public async Task <string> Login(string username, string password) { //The most common validation that will be violated in this method is the IncorrectUsernamePassword rule //Preset that statusDetail in preparation for if we have to set it List <StatusDetail> statusDetails = new List <StatusDetail>() { new StatusDetail() { Code = Status400.IncorrectUsernamePassword.ToInt32(), Desc = StatusMessage.IncorrectUsernamePassword.GetValue() } }; PlayerBE player = await GetPlayerByName(username); //Player validation if (player == null) { base.StatusResp.SetStatusResponse(Status500.BusinessError, StatusMessage.BusinessError, statusDetails); return(null); } //Password validation string passwordHash = GetPasswordHash(password, player.PasswordSalt, player.PasswordPepper); if (!passwordHash.Equals(player.PasswordHash)) { base.StatusResp.SetStatusResponse(Status500.BusinessError, StatusMessage.BusinessError, statusDetails); return(null); } //Made it this far then the login is valid. //Create a new login token, update the user with related token details and return the new token player.LoginTokenExpireDateTime = DateTime.UtcNow.AddDays(14); //Start this now while we generate the token, make sure to wait on it before leaving Task <PlayerBE> updatePlayerTask = Facade.UpdatePlayer(player); string jwtToken = TokenMan.GenerateLoginToken(player.PlayerID, player.LoginTokenExpireDateTime); //Update validation PlayerBE updatedPlayer = await updatePlayerTask; if (updatedPlayer == null) { statusDetails = new List <StatusDetail>() { new StatusDetail() { Code = Status700.DbUpdateError.ToInt32(), Desc = StatusMessage.DbUpdateError.GetValue() } }; base.StatusResp.SetStatusResponse(Status500.RetryError, StatusMessage.RetryError, statusDetails); return(null); } return(jwtToken); }
public async Task <string> ChangeUsername(int playerID, string newUsername) { PlayerBE playerBE = await base.Facade.GetPlayerByPlayerID(playerID); playerBE.Name = newUsername; playerBE.NameHash = GetUsernameHash(newUsername); playerBE.LoginTokenExpireDateTime = DateTime.UtcNow.AddDays(14); await base.Facade.UpdatePlayer(playerBE); string newToken = TokenMan.GenerateLoginToken(playerID, playerBE.LoginTokenExpireDateTime); return(newToken); }
public async Task <string> CreateAccount(string username, string password) { string salt = Guid.NewGuid().ToString("N"); string pepper = Guid.NewGuid().ToString("N"); string passwordHash = GetPasswordHash(password, salt, pepper); PlayerBE newPlayer = new PlayerBE() { PasswordSalt = salt, PasswordPepper = pepper, PasswordHash = passwordHash, NameHash = GetUsernameHash(username), Name = username, LoginTokenExpireDateTime = DateTime.UtcNow.AddDays(14) }; await base.Facade.InsertNewPlayer(newPlayer); string loginToken = TokenMan.GenerateLoginToken(newPlayer.PlayerID, newPlayer.LoginTokenExpireDateTime); return(loginToken); }
public async Task InvokeAsync(HttpContext context, IStatusResponse statusResp) { List <StatusDetail> statusDetails; //Get Token from header if (!context.Request.Headers.TryGetValue(TokenMan.RequestHeaderKey, out StringValues headerVal)) { FailForMissingToken(); return; } string token = headerVal.FirstOrDefault(); if (string.IsNullOrWhiteSpace(token)) { FailForMissingToken(); return; } //---Validations--- //Signature validation bool isValid = TokenMan.ValidateTokenSignature(token); if (!isValid) { statusDetails = new List <StatusDetail>() { new StatusDetail() { Code = Status300.TandemTokenNotValid.ToInt32(), Desc = StatusMessage.TandemTokenNotValid.GetValue() } }; statusResp.SetStatusResponse(Status500.BadRequest, StatusMessage.BadRequest, statusDetails); return; } //Expired validation isValid = !TokenMan.TokenIsExpired(token); if (!isValid) { statusDetails = new List <StatusDetail>() { new StatusDetail() { Code = Status300.TandemTokenNotValid.ToInt32(), Desc = StatusMessage.TandemTokenNotValid.GetValue() } }; statusResp.SetStatusResponse(Status500.BadRequest, StatusMessage.BadRequest, statusDetails); return; } //Token valid, proceed await _next(context); //LOCAL HELPER FUNCTION void FailForMissingToken() { statusDetails = new List <StatusDetail>() { new StatusDetail() { Code = Status300.TandemTokenNotFound.ToInt32(), Desc = StatusMessage.TandemTokenNotFound.GetValue() } }; statusResp.SetStatusResponse(Status500.BadRequest, StatusMessage.BadRequest, statusDetails); } }