public static async Task ChangePasswordAsync(string sessionToken, string oldPassword, string newPassword)
{
Authorization.CheckAuthorization(sessionToken, MethodBase.GetCurrentMethod());
var login = await QueryAliveSessionAsync(sessionToken).ConfigureAwait(false)
?? throw new LogicException(ErrorType.InvalidToken);
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = Authorization.SystemAuthorizationToken
};
var identity = identityCtrl.ExecuteQueryById(login.IdentityId);
if (identity != null)
{
if (ComparePasswords(identity.PasswordHash, CalculateHash(oldPassword)) == false)
{
throw new LogicException(ErrorType.InvalidPassword);
}
identity.Password = newPassword;
await identityCtrl.UpdateAsync(identity).ConfigureAwait(false);
await identityCtrl.SaveChangesAsync().ConfigureAwait(false);
if (login.Identity != null)
{
login.Identity.PasswordHash = CalculateHash(newPassword);
}
}
}
public static async Task ResetForAsync(string sessionToken, string email)
{
Authorization.CheckAuthorization(sessionToken, MethodBase.GetCurrentMethod());
var login = await QueryAliveSessionAsync(sessionToken).ConfigureAwait(false)
?? throw new LogicException(ErrorType.InvalidToken);
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = sessionToken
};
var identity = identityCtrl.ExecuteQuery(e => e.State == Contracts.Modules.Common.State.Active &&
e.Email.ToLower() == email.ToLower())
.FirstOrDefault();
if (identity == null)
{
throw new LogicException(ErrorType.InvalidAccount);
}
identity.AccessFailedCount = 0;
await identityCtrl.UpdateAsync(identity).ConfigureAwait(false);
await identityCtrl.SaveChangesAsync().ConfigureAwait(false);
}
public static async Task ChangePasswordForAsync(string sessionToken, string email, string newPassword)
{
await Authorization.CheckAuthorizationAsync(sessionToken, MethodBase.GetCurrentMethod(), AccessType.Update).ConfigureAwait(false);
var login = await QueryAliveSessionAsync(sessionToken).ConfigureAwait(false)
?? throw new AuthorizationException(ErrorType.InvalidToken);
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = sessionToken
};
var identity = await identityCtrl.ExecuteFirstOrDefaultAsync(e => e.State == Contracts.Modules.Common.State.Active &&
e.AccessFailedCount < 4 &&
e.Email.ToLower() == email.ToLower())
.ConfigureAwait(false);
if (identity == null)
{
throw new AuthorizationException(ErrorType.InvalidAccount);
}
identity.AccessFailedCount = 0;
identity.Password = newPassword;
await identityCtrl.UpdateAsync(identity).ConfigureAwait(false);
await identityCtrl.SaveChangesAsync().ConfigureAwait(false);
if (login.Identity != null)
{
var(Hash, Salt) = CreatePasswordHash(newPassword);
login.Identity.PasswordHash = Hash;
login.Identity.PasswordSalt = Salt;
}
}
public static async Task ChangePasswordAsync(string sessionToken, string oldPassword, string newPassword)
{
await Authorization.CheckAuthorizationAsync(sessionToken, MethodBase.GetCurrentMethod(), AccessType.Update).ConfigureAwait(false);
var login = await QueryAliveSessionAsync(sessionToken).ConfigureAwait(false)
?? throw new AuthorizationException(ErrorType.InvalidToken);
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = Authorization.SystemAuthorizationToken
};
var identity = await identityCtrl.ExecuteFirstOrDefaultAsync(e => e.Id == login.IdentityId)
.ConfigureAwait(false);
if (identity != null)
{
if (VerifyPasswordHash(oldPassword, identity.PasswordHash, identity.PasswordSalt) == false)
{
throw new AuthorizationException(ErrorType.InvalidPassword);
}
identity.Password = newPassword;
await identityCtrl.UpdateAsync(identity).ConfigureAwait(false);
await identityCtrl.SaveChangesAsync().ConfigureAwait(false);
if (login.Identity != null)
{
var(Hash, Salt) = CreatePasswordHash(newPassword);
login.Identity.PasswordHash = Hash;
login.Identity.PasswordSalt = Salt;
}
}
}
internal static async Task <LoginSession> QueryLoginByEmailAsync(string email, string password)
{
email.CheckArgument(nameof(email));
password.CheckArgument(nameof(password));
var result = default(LoginSession);
var querySession = await QueryAliveSessionAsync(email, password).ConfigureAwait(false);
if (querySession == null)
{
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = Authorization.SystemAuthorizationToken,
};
var identity = identityCtrl.ExecuteQuery(e => e.State == Contracts.Modules.Common.State.Active &&
e.AccessFailedCount < 4 &&
e.Email.ToLower() == email.ToLower()).FirstOrDefault();
if (identity != null && VerifyPasswordHash(password, identity.PasswordHash, identity.PasswordSalt))
{
using var sessionCtrl = new Controllers.Persistence.Account.LoginSessionController(identityCtrl);
var session = new LoginSession();
session.Identity = identity;
session.Roles.AddRange(await QueryIdentityRolesAsync(sessionCtrl, identity.Id).ConfigureAwait(false));
session.JsonWebToken = JsonWebToken.GenerateToken(new Claim[]
{
new Claim(ClaimTypes.Email, identity.Email),
new Claim(ClaimTypes.System, nameof(QuickNSmart)),
}.Union(session.Roles.Select(e => new Claim(ClaimTypes.Role, e.Designation))));
var entity = await sessionCtrl.ExecuteInsertAsync(session).ConfigureAwait(false);
if (identity.AccessFailedCount > 0)
{
identity.AccessFailedCount = 0;
await identityCtrl.ExecuteUpdateAsync(identity).ConfigureAwait(false);
}
await sessionCtrl.SaveChangesAsync().ConfigureAwait(false);
result = new LoginSession();
result.CopyProperties(session);
LoginSessions.Add(session);
}
}
else if (VerifyPasswordHash(password, querySession.PasswordHash, querySession.PasswordSalt))
{
result = new LoginSession();
result.CopyProperties(querySession);
}
return(result);
}
internal static async Task <LoginSession> QueryLoginByEmailAsync(string email, string password, string optionalInfo)
{
email.CheckArgument(nameof(email));
password.CheckArgument(nameof(password));
var result = default(LoginSession);
var querySession = await QueryAliveSessionAsync(email, password).ConfigureAwait(false);
if (querySession == null)
{
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = Authorization.SystemAuthorizationToken,
};
var identity = await identityCtrl.GetValidIdentityByEmail(email)
.ConfigureAwait(false);
if (identity != null &&
VerifyPasswordHash(password, identity.PasswordHash, identity.PasswordSalt))
{
var session = new LoginSession();
using var sessionCtrl = new Controllers.Persistence.Account.LoginSessionController(identityCtrl);
session.Identity = identity;
session.Roles.AddRange(identity.IdentityXRoles.Select(e => Role.Create(e.Role)));
session.JsonWebToken = JsonWebToken.GenerateToken(new Claim[]
{
new Claim(ClaimTypes.Email, identity.Email),
new Claim(ClaimTypes.System, nameof(QnSProjectAward)),
}.Union(session.Roles.Select(e => new Claim(ClaimTypes.Role, e.Designation))));
session.OptionalInfo = optionalInfo;
var entity = await sessionCtrl.ExecuteInsertEntityAsync(session).ConfigureAwait(false);
if (identity.AccessFailedCount > 0)
{
identity.AccessFailedCount = 0;
await identityCtrl.ExecuteUpdateAsync(identity).ConfigureAwait(false);
}
await sessionCtrl.SaveChangesAsync().ConfigureAwait(false);
result = new LoginSession();
result.CopyProperties(session);
LoginSessions.Add(session);
}
}
else if (VerifyPasswordHash(password, querySession.PasswordHash, querySession.PasswordSalt))
{
result = new LoginSession();
result.CopyProperties(querySession);
}
return(result);
}
public async static Task <ILoginSession> LogonAsync(string jsonWebToken)
{
jsonWebToken.CheckArgument(nameof(jsonWebToken));
var result = default(LoginSession);
if (JsonWebToken.CheckToken(jsonWebToken, out SecurityToken validatedToken))
{
if (validatedToken.ValidTo < DateTime.UtcNow)
{
throw new LogicException(ErrorType.AuthorizationTimeOut);
}
var jwtValidatedToken = validatedToken as JwtSecurityToken;
if (jwtValidatedToken != null)
{
var email = jwtValidatedToken.Claims.FirstOrDefault(e => e.Type == ClaimTypes.Email);
if (email != null && email.Value != null)
{
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = Authorization.SystemAuthorizationToken
};
var identity = identityCtrl.ExecuteQuery(e => e.State == Contracts.Modules.Common.State.Active &&
e.EnableJwtAuth == true &&
e.Email.ToLower() == email.Value.ToString().ToLower())
.ToList()
.FirstOrDefault();
if (identity != null)
{
var login = await QueryLoginAsync(identity.Email, identity.PasswordHash).ConfigureAwait(false);
if (login != null)
{
result = new LoginSession();
result.CopyProperties(login);
result.IsRemoteAuth = true;
}
}
}
}
}
else
{
throw new LogicException(ErrorType.InvalidJsonWebToken);
}
return(result ?? throw new LogicException(ErrorType.InvalidAccount));
}
internal static async Task <LoginSession> QueryLoginAsync(string email, byte[] calculatedHash)
{
email.CheckArgument(nameof(email));
calculatedHash.CheckArgument(nameof(calculatedHash));
var result = await QueryAliveSessionAsync(email, calculatedHash).ConfigureAwait(false);
if (result == null)
{
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = Authorization.SystemAuthorizationToken,
};
var identity = identityCtrl.ExecuteQuery(e => e.State == Contracts.Modules.Common.State.Active &&
e.AccessFailedCount < 4 &&
e.Email.ToLower() == email.ToLower() &&
e.PasswordHash == calculatedHash).FirstOrDefault();
if (identity != null)
{
using var sessionCtrl = new Controllers.Persistence.Account.LoginSessionController(identityCtrl);
var session = new LoginSession();
session.IdentityId = identity.Id;
session.Name = identity.Name;
session.Email = identity.Email;
session.Roles.AddRange(await QueryIdentityRolesAsync(sessionCtrl, identity.Id).ConfigureAwait(false));
var entity = await sessionCtrl.ExecuteInsertAsync(session).ConfigureAwait(false);
if (identity.AccessFailedCount > 0)
{
identity.AccessFailedCount = 0;
await identityCtrl.ExecuteUpdateAsync(identity).ConfigureAwait(false);
}
await sessionCtrl.SaveChangesAsync().ConfigureAwait(false);
result = new LoginSession();
result.CopyProperties(session);
result.Name = identity.Name;
result.Email = identity.Email;
result.Roles.AddRange(session.Roles);
result.JsonWebToken = JsonWebToken.GenerateToken(new Claim[]
{
new Claim(ClaimTypes.Email, identity.Email),
new Claim(ClaimTypes.System, nameof(QnSHolidayCalendar)),
}.Union(result.Roles.Select(e => new Claim(ClaimTypes.Role, e.Designation))));
LoginSessions.Add(result);
}
}
return(result);
}
internal static async Task <LoginSession> QueryAliveSessionAsync(string email, byte[] calculatedHash)
{
email.CheckArgument(nameof(email));
calculatedHash.CheckArgument(nameof(calculatedHash));
LoginSession result = LoginSessions.FirstOrDefault(e => e.IsActive &&
e.Email.Equals(email, StringComparison.CurrentCultureIgnoreCase) &&
e.PasswordHash == calculatedHash);
if (result == null)
{
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = Authorization.SystemAuthorizationToken,
};
var identity = identityCtrl.ExecuteQuery(e => e.State == Contracts.Modules.Common.State.Active &&
e.AccessFailedCount < 4 &&
e.Email.ToLower() == email.ToLower() &&
e.PasswordHash == calculatedHash).FirstOrDefault();
if (identity != null)
{
using var sessionCtrl = new Controllers.Persistence.Account.LoginSessionController(identityCtrl);
var session = sessionCtrl.ExecuteQuery(e => e.LogoutTime == null &&
e.IdentityId == identity.Id)
.ToList()
.FirstOrDefault(e => e.IsActive);
if (session != null)
{
result = new LoginSession();
result.CopyProperties(session);
result.Identity = new Identity();
result.Identity.CopyProperties(identity);
result.Name = identity.Name;
result.Email = identity.Email;
result.Roles.AddRange(await QueryIdentityRolesAsync(sessionCtrl, identity.Id).ConfigureAwait(false));
result.JsonWebToken = JsonWebToken.GenerateToken(new Claim[]
{
new Claim(ClaimTypes.Email, identity.Email),
}.Union(result.Roles.Select(e => new Claim(ClaimTypes.Role, e.Designation))));
LoginSessions.Add(result);
}
}
}
return(result);
}
internal static async Task <LoginSession> QueryAliveSessionAsync(string email, string password)
{
email.CheckArgument(nameof(email));
password.CheckArgument(nameof(password));
var result = LoginSessions.FirstOrDefault(e => e.IsActive &&
e.Email.Equals(email, StringComparison.CurrentCultureIgnoreCase));
if (result == null)
{
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(Factory.CreateContext())
{
SessionToken = Authorization.SystemAuthorizationToken,
};
var identity = await identityCtrl.ExecuteFirstOrDefaultAsync(e => e.State == Contracts.Modules.Common.State.Active &&
e.AccessFailedCount < 4 &&
e.Email.ToLower() == email.ToLower())
.ConfigureAwait(false);
if (identity != null &&
VerifyPasswordHash(password, identity.PasswordHash, identity.PasswordSalt))
{
using var sessionCtrl = new Controllers.Persistence.Account.LoginSessionController(identityCtrl);
var session = await sessionCtrl.ExecuteFirstOrDefaultAsync(e => e.LogoutTime == null &&
e.IdentityId == identity.Id)
.ConfigureAwait(false);
if (session != null &&
session.IsActive)
{
session.Identity = identity;
session.Roles.AddRange(await QueryIdentityRolesAsync(sessionCtrl, identity.Id).ConfigureAwait(false));
session.JsonWebToken = JsonWebToken.GenerateToken(new Claim[]
{
new Claim(ClaimTypes.Email, identity.Email),
new Claim(ClaimTypes.System, nameof(QnSProjectAward)),
}.Union(session.Roles.Select(e => new Claim(ClaimTypes.Role, e.Designation))));
result = new LoginSession();
result.CopyProperties(session);
LoginSessions.Add(session);
}
}
}
return(result);
}
internal static async Task <LoginSession> QueryAliveSessionAsync(string sessionToken)
{
LoginSession result = LoginSessions.FirstOrDefault(ls => ls.IsActive &&
ls.SessionToken.Equals(sessionToken));
if (result == null)
{
using var sessionCtrl = new Controllers.Persistence.Account.LoginSessionController(Factory.CreateContext())
{
SessionToken = Authorization.SystemAuthorizationToken
};
var session = sessionCtrl.ExecuteQuery(e => e.SessionToken.Equals(sessionToken))
.ToList()
.FirstOrDefault(e => e.IsActive);
if (session != null)
{
using var identityCtrl = new Controllers.Persistence.Account.IdentityController(sessionCtrl);
var identity = identityCtrl.ExecuteQuery(e => e.Id == session.IdentityId).FirstOrDefault();
if (identity != null)
{
session.Name = identity.Name;
session.Email = identity.Email;
session.Roles.AddRange(await QueryIdentityRolesAsync(sessionCtrl, identity.Id).ConfigureAwait(false));
session.JsonWebToken = JsonWebToken.GenerateToken(new Claim[]
{
new Claim(ClaimTypes.Email, identity.Email),
new Claim(ClaimTypes.System, nameof(QuickNSmart)),
}.Union(session.Roles.Select(e => new Claim(ClaimTypes.Role, e.Designation))));
result = new LoginSession();
result.CopyProperties(session);
LoginSessions.Add(session);
}
}
}
return(result);
}
public static Contracts.Client.IControllerAccess <I> Create <I>(object sharedController) where I : Contracts.IIdentifiable
{
Contracts.Client.IControllerAccess <I> result;
if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Language.ITranslation))
{
result = new Controllers.Persistence.Language.TranslationController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Data.IBinaryData))
{
result = new Controllers.Persistence.Data.BinaryDataController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Configuration.IIdentitySetting))
{
result = new Controllers.Persistence.Configuration.IdentitySettingController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Configuration.ISetting))
{
result = new Controllers.Persistence.Configuration.SettingController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.App.IAward))
{
result = new Controllers.Persistence.App.AwardController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.App.IJuror))
{
result = new Controllers.Persistence.App.JurorController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.App.IMember))
{
result = new Controllers.Persistence.App.MemberController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.App.IProject))
{
result = new Controllers.Persistence.App.ProjectController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.App.IRating))
{
result = new Controllers.Persistence.App.RatingController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Account.IAccess))
{
result = new Controllers.Persistence.Account.AccessController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Account.IActionLog))
{
result = new Controllers.Persistence.Account.ActionLogController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Account.IIdentity))
{
result = new Controllers.Persistence.Account.IdentityController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Account.IIdentityXRole))
{
result = new Controllers.Persistence.Account.IdentityXRoleController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Account.ILoginSession))
{
result = new Controllers.Persistence.Account.LoginSessionController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Account.IRole))
{
result = new Controllers.Persistence.Account.RoleController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Persistence.Account.IUser))
{
result = new Controllers.Persistence.Account.UserController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Business.Account.IAppAccess))
{
result = new Controllers.Business.Account.AppAccessController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else if (typeof(I) == typeof(QnSProjectAward.Contracts.Business.Account.IIdentityUser))
{
result = new Controllers.Business.Account.IdentityUserController(sharedController as Controllers.ControllerObject) as Contracts.Client.IControllerAccess <I>;
}
else
{
throw new Logic.Modules.Exception.LogicException(Modules.Exception.ErrorType.InvalidControllerType);
}
return(result);
}
