luticate2
/
luticate2-api
Tarkkaile 1
Äänestä 0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 19 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
102 Commitit
4 Branchit
Puu: 8310abfd0d
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '8310abfd0d'
${ noResults }
luticate2-api/Luticate2.Auth/Business/LuUsersBusiness.cs

LuUsersBusiness.cs 5.7KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. using System;

  2. using System.Collections.Generic;

  3. using System.Security.Cryptography;

  4. using System.Text;

  5. using Luticate2.Auth.DataAccess;

  6. using Luticate2.Auth.Dbo.Users;

  7. using Luticate2.Auth.Interfaces.Tokens;

  8. using Luticate2.Auth.Interfaces.Users;

  9. using Luticate2.Utils.Business;

  10. using Luticate2.Utils.Dbo.Result;

  11. using Luticate2.Utils.Interfaces;

  12. using Luticate2.Utils.Utils;

  13. using Microsoft.AspNetCore.Cryptography.KeyDerivation;

  14. 

  15. namespace Luticate2.Auth.Business

  16. {

  17.     public class LuUsersBusiness : LuCrudBusiness<LuUsersDataAccess, LuUsersAddFullDbo, LuUsersFullDbo, LuUsersEditFullDbo, string>, ILuUsersBusiness

  18.     {

  19.         private readonly ILuTokensBusiness _luTokensBusiness;

  20.         private readonly ILuLoggedUserAccessor _luLoggedUserAccessor;

  21. 

  22.         public LuUsersBusiness(LuUsersDataAccess dataAccess, ILuNotificationsBusiness notificationsBusiness,

  23.             ILuTokensBusiness luTokensBusiness, ILuLoggedUserAccessor luLoggedUserAccessor) : base(dataAccess, notificationsBusiness)

  24.         {

  25.             _luTokensBusiness = luTokensBusiness;

  26.             _luLoggedUserAccessor = luLoggedUserAccessor;

  27.         }

  28. 

  29.         public string GenerateSalt()

  30.         {

  31.             var salt = new byte[128 / 8];

  32.             using (var rng = RandomNumberGenerator.Create())

  33.             {

  34.                 rng.GetBytes(salt);

  35.             }

  36.             return Convert.ToBase64String(salt);

  37.         }

  38. 

  39.         public string HashPassword(string password, string salt)

  40.         {

  41.             var hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(password, Encoding.ASCII.GetBytes(salt),

  42.                 KeyDerivationPrf.HMACSHA1, 10000, 256 / 8));

  43.             return hashed;

  44.         }

  45. 

  46.         public bool VerifyPasswordHash(string password, string hash, string salt)

  47.         {

  48.             var newHash = HashPassword(password, salt);

  49.             return newHash == hash;

  50.         }

  51. 

  52.         public LuResult<LuUsersFullDbo> FindByUsername(string username)

  53.         {

  54.             return DataAccess.FindByUsername(username);

  55.         }

  56. 

  57.         public LuResult<LuUsersFullDbo> Register(LuUsersAddDbo user)

  58.         {

  59.             var userRes = FindByUsername(user.Username);

  60.             if (userRes)

  61.             {

  62.                 return LuResult<LuUsersFullDbo>.Error(LuStatus.InputError,

  63.                     $"username: {user.Username}", "Username already exists");

  64.             }

  65.             if (userRes.Status != LuStatus.NotFound)

  66.             {

  67.                 return userRes;

  68.             }

  69.             var salt = GenerateSalt();

  70.             var password = HashPassword(user.Password, salt);

  71.             return this.AddDbo(new LuUsersAddFullDbo

  72.             {

  73.                 AuthenticationSourceId = Guid.Empty.ToDbo(),

  74.                 Data = null,

  75.                 Password = password,

  76.                 Salt = salt,

  77.                 Username = user.Username

  78.             });

  79.         }

  80. 

  81.         public LuResult<LuUsersFullDbo> Edit(string id, LuUsersEditDbo user)

  82.         {

  83.             throw new NotImplementedException();

  84.         }

  85. 

  86.         public LuResult<LuUsersLoginResultDbo> Login(string username, string password)

  87.         {

  88.             var userRes = FindByUsername(username);

  89.             if (userRes.Status == LuStatus.NotFound)

  90.             {

  91.                 return LuResult<LuUsersLoginResultDbo>.Error(LuStatus.LoginError,

  92.                     $"unknown username; username: {username}", "Invalid username or password");

  93.             }

  94.             if (!userRes)

  95.             {

  96.                 return userRes.To<LuUsersLoginResultDbo>();

  97.             }

  98.             if (userRes.Data.Password == null)

  99.             {

  100.                 return LuResult<LuUsersLoginResultDbo>.Error(LuStatus.LoginError,

  101.                     $"null password; username: {username}", "Invalid username or password");

  102.             }

  103.             if (!VerifyPasswordHash(password, userRes.Data.Password, userRes.Data.Salt))

  104.             {

  105.                 return LuResult<LuUsersLoginResultDbo>.Error(LuStatus.LoginError,

  106.                     $"invalid password; username: {username}", "Invalid username or password");

  107.             }

  108. 

  109.             var tokenRes = _luTokensBusiness.GenerateToken(userRes.Data.ToLite());

  110.             if (!tokenRes)

  111.             {

  112.                 return tokenRes.To<LuUsersLoginResultDbo>();

  113.             }

  114. 

  115.             return LuResult<LuUsersLoginResultDbo>.Ok(new LuUsersLoginResultDbo

  116.             {

  117.                 Token = tokenRes.Data,

  118.                 User = userRes.Data.ToLite()

  119.             });

  120.         }

  121. 

  122.         public LuResult<bool> Logout(string token)

  123.         {

  124.             if (token == null)

  125.             {

  126.                 return LuResult<bool>.Ok(true);

  127.             }

  128.             return _luTokensBusiness.UnRegisterToken(token).To(usersToken => true);

  129.         }

  130. 

  131.         public LuResult<LuUsersFullDbo> Me()

  132.         {

  133.             return LuResult<LuUsersFullDbo>.Ok(_luLoggedUserAccessor.GetLoggedUser());

  134.         }

  135. 

  136.         LuResult<T> ILuCrudInterface<LuUsersAddFullDbo, LuUsersFullDbo, LuUsersEditFullDbo, string>.DeleteSingleById<T>(string id, Func<LuUsersFullDbo, T> returnFunc)

  137.         {

  138.             var loggedUser = _luLoggedUserAccessor.GetLoggedUser();

  139.             if (id == Guid.Empty.ToDbo())

  140.             {

  141.                 return LuResult<T>.Error(LuStatus.InputError,

  142.                     $"loggedUser: {loggedUser.Username}", "Can not remove anonymous user");

  143.             }

  144.             if (id == loggedUser.Id)

  145.             {

  146.                 return LuResult<T>.Error(LuStatus.InputError,

  147.                     $"loggedUser: {loggedUser.Username}", "Can not remove yourself");

  148.             }

  149.             return base.DeleteSingleById(id, returnFunc);

  150.         }

  151.     }

  152. }