public static string ValidateUser(LoginCredentialsModel user) /* Switch the empty string to authorization thingie :) */ { if (string.IsNullOrWhiteSpace(user.Username) || string.IsNullOrWhiteSpace(user.Password)) { return(null); } using (var con = GetConnection()) { using (var cmd = con.CreateCommand()) { cmd.CommandText = $"SELECT password FROM {DBCredentials.DB_userTable} WHERE username = '******'"; string passhash = (string)cmd.ExecuteScalar(); if (VerifyPassword(user.Password, passhash)) { var auth = GenerateUserAuthToken(); loggedInUsers.Add(auth, GetUser(user.Username)); return(auth); } else { return(null); } } } }
public VendorModel ValidateUser(LoginCredentialsModel loginVm) { using (Conn) { string query = "SELECT Vendor.ID,FRST_NME,LAST_NME,EMAIL,PHNE,BSNS_NME,USR_NME,PSWD,Address,CITY FROM Vendor left join Address on USER_ID = Vendor.ID where USR_NME = @USR_NME and Type ='Vendor'and Vendor.IsActive = 1"; return(Conn.QueryFirstOrDefault <VendorModel>(query, new { USR_NME = loginVm.Username })); } }
//User Validation public AdminModel ValidateUser(LoginCredentialsModel credentials) { using (Conn) { string query = @"SELECT * FROM Admin WHERE Username = @Username and IsActive = 1"; return(Conn.QueryFirstOrDefault <AdminModel>(query, new { credentials.Username })); } }
//User Validation*** public CustomerModel ValidateUser(LoginCredentialsModel credentials) { using (Conn) { string query = @"SELECT Customer.ID,FRST_NME,LAST_NME,EMAIL,PHNE,USR_NME,PSWD,Address,CITY FROM Customer left join Address on USER_ID = Customer.ID WHERE USR_NME = @Username and Type ='Customer' and Customer.IsActive = 1"; return(Conn.QueryFirstOrDefault <CustomerModel>(query, new { credentials.Username })); } }
public async Task <IActionResult> CreateToken([FromBody] LoginCredentialsModel model) { try { var user = await _userMgr.FindByNameAsync(model.Username); if (user != null) { var pass = await _userMgr.CheckPasswordAsync(user, model.Password); if (/*_hasher.VerifyHashedPassword(user, user.PasswordHash, model.Password) == PasswordVerificationResult.Success*/ pass) { var userClaims = await _userMgr.GetClaimsAsync(user); var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, user.UserName), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.GivenName, user.FirstName), new Claim(JwtRegisteredClaimNames.FamilyName, user.LastName), new Claim(JwtRegisteredClaimNames.Email, user.Email) }.Union(userClaims); var key = _config.GetSection("Tokens:key").Value; var iss = _config.GetSection("Tokens:Issuer").Value; var aud = _config.GetSection("Tokens:Audience").Value; var symKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); var creds = new SigningCredentials(symKey, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: iss, audience: aud, claims: claims, expires: DateTime.UtcNow.AddDays(1), signingCredentials: creds ); return(Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), expiration = token.ValidTo })); } } return(BadRequest("Invalid credentials.")); } catch (Exception e) { _logger.LogError($"Exception thrown while creating JWT: {e}"); ///TODO Handle exception return(BadRequest("Failed to generate token")); } }
public void SaveCredentials(LoginCredentialsModel loginCredentialsModel) { UserConnectionRepository.DropTable <LoginCredentialsModel>(); UserConnectionRepository.CreateTable <LoginCredentialsModel>(); UserConnectionRepository.Insert(new LoginCredentialsModel() { Login = loginCredentialsModel.Login, Password = loginCredentialsModel.Password }); }
private async Task <bool> IsValidUser(LoginCredentialsModel credentials) { var user = await userManager.FindByNameAsync(credentials.UserName); if (user != null) { return(await userManager.CheckPasswordAsync(user, credentials.Password)); } return(false); }
public IActionResult Authenticate([FromBody] LoginCredentialsModel model) { var user = _userService.Authenticate(model.Username, model.Password); if (user == null) { return(BadRequest(new { message = "Username or password is incorrect" })); } return(Ok(user)); }
public void CreateAndRemoveUser() { LoginCredentialsModel u = new LoginCredentialsModel { Username = $"Test User {Rand.Next(int.MaxValue)}", Password = "******" }; var user = ProcrastinatorCore.CreateUser(u); Assert.IsNotNull(ProcrastinatorCore.ValidateUser(u)); ProcrastinatorCore.RemoveUser(user.Id); }
private void UpdateCredentials(Guid employerId, LoginCredentials credentials, string loginId, string password, string confirmPassword, bool useLinkedInProfile) { if (credentials == null) { if (!string.IsNullOrEmpty(loginId) || !string.IsNullOrEmpty(password) || !string.IsNullOrEmpty(confirmPassword)) { // No existing credentials but trying to create some. var credentialsModel = new LoginCredentialsModel { LoginId = loginId, Password = password, ConfirmPassword = confirmPassword }; credentialsModel.Validate(); _loginCredentialsCommand.CreateCredentials(employerId, new LoginCredentials { LoginId = loginId, PasswordHash = LoginCredentials.HashToString(password) }); } } else { if (loginId != credentials.LoginId) { // Cannot remove the login id. if (string.IsNullOrEmpty(loginId)) { throw new ValidationErrorsException(new RequiredValidationError("LoginId")); } // Check not trying to someone else's login id. if (_loginCredentialsQuery.DoCredentialsExist(new LoginCredentials { LoginId = loginId })) { throw new DuplicateUserException(); } // Update the credentials. credentials.LoginId = loginId; _loginCredentialsCommand.UpdateCredentials(employerId, credentials, employerId); } // If not wanting to use LinkedIn any more then remove the profile. if (!useLinkedInProfile) { _linkedInCommand.DeleteProfile(employerId); } } }
public VendorModel Login(LoginCredentialsModel loginVm) { VendorModel vendorVm = vendordao.ValidateUser(loginVm); if (vendorVm != null) { if (PasswordHasher.ValidatePassword(loginVm.Password, vendorVm.PSWD)) { return(vendorVm); } } return(null); }
//User Login public CustomerModel Login(LoginCredentialsModel credentials) { CustomerModel customer = customerDao.ValidateUser(credentials); if (customer != null) { if (PasswordHasher.ValidatePassword(credentials.Password, customer.PSWD)) { return(customer); } } return(null); }
public HttpResponseMessage Login([FromBody] LoginCredentialsModel credentials) { if (credentials != null && !string.IsNullOrEmpty(credentials.Username)) { CustomerModel customer = customerManager.Login(credentials); if (customer == null) { var message = string.Format("Credentials are invalid!"); return(Request.CreateResponse(HttpStatusCode.NotFound, message)); } return(Request.CreateResponse(HttpStatusCode.OK, customer)); } return(Request.CreateErrorResponse(HttpStatusCode.NotAcceptable, "Invalid Credentials. No matching user found!")); }
public void TokenControllerShouldReturnATokenForValidCredentials() { var authController = new AuthController(new Logger <AuthController>(new LoggerFactory()), userManager.Object, mockConfig.Object); var userCred = new LoginCredentialsModel { Username = "******", Password = "******" }; var result = authController.CreateToken(userCred).Result; Assert.IsType <OkObjectResult>(result); Assert.Equal(200, ((OkObjectResult)result).StatusCode); Assert.NotNull(((OkObjectResult)result).Value); }
public AdminModel Login(LoginCredentialsModel credentials) { //string hashed = PasswordHasher.HashPassword(credentials.Password); AdminModel admin = adminDao.ValidateUser(credentials); if (admin != null) { if (PasswordHasher.ValidatePassword(credentials.Password, admin.Password)) { return(admin); } } return(null); }
public HttpResponseMessage Login([FromBody] LoginCredentialsModel loginVm) { //vendorManager.resetPass(); if (loginVm != null && !string.IsNullOrEmpty(loginVm.Username)) { VendorModel vendor = vendorManager.Login(loginVm); if (vendor == null) { var message = string.Format("user credential are invalid"); return(Request.CreateResponse(HttpStatusCode.NotFound, message)); } return(Request.CreateResponse(HttpStatusCode.OK, vendor)); } return(Request.CreateErrorResponse(HttpStatusCode.NotAcceptable, "invalid request")); }
internal static string ValidateUser(LoginCredentialsModel login) { login.Username = Sanitize(login.Username); //var userInfo = Users.Find(u => u.GetValue("username").Equals(login.Username)).First(); var userInfo = Users.Find("{ username : '******'}").FirstOrDefault(); if (userInfo == null || userInfo.IsBsonNull) { return(null); } if (VerifyPassword(login.Password, userInfo.GetValue("passHash").AsString)) { return(GetApiKey(userInfo.GetValue("id").AsString)); } return(null); }
public async Task <ActionResult> Login(LoginCredentialsModel model) { if (!ModelState.IsValid) { return(this.Fail(ModelState)); } // add your other custom logic here if (someLogic) { return(this.Success("your-message", additionalParams)); } else { return(this.Fail("custom-error-message", additionalParams)); } }
public void TokenControllerShouldRespondWithBadRequestForInvalidUser() { var authController = new AuthController(new Logger <AuthController>(new LoggerFactory()), userManager.Object, mockConfig.Object); userManager.Setup(x => x.FindByNameAsync(It.IsAny <string>())).Returns(Task.FromResult(default(PlanningUser))); var userCred = new LoginCredentialsModel { Username = "******", Password = "******" }; var result = authController.CreateToken(userCred).Result; Assert.IsType <BadRequestObjectResult>(result); Assert.Equal(400, ((BadRequestObjectResult)result).StatusCode); Assert.Equal("Invalid credentials.", ((BadRequestObjectResult)result).Value); }
public void TokenControllerShouldRespondWithBadRequestForInternalErros() { var authController = new AuthController(new Logger <AuthController>(new LoggerFactory()), userManager.Object, mockConfig.Object); userManager.Setup(x => x.FindByNameAsync(It.IsAny <string>())).Throws(new Exception()); var userCred = new LoginCredentialsModel { Username = "******", Password = "******" }; var result = authController.CreateToken(userCred).Result; Assert.IsType <BadRequestObjectResult>(result); Assert.Equal(400, ((BadRequestObjectResult)result).StatusCode); Assert.Equal("Failed to generate token", ((BadRequestObjectResult)result).Value); }
/// <summary> /// Create a new User /// </summary> /// <param name="user">User info</param> /// <returns>Created User</returns> public static User CreateUser(LoginCredentialsModel user) { using (var con = GetConnection()) { using (var cmd = con.CreateCommand()) { User newUser = new User(user.Username) { Id = GenerateID() }; cmd.CommandText = $"INSERT INTO {DBCredentials.DB_userTable} VALUES ('{newUser.Id}', '{Uri.EscapeDataString(user.Username)}', '{HashPassword(user.Password)}', '{{{string.Join(",", newUser.Claims)}}}')"; cmd.ExecuteNonQuery(); return(newUser); } } }
public async Task <IActionResult> Login(LoginCredentialsModel credentials) { var user = await _databaseContext.Users.FirstOrDefaultAsync(item => item.Username == credentials.Username); if (user != null && Bcr.BCrypt.Verify(credentials.Password, user.Password)) { const string issuer = "minitwit"; var claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, user.ID.ToString(), ClaimValueTypes.Integer, issuer), new Claim(ClaimTypes.Name, user.Username, ClaimValueTypes.String, issuer), new Claim(ClaimTypes.Email, user.Email, ClaimValueTypes.Email, issuer), new Claim(ClaimTypes.Role, AuthRoles.Registered, ClaimValueTypes.String, issuer) }; if (user.Username.Equals("admin", StringComparison.OrdinalIgnoreCase)) { claims.Add(new Claim(ClaimTypes.Role, AuthRoles.Administrator, ClaimValueTypes.String, issuer)); } var properties = new AuthenticationProperties { AllowRefresh = true, IssuedUtc = DateTimeOffset.UtcNow }; const string scheme = CookieAuthenticationDefaults.AuthenticationScheme; var identity = new ClaimsIdentity(claims, scheme); await HttpContext.SignInAsync(scheme, new ClaimsPrincipal(identity), properties); return(RedirectToAction("UserTimeline", "Timeline", new { user.Username })); } ViewData["title"] = "Login"; ViewData["messages"] = new List <string> { "Invalid login credentials" }; _logger.LogWarning($"Login failed using username: {credentials.Username}."); return(View()); }
internal static bool RegisterUser(LoginCredentialsModel login, string token = null) { Console.WriteLine($"Creating new User: {login.Username} Token: {token}"); bool requireToken = true; if (token == null) { requireToken = false; } try { UserModel referer = new UserModel(login.Username, ""); if (requireToken) { referer = ValidateRegistrationToken(token); } if (referer != null) { var userID = GetNewID(); var newUser = new BsonDocument { { "username", Sanitize(login.Username) }, { "id", userID }, { "passHash", HashPassword(login.Password) }, { "claims", new BsonArray(new string[0]) }, { "apiKeys", new BsonArray(new string[0]) }, { "regTokens", new BsonArray(new string[0]) }, }; Users.InsertOne(newUser); if (requireToken) { RemoveRegToken(token); } return(true); } return(false); }catch (Exception e) { Console.WriteLine(e.ToString()); return(false); } }
public async Task <IActionResult> Login([FromBody] LoginCredentialsModel credentials) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var isValid = await IsValidUser(credentials); if (!isValid) { return(BadRequest("provided credentials are not valid")); } var user = await userManager.FindByNameAsync(credentials.UserName); var token = jwtTokenFactory.CreateToken(user); return(Ok(token)); }
public AuthModule() : base("/auth") { Post("/login", p => { LoginCredentialsModel user = this.Bind <LoginCredentialsModel>(); if (user == null) { return new Response { StatusCode = HttpStatusCode.Unauthorized } } ; string apiKey = AobaCore.ValidateUser(user); if (apiKey == null) { return new Response { StatusCode = HttpStatusCode.Unauthorized } } ; if (user.AuthMode == AuthMode.API) { return(Response.AsJson(new { jwt = AobaCore.GetJWT(apiKey, 365) })); } else { var token = AobaCore.GetJWT(apiKey); return(new Response().WithHeader("Authorization", $"Bearer {token}").WithCookie("token", token)); } }); Get("/logout", _ => { return(new Response().WithCookie("token", "")); }); Post("/register/{token}", p => { LoginCredentialsModel user = this.Bind <LoginCredentialsModel>(); var token = (string)p.token; if (!string.IsNullOrWhiteSpace(token) && AobaCore.RegisterUser(user, token.Replace(' ', '+'))) { return(new Response { StatusCode = HttpStatusCode.OK }); } else { return new Response { StatusCode = HttpStatusCode.Unauthorized } }; }); Post("/checkuser", p => { return((AobaCore.UserExists(Request.Body.AsString())) ? new Response { StatusCode = HttpStatusCode.NotAcceptable } : new Response { StatusCode = HttpStatusCode.OK }); }); }