private async ValueTask <ClaimsIdentity> GetIdentity(string login, string password)
{
DataWrapper <AuthorizationDto> authorizationDto = await _repo.GetByLogin(login);
PasswordEncryptor encryptor = new PasswordEncryptor();
if (authorizationDto.Data != null)
{
if (encryptor.CheckPassword(authorizationDto.Data.Password, password))
{
List <Claim> claims = new List <Claim>()
{
new Claim(ClaimsIdentity.DefaultNameClaimType, authorizationDto.Data.Login),
new Claim(ClaimsIdentity.DefaultRoleClaimType, authorizationDto.Data.Role.Name)
};
ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims, "Token", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
return(claimsIdentity);
}
else
{
return(null);
}
}
return(null);
}
/// <summary>
/// Logs in the user
/// </summary>
/// <returns> Instance of the user object if they login or null else.</returns>
/// <param name="clientConnection">Client connection.</param>
/// <param name="currentClientNumber">Current client number.</param>
private static User LoginUser(TcpClient clientConnection, int currentClientNumber)
{
bool notLoggedIn = true;
while (notLoggedIn)
{
Console.WriteLine("Logging user information");
// User wants to login, so we ask them for their username and password.
SocketStream.SendMessage("Enter Username - ", clientConnection.GetStream());
string username = SocketStream.RecieveMessage(clientConnection.GetStream());
Console.WriteLine(username);
SocketStream.SendMessage("Enter Password - ", clientConnection.GetStream());
string password = SocketStream.RecieveMessage(clientConnection.GetStream());
Console.WriteLine(password);
try
{
string getUsernameQuery = "SELECT * FROM user_accounts WHERE username = ?username;";
// Holds info grabbed from the db
string dbPassword = null;
string dbUsername = null;
int permissions = 0;
string lastname = null;
string firstname = null;
using (MySqlConnection con = new MySqlConnection(Database.Instance.ConnectionString))
{
con.Open();
using (var cmd = con.CreateCommand())
{
cmd.CommandText = getUsernameQuery;
cmd.Parameters.Add("?username", MySqlDbType.VarChar).Value = username;
using (var queryReader = cmd.ExecuteReader())
{
// Using while even though only one value should return as the usernames are unique.
while (queryReader.Read())
{
try
{
dbUsername = queryReader.GetString(queryReader.GetOrdinal("username"));
dbPassword = queryReader.GetString(queryReader.GetOrdinal("password"));
permissions = queryReader.GetInt32(queryReader.GetOrdinal("user_type"));
firstname = queryReader.GetString(queryReader.GetOrdinal("first_name"));
lastname = queryReader.GetString(queryReader.GetOrdinal("last_name"));
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
// The username doesn't exist in the database or the password is incorrect
// so we loop again asking for a new password.
if ((dbUsername == null) || (!PasswordEncryptor.CheckPassword(password, dbPassword)))
{
// Tell the user the username or password is incorrect.
// Not too sure whether or not to be specific about which one
// The vagueness in the message increases security though, as
// Someone trying to guess a user's account might not know which one.
SocketStream.SendMessage("Username or password is incorrect, Try again? Y/N\n", clientConnection.GetStream());
// Used to decide if the user wants to continue with the login,
bool continueLogin = true;
// Use this as a form of user input error checking, so we only get y or n.
bool decisionNotMade = true;
while (decisionNotMade)
{
string userResponse = SocketStream.RecieveMessage(clientConnection.GetStream());
switch (userResponse.ToLower())
{
// the user wants to try again, so we can just break the loop and continue
case ("y"):
continueLogin = true;
decisionNotMade = false;
break;
case ("n"):
continueLogin = false;
decisionNotMade = false;
break;
// If the choice is not what we want, send the message saying incorrect response and
// try again.
default:
SocketStream.SendMessage("Invalid input, try again.", clientConnection.GetStream());
continue;
}
}
// If the user does not want to continue attempting the login then we return a null user
// the user is not logged in.
if (!continueLogin)
{
return(null);
}
// Here we go back to the start of the loop and ask for a username again.
continue;
}
// If this point is reached, the user has entered successful login information.
SocketStream.SendMessage(String.Format("Welcome back, {0}", firstname), clientConnection.GetStream());
return(new User(currentClientNumber, username, firstname, permissions));
}
}
}
}
catch (InvalidOperationException)
{
Console.WriteLine("Query cannot be executed, please check parameters.");
}
}
// Return null if the loop to login is broken, this means that the user would like to return to the main menu.
return(null);
}
