public string SignIn([FromBody] SignInModel model)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
ModelState.Validate();
var user = _userRepository.Find(new { login = model.Username });
if (user != null && !user.Locked)
{
string password, salt;
_userRepository.GetPasswordAndSalt(user.Id, out password, out salt);
var verified = _saltedHash.VerifyHashString(model.Password, password, salt);
if (verified)
{
var organization = _organizationRepository.Get(user.OrganizationId);
if (organization != null && !organization.Locked)
{
var roles = _memberRepository.Roles(user.Id, true);
return(_tokenProvider.CreateToken(user, organization, roles.ToArray()));
}
}
}
throw new PawnshopApplicationException("Имя пользователя или пароль указан не верно");
}
public bool IsValidLogin(String userName, String password)
{
try
{
bool PasswordMatch = false;
/*_________________________________________________________________________
* Compare the user's hash and salt with the password entered.
* _________________________________________________________________________*/
SystemUser systemUser = GetSystemUser(userName);
if (systemUser != null && systemUser.Hash != null && systemUser.Salt != null)
{
SaltedHash SH = new SaltedHash();
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
string dbHash = encoding.GetString(systemUser.Hash);
string dbSalt = encoding.GetString(systemUser.Salt);
PasswordMatch = SH.VerifyHashString(password, dbHash, dbSalt);
}
else
{
PasswordMatch = false;
}
return(PasswordMatch);
}
catch (Exception ex)
{
ExceptionModel.SaveException(ex.Message, System.Reflection.MethodBase.GetCurrentMethod().DeclaringType.ToString(), System.Reflection.MethodInfo.GetCurrentMethod().Name);
return(false);
}
}
public bool TryAuthenticate(string userName, string password, out IUserAuth userAuth)
{
userAuth = GetUserAuthByUserName(userName);
if (userAuth == null)
{
return(false);
}
var saltedHash = new SaltedHash();
return(saltedHash.VerifyHashString(password, userAuth.PasswordHash, userAuth.Salt));
}
public bool TryAuthenticate(string userName, string password, out IUserAuth userAuth)
{
//userId = null;
userAuth = GetUserAuthByUserName(userName);
if (userAuth == null)
{
return(false);
}
var saltedHash = new SaltedHash();
if (saltedHash.VerifyHashString(password, userAuth.PasswordHash, userAuth.Salt))
{
//userId = userAuth.Id.ToString(CultureInfo.InvariantCulture);
return(true);
}
userAuth = null;
return(false);
}
public ActionResult ChangePassword_Update(UserUpdatePassword model)
{
if (string.IsNullOrEmpty(model.CurrentPassword))
{
return JsonError("Current password is empty");
}
if (string.IsNullOrEmpty(model.NewPassword))
{
return JsonError("New password is empty");
}
if (string.IsNullOrEmpty(model.NewPassword))
{
return JsonError("New password (x2) is empty");
}
var user = User_GetByID(AuthenticatedUserID);
// check old password
var PasswordHasher = new SaltedHash();
if (PasswordHasher.VerifyHashString(model.CurrentPassword, user.PasswordHash, user.Salt))
{
if (model.NewPassword == model.NewPassword2)
{
var p = PasswordGenerate(model.NewPassword);
user.PasswordHash = p.Id;
user.Salt = p.Name;
Db.Update<ABUserAuth>(user);
}
else
{
return JsonError("New password is not same");
}
}
else
{
return JsonError("Current password is not correct");
}
return JsonSuccess("", "Password updated");
}
public bool TryAuthenticate(string userName, string password, out IUserAuth userAuth)
{
//userId = null;
userAuth = GetUserAuthByUserName(userName);
if (userAuth == null) return false;
var saltedHash = new SaltedHash();
if (saltedHash.VerifyHashString(password, userAuth.PasswordHash, userAuth.Salt))
{
//userId = userAuth.Id.ToString(CultureInfo.InvariantCulture);
return true;
}
userAuth = null;
return false;
}
public static bool AuthenticateUser(string userName, string password)
{
Core.Database.User dbUser = GetByUsernameInternal(userName).FirstOrDefault();
if (dbUser == null) return false;
if (dbUser.IsEncrypted)
{
SaltedHash hash = new SaltedHash();
return hash.VerifyHashString(password, dbUser.Password, dbUser.Salt);
}
else
{
return (string.Compare(password, dbUser.Password, false) == 0);
}
}
