示例#1
0
        public async Task <IActionResult> SignIn(string login, string password)
        {
            if (string.IsNullOrEmpty(login) || string.IsNullOrEmpty(password))
            {
                return(BadRequest("Login or password is empty"));
            }

            if (!LoginValidateRegex.IsMatch(login))
            {
                return(BadRequest("Bad login"));
            }

            using (await AsyncLockPool.GetLockObject(login).AcquireAsync(HttpContext.RequestAborted))
            {
                var user = await UserManager.FindAsync(login);

                if (user == null || !CryptographicOperations.FixedTimeEquals(Encoding.UTF8.GetBytes(user.Password), Encoding.UTF8.GetBytes(password)))
                {
                    return(StatusCode(403, "No such user or invalid password"));
                }

                await SignInAsync(login);
            }

            return(Ok("Ok"));
        }
示例#2
0
        public async Task <IActionResult> SignUp(string login, string name, string password)
        {
            if (string.IsNullOrEmpty(login) || string.IsNullOrEmpty(password) || string.IsNullOrEmpty(name))
            {
                return(BadRequest("Login or password or name is empty"));
            }

            if (!LoginValidateRegex.IsMatch(login))
            {
                return(BadRequest("Bad login"));
            }

            if (name.Length > MaxFieldLength || password.Length > MaxFieldLength)
            {
                return(BadRequest("Field too long"));
            }

            using (await AsyncLockPool.GetLockObject(login).AcquireAsync(HttpContext.RequestAborted))
            {
                if (await UserManager.FindAsync(login) != null)
                {
                    return(Conflict("User already exists"));
                }

                if (HttpContext.RequestAborted.IsCancellationRequested)
                {
                    return(BadRequest("Cancelled"));
                }

                var key = new byte[16];
                RandomNumberGenerator.Fill(key);

                var user = new User {
                    Login = login, Name = name, Password = password, Key = key
                };
                await UserManager.AddAsync(user);

                await SignInAsync(login);
            }

            return(Ok("Ok"));
        }