You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
3.4 KiB
97 lines
3.4 KiB
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Data.SqlClient;
|
|
using Hasher;
|
|
using System.Linq;
|
|
using Models;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Security.Claims;
|
|
using System.Text;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using System.Security.Cryptography;
|
|
|
|
namespace backend.Controllers
|
|
{
|
|
[Route("api/login")]
|
|
[ApiController]
|
|
public class Login : ControllerBase
|
|
{
|
|
private readonly IConfiguration _config;
|
|
|
|
public Login(IConfiguration config)
|
|
{
|
|
_config = config;
|
|
}
|
|
|
|
[HttpPost]
|
|
public void ProcessLogin([FromBody] dynamic requestBody)
|
|
{
|
|
string email = requestBody.username;
|
|
string password = requestBody.password;
|
|
string clientPublicKey = requestBody.client_verification_key;
|
|
|
|
// Try to get a name from the database
|
|
using (var db = new MyDbContext())
|
|
{
|
|
User user = db.Users.FirstOrDefault(u => u.Email.ToLower() == email.ToLower());
|
|
|
|
if (user != null)
|
|
{
|
|
int userId = user.UserId;
|
|
string passwordHash = user.PasswordHash;
|
|
|
|
// Check the hash
|
|
if (Argon2dHasher.VerifyArgon2Hash(password, passwordHash))
|
|
{
|
|
// Get the user authorizations
|
|
List<Auth> auths = db.Auths.Where((auth) => auth.UserId == userId).ToList();
|
|
|
|
// Generate a random string for fingerprinting
|
|
var fingerprint = GenerateRandomString(32);
|
|
|
|
//Create a JWT
|
|
// Claims: [userId, clientPublicKey, auths]
|
|
var claims = new[]
|
|
{
|
|
// Add the user ID as a subject claim
|
|
new Claim(JwtRegisteredClaimNames.Sub, userId.ToString()),
|
|
|
|
// Add the client public key as a custom claim
|
|
new Claim("ClientPublicKey", clientPublicKey)
|
|
|
|
// Add the fingerprint as a hashed custom claim
|
|
new Claim("Fingerprint", HashFingerprint(fingerprint))
|
|
};
|
|
|
|
// Add the user authorizations as custom claims
|
|
foreach (var auth in auths)
|
|
{
|
|
claims.Append(new Claim("Auth", auth.AuthId.ToString()));
|
|
}
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
//TODO Handle case where no user was found with the given email
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
// Helper function to generate a random string
|
|
public static string GetRandomString(int length)
|
|
{
|
|
var r = new Random();
|
|
return new String(Enumerable.Range(0, length).Select(n => (Char)(r.Next(32, 127))).ToArray());
|
|
}
|
|
|
|
// Helper function to hash the fingerprint using SHA-256
|
|
private string HashFingerprint(string fingerprint)
|
|
{
|
|
using var sha256 = SHA256.Create();
|
|
var hashedFingerprint = sha256.ComputeHash(Encoding.UTF8.GetBytes(fingerprint));
|
|
return Convert.ToBase64String(hashedFingerprint);
|
|
}
|
|
|
|
}
|
|
} |