From 35e2d8296b79fa90973d309fc9e4bee86790e026 Mon Sep 17 00:00:00 2001 From: Fransolet Thomas Date: Thu, 6 Oct 2022 15:14:08 +0200 Subject: [PATCH] Add password verification ! --- Manager.Framework/Business/ProfileLogic.cs | 9 +++++++-- .../Controllers/AuthenticationController.cs | 4 ++-- ManagerService/Services/TokensService.cs | 11 +++++------ 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/Manager.Framework/Business/ProfileLogic.cs b/Manager.Framework/Business/ProfileLogic.cs index 5a56304..81f0772 100644 --- a/Manager.Framework/Business/ProfileLogic.cs +++ b/Manager.Framework/Business/ProfileLogic.cs @@ -22,20 +22,25 @@ namespace Manager.Framework.Business _logger = logger; } - public bool Authenticate(string email, string password) + public void TestPassword(string email, string userPassword, string password) { if (string.IsNullOrWhiteSpace(email)) { _logger.LogError($"Authenticate error: No e-mail provided"); throw new UnauthorizedAccessException("Authentication error"); } + if (string.IsNullOrEmpty(password)) { _logger.LogError($"Authenticate error: No password provided"); throw new UnauthorizedAccessException("Authentication error"); } - return true; + if (!PasswordUtils.Compare(userPassword, password, PasswordsPepper)) + { + _logger.LogError($"Authenticate error: passwords doesn't match"); + throw new UnauthorizedAccessException("Authentication error"); + } } /// diff --git a/ManagerService/Controllers/AuthenticationController.cs b/ManagerService/Controllers/AuthenticationController.cs index 30daaad..c5b596a 100644 --- a/ManagerService/Controllers/AuthenticationController.cs +++ b/ManagerService/Controllers/AuthenticationController.cs @@ -53,14 +53,14 @@ namespace ManagerService.Service.Controllers email = "test@email.be"; password = "W/7aj4NB60i3YFKJq50pbw=="; // password = "kljqsdkljqsd"; #endif - var token = _tokensService.Authenticate(email.ToLower(), password); - // Set user token ? var user = _UserDatabaseService.GetByEmail(email.ToLower()); if (user == null) throw new KeyNotFoundException("User not found"); + var token = _tokensService.Authenticate(user, password); + MqttClientService.SetServices(_DeviceDatabaseService, _ConfigurationDatabaseService); return new OkObjectResult(token); diff --git a/ManagerService/Services/TokensService.cs b/ManagerService/Services/TokensService.cs index b06fb9f..afd22bd 100644 --- a/ManagerService/Services/TokensService.cs +++ b/ManagerService/Services/TokensService.cs @@ -51,17 +51,16 @@ namespace ManagerService.Service.Services /// Email /// Password /// Token DTO in case of success - public TokenDTO Authenticate(string email, string password) + public TokenDTO Authenticate(User user, string password) { try { var claims = new List(); var expiration = DateTime.UtcNow.AddMinutes(_tokenSettings.AccessTokenExpiration); - // Todo nothing good here.. - var profile = _profileLogic.Authenticate(email, password); + _profileLogic.TestPassword(user.Email, user.Password, password); - claims.Add(new Claim(ClaimTypes.Email, email)); + claims.Add(new Claim(ClaimTypes.Email, user.Email)); // TODO: add refresh token support @@ -85,12 +84,12 @@ namespace ManagerService.Service.Services } catch (UnauthorizedAccessException ex) { - _logger?.LogError(ex, $"Authenticate error for user '{email}': unauthorized access"); + _logger?.LogError(ex, $"Authenticate error for user '{user.Email}': unauthorized access"); throw; } catch (Exception ex) { - _logger?.LogError(ex, $"Authenticate error for user '{email}': {ex.Message}"); + _logger?.LogError(ex, $"Authenticate error for user '{user.Email}': {ex.Message}"); throw; } }