public DataResult EditMobile(string newMobile, string msgCode, string password)
{
var result = new DataResult("false", "密码错误", null, null);
var vCode = VerifyCode.GetDetail(newMobile);
if (vCode == null || vCode.ExpireDt < DateTime.Now || vCode.Code != msgCode)
{
result = new DataResult("false", "验证码错误或过期", null, null);
}
else
{
if (User.Search(mobile: newMobile).Count() > 0)
{
result = new DataResult("false", "号码已使用", null, null);
}
else
{
var user = User.GetDetail(mobile: Common.LoginUser.Mobile);
if (user != null && user.InUsed && PasswordHelper.ComparePasswords(user.Password, password))
{
user.Mobile = newMobile;
user.Save();
Logout();
LoginSuccess(user);
result = new DataResult("true", "修改成功", null, null);
}
}
}
return(result);
}
private void DataPortal_Fetch(LoginCriteria criteria)
{
if (criteria.IsGuest)
{
this.FetchGuest();
}
else
{
using (var ctx = ObjectContextManager <ApplicationEntities>
.GetManager(Database.SecurityConnection, false))
{
IQueryable <Data.User> query = ctx.ObjectContext.Users;
query = query.Where(row => row.Name == criteria.Name ||
row.Email == criteria.Name);
var data = query.Select(row => row);
if (data.Count() > 0)
{
var user = data.Single();
if (!string.IsNullOrEmpty(criteria.Password))
{
if (PasswordHelper.ComparePasswords(
user.Salt,
criteria.Password,
user.Password))
{
this.Fetch(user);
}
else
{
throw new SecurityException("User name or password is invalid.");
}
}
else
{
this.Fetch(user);
}
}
else
{
throw new SecurityException("User name or password is invalid.");
}
}
}
}
public static DataResult EditUserPassword(int userId, string oldPassword, string newPassword)
{
var user = User.Set.Where(u => u.ID == userId).FirstOrDefault();
if (user == null)
{
return(new DataResult("false", "用户不存在", null, null));
}
// 老密码和数据库校对
if (!PasswordHelper.ComparePasswords(user.Password, oldPassword))
{
return(new DataResult("false", "旧密码不正确", null, null));
}
// 保存新密码
user.Password = PasswordHelper.CreateDbPassword(newPassword);
user.Save();
return(new DataResult("true", "密码修改成功", null, null));
}
public static DataResult LoginMobile(string mobile, string password, string verifyCode, string OS)
{
var result = new DataResult("false", "账户或密码错误", null, null);
if (Asp.GetSession(Common.SESSION_VERIFYCODE) == null ||
verifyCode.ToLower() != Asp.GetSession(Common.SESSION_VERIFYCODE).ToString().ToLower())
{
return(new DataResult("false", "验证码错误", null, null));
}
else
{
// 校验账户和密码
var user = User.GetDetail(null, null, mobile, null);
var userInfo = Asp.GetSession("OAuthUserInfo") as OAuthUserInfo;
if (user == null)
{
result = new DataResult("false", "手机号码未在平台绑定", null, null);
}
else if (user != null && user.InUsed && PasswordHelper.ComparePasswords(user.Password, password))
{
if (user.NickName.IsNullOrEmpty())
{
user.NickName = userInfo.nickname;
}
if (user.Photo.IsNullOrEmpty())
{
user.Photo = userInfo.headimgurl;
}
user.WechatOpenId = userInfo.openid;
LoginSuccess(user);
Logger.LogToDb("登录成功", LogLevel.Info, mobile, OS);
result = new DataResult("true", "登录成功", null, null);
}
else
{
Logger.LogToDb("登录失败", LogLevel.Warn, mobile, OS);
}
}
return(result);
}
public async Task <IActionResult> Authenticate([FromBody] User userParam)
{
if (userParam == null || string.IsNullOrEmpty(userParam.UserName) || string.IsNullOrEmpty(userParam.Password))
{
return(BadRequest(ModelState));
}
var user = await _userRepository.GetUserByUserNameAsync(userParam.UserName);
if (user == null)
{
return(BadRequest());
}
if (!PasswordHelper.ComparePasswords(userParam.Password, user.Password))
{
return(BadRequest());
}
// authentication successful so generate jwt token
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, user.UserId.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
// remove password before returning
user.Password = null;
return(Ok(user));
}
public DataResult Login(string userName, string password, string verifyCode)
{
// 验证验证码
if (Asp.GetSession(Common.SESSION_VERIFYCODE) == null ||
verifyCode.ToLower() != Asp.GetSession(Common.SESSION_VERIFYCODE).ToString().ToLower())
{
return(new DataResult("false", "验证码错误", null, null));
}
// 校验账户和密码
var user = User.Get(name: userName);
if (user != null && user.InUsed && PasswordHelper.ComparePasswords(user.Password, password))
{
LoginSuccess(user);
Logger.LogToDb("登录成功", LogLevel.Info, userName);
return(new DataResult("true", "登录成功", null, null));
}
else
{
Logger.LogToDb("登录失败", LogLevel.Warn, userName);
return(new DataResult("false", "账户或密码错误", null, null));
}
}
private void DataPortal_Fetch(BusinessIdentityDataCriteria criteria)
{
using (var dalManager = DataFactoryManager.GetManager())
{
var dalFactory = dalManager.GetProvider <IBusinessIdentityDataFactory>();
var data = dalFactory.Fetch(criteria);
if (data == null)
{
throw new InvalidUserException();
}
if (!string.IsNullOrEmpty(criteria.Password))
{
if (!PasswordHelper.ComparePasswords(data.Salt, criteria.Password, data.Password))
{
throw new InvalidPasswordException();
}
}
this.Fetch(data);
}
}