public LoginResponseWrapper Post(LoginRequest request) { LoginResponseWrapper rsp = new LoginResponseWrapper(); { try { var usr = database.GetUser(request.Username); if (PasswordHasher.CheckHash(request.Password, usr.LoginHash)) { rsp.ResponseCode = (int)ResponseConstants.SUCCES; rsp.Description = "ok"; rsp.ApiKey = usr.ApiKey; } } catch { rsp.ResponseCode = (int)ResponseConstants.FAIL; rsp.Description = "Wrong password/username"; } } return(rsp); }
public IActionResult ChangePassword([FromBody] ChangePasswordData change_password_data) { if (ModelState.IsValid == false || change_password_data.NewPassword != change_password_data.NewPasswordConfirmation) { return(BadRequest()); } var currentSessionId = HttpContext.Get <Session>(_context).Id; var session = HttpContext.Get <LoggableEntities>(_context); var current_Admin = session == null ? null : session.Admin; if (current_Admin != null) { var admin = _context.Admin.FirstOrDefault(u => u.Id == current_Admin.Id); if (!PasswordHasher.CheckHash(change_password_data.Password, new PasswordAndSalt() { PasswordHash = admin.PasswordHash, PasswordSalt = admin.PasswordSalt })) { return(Unauthorized()); } var hassedPassword = PasswordHasher.Hash(change_password_data.NewPassword); admin.PasswordHash = hassedPassword.PasswordHash; admin.PasswordSalt = hassedPassword.PasswordSalt; _context.Admin.Update(admin); _context.SaveChanges(); return(Ok()); } return(Unauthorized()); }
public IActionResult Login([FromBody] LoginData login_data) { var item = _context.Admin.FirstOrDefault(t => t.Username == login_data.Username || t.Email == login_data.Email); string currentIp = HttpContext.Request.Headers["X-Forwarded-For"]; if (currentIp == null) { currentIp = HttpContext.Connection.RemoteIpAddress.ToString(); } var attempt = _context.LoginAttempt.Where(a => a.IpAddress == currentIp && a.Email == login_data.Email).FirstOrDefault(); if (attempt == null) { attempt = new LoginAttempt { Email = login_data.Email, IpAddress = currentIp, Attempts = 0, LastAttempt = DateTime.Now }; _context.Add(attempt); } if (attempt.Attempts >= 5 && attempt.LastAttempt.AddSeconds(30).CompareTo(DateTime.Now) > 0) { return(StatusCode(403, new { message = "temporarily_blocked" })); } else if (attempt.Attempts >= 5 && attempt.LastAttempt.AddSeconds(30).CompareTo(DateTime.Now) < 0) { attempt.Attempts = 0; } if (item != null) { var last_login_attempt = item.LastLoginAttempt; item.LastLoginAttempt = DateTime.Now; _context.Update(item); _context.SaveChanges(); if (login_data.Password != null && (last_login_attempt != null || (DateTime.Now - last_login_attempt).TotalSeconds > 3) && item.EmailConfirmed) { if (PasswordHasher.CheckHash(login_data.Password, new PasswordAndSalt() { PasswordHash = item.PasswordHash, PasswordSalt = item.PasswordSalt })) { // Remove this IP from the attempts table since the login is successfull _context.LoginAttempt.Remove(attempt); _context.LoginAttempt.RemoveRange(_context.LoginAttempt.Where(a => a.LastAttempt.AddDays(1).CompareTo(DateTime.Now) < 0)); _context.SaveChanges(); HttpContext.Login <LoggableEntities, Admin>(env, _context, "Admin", item, new LoggableEntities() { Admin = item }); return(Ok(AdminViewData.FromAdmin(item))); } } } // The login is unsuccesfull, update the attempts for this IP attempt.Attempts = attempt.Attempts + 1; attempt.LastAttempt = DateTime.Now; _context.SaveChanges(); return(StatusCode(401, new { message = "login_failed" })); }
public IActionResult ChangePassword([FromBody] ChangePasswordData change_password_data) { var item = _context.User.FirstOrDefault(t => t.Username == change_password_data.Username); var session = HttpContext.Get <LoggableEntities>(_context); var current_User = session == null ? null : session.User; var current_Admin = session == null ? null : session.Admin; if (item != null && change_password_data.Username != null && change_password_data.Password != null && change_password_data.NewPassword != null && change_password_data.NewPasswordConfirmation != null) { var allowed_items = ApiTokenValid ? _context.User : (current_User != null ? (from _User in _context.User where _User.Id == current_User.Id select _User) : _context.User); if (!allowed_items.Any(i => i.Id == item.Id)) { return(Unauthorized()); } if (change_password_data.NewPassword == change_password_data.NewPasswordConfirmation && PasswordHasher.CheckHash(change_password_data.Password, new PasswordAndSalt() { PasswordHash = item.PasswordHash, PasswordSalt = item.PasswordSalt })) { var new_password = PasswordHasher.Hash(change_password_data.NewPassword); item.PasswordHash = new_password.PasswordHash; item.PasswordSalt = new_password.PasswordSalt; _context.User.Update(item); _context.SaveChanges(); HttpContext.ChangedPassword <User>(_context, "User", item); // HttpContext.Login<LoggableEntities, User>(_context, "User", item, new LoggableEntities() { User = item }); return(Ok()); } } return(Unauthorized()); }