); if (Validator.EqualsPasswords(ref admin_password, ref admin_confirm_password)) { if (Validator.ValidatePassword(ref admin_password, ref message)) { admin.admin_password = Validator.HashPassword(ref admin_password); Database.admin.UpdateRecoveryToken(admin.admin_id, ""); Database.admin.UpdateAdminPassword(admin.admin_id, admin.admin_password); Logger.WriteLog("Change admin password, admin_id=" + admin.admin_id, LogLevel.Usual); request.ResponseJsonAnswer(true, "Change admin password, admin_id=" + admin.admin_id); } else { message = "Validation password - unsuccessfully. " + message; } } else { message = "Password are not match to each other."; } } else { message = "Can't find user by recovery_token. Try again get request CheckRecoveryCode."; } request.ResponseJsonAnswer(false, message); Logger.WriteLog(message, LogLevel.Warning); }
public void CheckRecoveryCode(ref HttpRequest request) { string message = null; int recovery_code = 0; if (Int32.TryParse(request.FormField("recovery_code"), out recovery_code) && recovery_code != 0) { AdminCache admin = new AdminCache(); admin.admin_email = request.FormField("admin_email"); if (Database.admin.SelectAdmin(ref admin.admin_email, ref admin)) { if (admin.recovery_code == recovery_code) { admin.recovery_token = Validator.GenerateHash(40); Database.admin.UpdateRecoveryToken(admin.admin_id, admin.recovery_token); Database.admin.UpdateRecoveryCode(admin.admin_id, 0); request.ResponseJsonData(admin.recovery_token); Logger.WriteLog("Check recovery code - successfully", LogLevel.Usual); return; } else { message = "Recovery code doesn't match with server's code."; } } else { message = "Can't find this user by user_email."; } } else { message = "Server can't get recovery_code from request."; } request.ResponseJsonAnswer(false, message); Logger.WriteLog(message, LogLevel.Warning); }