public Account FacebookAuthenticate(string accessToken)
{
var userInfo = GetFacebookUserInformation(accessToken);
if (userInfo == null)
{
return(null);
}
var user = _accountRepository.GetByFacebookId(userInfo.Id);
if (user != null)
{
user.Token = JwtToken.Generate(_settings.Value.Secret, user);
user.Password = null;
user.PasswordSalt = null;
return(user);
}
else
{
var salt = Salt.Generate();
var newAccount = new Account()
{
Password = Hash.HashPassword(GenerateRandomPassword(), salt),
PasswordSalt = salt,
Role = "member",
UserId = ObjectId.GenerateNewId().ToString(),
FacebookId = userInfo.Id
};
_accountRepository.Add(newAccount);
newAccount.Password = null;
newAccount.PasswordSalt = null;
newAccount.Token = JwtToken.Generate(_settings.Value.Secret, newAccount);
return(newAccount);
}
}
public void equatable_test()
{
var p1 = new PasswordHash(Password, PasswordHash.DefaultIterations, _salt);
var p3 = new PasswordHash(Password, PasswordHash.DefaultIterations, Salt.Generate(PasswordHash.DefaultSaltSize));
p1.Equals(_sut).Should().BeTrue();
p1.Equals(p3).Should().BeFalse();
}
public async Task <IActionResult> OnPostAsync()
{
if (!ModelState.IsValid)
{
return(Page());
}
User = await _context.User.Where(s => s.UserName == loginData.UserName).Where(s => s.UserStatus == "Active")
.FirstOrDefaultAsync();
if (User != null)
{
if (Hash.Validate(loginData.Password, Salt.Generate(loginData.UserName), User.UserPassword))
{
SuccessMessage = $"User {User.UserName} logged in successfully!";
HttpContext.Session.Clear();
HttpContext.Session.SetString("_username", User.UserName);
HttpContext.Session.SetString("_usertype", User.UserType);
switch (User.UserType)
{
case "Student":
return(RedirectToPage("/Student/Index"));
case "Supervisor":
return(RedirectToPage("/Supervisor/Index"));
case "Coordinator":
return(RedirectToPage("/Coordinator/Index"));
default:
return(RedirectToPage("/Account/Login"));
}
}
else
{
ErrorMessage = $"{User.UserName} fail to log in.";
}
}
else
{
ErrorMessage = $"{loginData.UserName} does not exist.";
}
return(RedirectToPage("/Account/Login"));
}
public async Task <IActionResult> OnPostAsync()
{
if (!ModelState.IsValid)
{
return(Page());
}
var username = HttpContext.Session.GetString("_username");
User = await _context.User.Where(s => s.UserName == username)
.FirstOrDefaultAsync();
if (User != null)
{
if (Hash.Validate(changeData.Password, Salt.Generate(username), User.UserPassword))
{
if (changeData.NewPassword.Equals(changeData.ConfirmPassword))
{
var newHashedPassword = Hash.Generate(changeData.NewPassword, Salt.Generate(username));
User.UserPassword = newHashedPassword;
User.DateModified = DateTime.Now;
SuccessMessage = $"Password changed for " + username;
await _context.SaveChangesAsync();
}
else
{
ErrorMessage = $"The two passwords do not match. ";
}
}
else
{
ErrorMessage = $"The existing password is incorrect. ";
}
}
else
{
ErrorMessage = $"User {username} does not exist.";
}
return(RedirectToPage("/Coordinator/Management/Index"));
}
public Account Register(Account account)
{
if (_accountRepository.GetByEmail(account.Email) != null)
{
return(null);
}
var salt = Salt.Generate();
var encryptedAccount = new Account()
{
Email = account.Email,
Password = Hash.HashPassword(account.Password, salt),
PasswordSalt = salt,
Role = "unverified",
UserId = ObjectId.GenerateNewId().ToString(),
Id = ObjectId.GenerateNewId().ToString()
};
var result = _accountRepository.Add(encryptedAccount);
// Generate token
result.Token = JwtToken.Generate(_settings.Value.Secret, encryptedAccount);
if (result != null)
{
Mail mail = new Mail()
{
Subject = "Thanks for joining TripSharing",
To = result.Email,
Url = $"https://trip-sharing.net/xac-nhan-email/{result.Token}",
EmailType = "EmailConfirm"
};
// Commment this if run in local
_publishToTopic.PublishEmail(mail);
}
return(result);
}
public PasswordHashTests()
{
_salt = Salt.Generate(PasswordHash.DefaultSaltSize);
_sut = new PasswordHash(Password, PasswordHash.DefaultIterations, _salt);
}
public string HashPassword(string password, string studentId)
{
return(Hash.Generate(password, Salt.Generate(studentId)));;
}