public async Task <string> Login(string username, string password)
{
//The most common validation that will be violated in this method is the IncorrectUsernamePassword rule
//Preset that statusDetail in preparation for if we have to set it
List <StatusDetail> statusDetails = new List <StatusDetail>()
{
new StatusDetail()
{
Code = Status400.IncorrectUsernamePassword.ToInt32(),
Desc = StatusMessage.IncorrectUsernamePassword.GetValue()
}
};
PlayerBE player = await GetPlayerByName(username);
//Player validation
if (player == null)
{
base.StatusResp.SetStatusResponse(Status500.BusinessError, StatusMessage.BusinessError, statusDetails);
return(null);
}
//Password validation
string passwordHash = GetPasswordHash(password, player.PasswordSalt, player.PasswordPepper);
if (!passwordHash.Equals(player.PasswordHash))
{
base.StatusResp.SetStatusResponse(Status500.BusinessError, StatusMessage.BusinessError, statusDetails);
return(null);
}
//Made it this far then the login is valid.
//Create a new login token, update the user with related token details and return the new token
player.LoginTokenExpireDateTime = DateTime.UtcNow.AddDays(14);
//Start this now while we generate the token, make sure to wait on it before leaving
Task <PlayerBE> updatePlayerTask = Facade.UpdatePlayer(player);
string jwtToken = TokenMan.GenerateLoginToken(player.PlayerID, player.LoginTokenExpireDateTime);
//Update validation
PlayerBE updatedPlayer = await updatePlayerTask;
if (updatedPlayer == null)
{
statusDetails = new List <StatusDetail>()
{
new StatusDetail()
{
Code = Status700.DbUpdateError.ToInt32(),
Desc = StatusMessage.DbUpdateError.GetValue()
}
};
base.StatusResp.SetStatusResponse(Status500.RetryError, StatusMessage.RetryError, statusDetails);
return(null);
}
return(jwtToken);
}
public async Task <string> ChangeUsername(int playerID, string newUsername)
{
PlayerBE playerBE = await base.Facade.GetPlayerByPlayerID(playerID);
playerBE.Name = newUsername;
playerBE.NameHash = GetUsernameHash(newUsername);
playerBE.LoginTokenExpireDateTime = DateTime.UtcNow.AddDays(14);
await base.Facade.UpdatePlayer(playerBE);
string newToken = TokenMan.GenerateLoginToken(playerID, playerBE.LoginTokenExpireDateTime);
return(newToken);
}
public async Task <string> CreateAccount(string username, string password)
{
string salt = Guid.NewGuid().ToString("N");
string pepper = Guid.NewGuid().ToString("N");
string passwordHash = GetPasswordHash(password, salt, pepper);
PlayerBE newPlayer = new PlayerBE()
{
PasswordSalt = salt,
PasswordPepper = pepper,
PasswordHash = passwordHash,
NameHash = GetUsernameHash(username),
Name = username,
LoginTokenExpireDateTime = DateTime.UtcNow.AddDays(14)
};
await base.Facade.InsertNewPlayer(newPlayer);
string loginToken =
TokenMan.GenerateLoginToken(newPlayer.PlayerID, newPlayer.LoginTokenExpireDateTime);
return(loginToken);
}
public async Task InvokeAsync(HttpContext context, IStatusResponse statusResp)
{
List <StatusDetail> statusDetails;
//Get Token from header
if (!context.Request.Headers.TryGetValue(TokenMan.RequestHeaderKey, out StringValues headerVal))
{
FailForMissingToken();
return;
}
string token = headerVal.FirstOrDefault();
if (string.IsNullOrWhiteSpace(token))
{
FailForMissingToken();
return;
}
//---Validations---
//Signature validation
bool isValid = TokenMan.ValidateTokenSignature(token);
if (!isValid)
{
statusDetails = new List <StatusDetail>()
{
new StatusDetail()
{
Code = Status300.TandemTokenNotValid.ToInt32(),
Desc = StatusMessage.TandemTokenNotValid.GetValue()
}
};
statusResp.SetStatusResponse(Status500.BadRequest, StatusMessage.BadRequest, statusDetails);
return;
}
//Expired validation
isValid = !TokenMan.TokenIsExpired(token);
if (!isValid)
{
statusDetails = new List <StatusDetail>()
{
new StatusDetail()
{
Code = Status300.TandemTokenNotValid.ToInt32(),
Desc = StatusMessage.TandemTokenNotValid.GetValue()
}
};
statusResp.SetStatusResponse(Status500.BadRequest, StatusMessage.BadRequest, statusDetails);
return;
}
//Token valid, proceed
await _next(context);
//LOCAL HELPER FUNCTION
void FailForMissingToken()
{
statusDetails = new List <StatusDetail>()
{
new StatusDetail()
{
Code = Status300.TandemTokenNotFound.ToInt32(),
Desc = StatusMessage.TandemTokenNotFound.GetValue()
}
};
statusResp.SetStatusResponse(Status500.BadRequest, StatusMessage.BadRequest, statusDetails);
}
}
