routing protection

12aed23e · Radek Puš · 0b305372 · 12aed23e · 12aed23e · 0b305372
Commit 12aed23e authored 5 years ago by Radek Puš
--- a/Core/Core/BusinessLogic/PasswordLogic/PasswordHasher.cs
+++ b/Core/Core/BusinessLogic/PasswordLogic/PasswordHasher.cs
@@ -14,7 +14,7 @@ namespace Core.BusinessLogic.PasswordLogic
        public static string Hash(string password)
        {
-            using (var algorithm = new Rfc2898DeriveBytes(password, SaltSize, Iterations, HashAlgorithmName.SHA256))
+            using (var algorithm = new Rfc2898DeriveBytes(password, SaltSize, Iterations, HashAlgorithmName.SHA512))
            {
                string key = Convert.ToBase64String(algorithm.GetBytes(KeySize));
                string salt = Convert.ToBase64String(algorithm.Salt);
@@ -33,7 +33,7 @@ namespace Core.BusinessLogic.PasswordLogic
            byte[] salt = Convert.FromBase64String(parts[0]);
            byte[] key = Convert.FromBase64String(parts[1]);
-            using (var algorithm = new Rfc2898DeriveBytes(password, salt, Iterations, HashAlgorithmName.SHA256))
+            using (var algorithm = new Rfc2898DeriveBytes(password, salt, Iterations, HashAlgorithmName.SHA512))
            {
                var keyToCheck = algorithm.GetBytes(KeySize);
                var verified = keyToCheck.SequenceEqual(key);

--- a/Core/Core/ClientApp/src/app/app.module.ts
+++ b/Core/Core/ClientApp/src/app/app.module.ts
@@ -15,7 +15,6 @@ import { LoginService } from './login/login.service';
 import { HomeComponent } from './home/home.component';
 import { RegistrationComponent } from './registration/registration.component';
 import { AuthGuard } from './auth.guard';
-import { AuthGuardService } from './auth.guard.service';
 import { RegistrationService } from './registration/registration.service';
 @NgModule({
@@ -44,7 +43,6 @@ import { RegistrationService } from './registration/registration.service';
    ImportService,
    LoginService,
    AuthGuard,
-    AuthGuardService,
    RegistrationService
  ],
  bootstrap: [AppComponent]

--- a/Core/Core/ClientApp/src/app/auth.guard.service.ts
+++ b/Core/Core/ClientApp/src/app/auth.guard.service.ts
-import { Injectable } from '@angular/core';
-import { HttpClient } from '@angular/common/http';
-@Injectable({
-  providedIn: 'root'
-}
-)
-export class AuthGuardService {
-  isLoggedIn = false;
-  constructor(private http: HttpClient) {
-  }
-}
--- a/Core/Core/ClientApp/src/app/auth.guard.ts
+++ b/Core/Core/ClientApp/src/app/auth.guard.ts
 import { Injectable } from '@angular/core';
 import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';
 import { Observable } from 'rxjs';
-import { AuthGuardService } from './auth.guard.service';
 @Injectable({
  providedIn: 'root'
 })
 export class AuthGuard implements CanActivate {
-  constructor(private auth: AuthGuardService) {
+  public IsLoggedIn: boolean = false;
-  }
+  constructor() { }
  canActivate(
    next: ActivatedRouteSnapshot,
    state: RouterStateSnapshot): Observable<boolean> | Promise<boolean> | boolean {
-    return this.auth.isLoggedIn;
+    return this.IsLoggedIn;
    //return true;
  }
 }
--- a/Core/Core/ClientApp/src/app/login/login.component.ts
+++ b/Core/Core/ClientApp/src/app/login/login.component.ts
 import { Component, OnInit } from '@angular/core';
 import { HttpClient } from '@angular/common/http';
+import { LoginService } from './login.service';
+import { Router } from '@angular/router';
+import { AuthGuard } from '../auth.guard';
 @Component({
    selector: 'app-login',
@@ -9,14 +12,15 @@ import { HttpClient } from '@angular/common/http';
 /** login component*/
 export class LoginComponent implements OnInit {
-  username: string;
-  password: string;
-  Http: HttpClient;
  ngOnInit() { }
-  constructor(http: HttpClient) {
+  private LoginService: LoginService;
-    this.Http = http;
+  constructor(private HttpClient: HttpClient,
+    private Auth: AuthGuard,
+    private Router: Router,
+  ) {
+    this.LoginService = new LoginService(HttpClient, Auth, Router);
  }
  loginUser(event): void {
@@ -29,7 +33,17 @@ export class LoginComponent implements OnInit {
    const password = target.querySelector('#password').value;
    console.log(username, password);
+    if (!this.LoginService.validateInput(username, password))
+      return;
+    this.LoginService.loginUser(username, password).subscribe(data => {
+      console.log('subscribe' + data.item1, data.item2);
+      if (data.item1 == 100) {//success
+        this.Auth.IsLoggedIn = true;
+        this.Router.navigate(['home']);
+        console.log(data);
+      }
+      });
    /*if (this.username == 'admin' && this.password == 'admin')
      this.router.navigate(["user"]);

--- a/Core/Core/ClientApp/src/app/login/login.service.ts
+++ b/Core/Core/ClientApp/src/app/login/login.service.ts
 import { Injectable } from '@angular/core';
 import { HttpClient } from '@angular/common/http';
+import { Router } from '@angular/router';
+import { AuthGuard } from '../auth.guard';
 @Injectable({
  providedIn: 'root'
@@ -7,32 +9,39 @@ import { HttpClient } from '@angular/common/http';
 )
 export class LoginService {
-  constructor(private httpClent: HttpClient) { }
+  constructor(private HttpClent: HttpClient,
+    private Auth: AuthGuard,
+    private Router: Router
+  ) { }
-  registerUser(username: string, password: string, passwordCheck: string) {
+  validateInput(username: string, password: string): boolean {
+    if (username.length < 1 && password.length < 1)
-    if (username.length < 1 && password.length < 1 && passwordCheck.length < 1)
      return false;
-    if (username.length < 1 && (password.length > 0 || passwordCheck.length > 0)) {
+    if (username.length < 1 && (password.length > 0)) {
      alert("Vyplňte uživatelské jméno");
      return false;
    }
-    if (username.length > 0 && password.length < 1 && passwordCheck.length < 1) {
+    if (username.length > 0 && password.length < 1) {
      alert("Vyplňte heslo");
      return false;
    }
-    if (password != passwordCheck) {
+    return true;
-      alert("Hesla se musejí shodovat");
+  }
-      return false;
-    }
+  loginUser(username: string, password: string) {
+    return this.HttpClent.post<{ item1: number, item2: string }>('api/Login', { username, password });
-    this.httpClent.post<{ item1: number, item2: string }>('api/Login', { username, password })
+    /*return this.HttpClent.post<{ item1: number, item2: string }>('api/Login', { username, password })
      .toPromise()
      .then(res => {
        console.log(res.item1, res.item2);
-      }, error => console.error(error));
+        if (res.item1 == 100) {//success
+          this.Auth.IsLoggedIn = true;
+        }
+      }, error => console.error(error));*/
  }
 }
--- a/Core/Core/Controllers/LoginController.cs
+++ b/Core/Core/Controllers/LoginController.cs
@@ -28,29 +28,18 @@ namespace Core.Controllers
        }
        // GET: api/Login/5
-        [HttpGet("{id}", Name = "GetLogin")]
+        //[HttpGet("{id}", Name = "GetLogin")]
-        public (int, string) Get(CredentialContainer credentials)
+        //public (int, string) Get(CredentialContainer credentials)
-        {
+        //{
-            Console.WriteLine($"username: {credentials.username}, password: {credentials.password}");
+        //}
-            //unique constraint
-            User loginUser = new User(credentials.username, credentials.password);
-            if (!Context.Users.Any(u => u == loginUser))
-                return (400, "Bad Request: wrong password or user does not exist");
-            return (100, "OK");
-        }
        // POST: api/Login
        [HttpPost]
        public (int, string) Post([FromBody] CredentialContainer credentials)
        {
-            Console.WriteLine($"username: {credentials.username}, password: {credentials.password}");
+            User user = Context.Users.FirstOrDefault(u => u.Username == credentials.username);
-            //unique constraint
+            if (user == null || !user.IsEqual(credentials.username, credentials.password))
-            User loginUser = new User(credentials.username, credentials.password);
-            if (!Context.Users.Any(u => u == loginUser))
                return (400, "Bad Request: wrong password or user does not exist");
            return (100, "OK");

--- a/Core/Core/Core.csproj
+++ b/Core/Core/Core.csproj
@@ -38,14 +38,12 @@
  <ItemGroup>
    <None Remove="ClientApp\src\app\app.routing.module.ts" />
-    <None Remove="ClientApp\src\app\auth.guard.service.ts" />
    <None Remove="ClientApp\src\app\import\import.service.ts" />
    <None Remove="ClientApp\src\app\login\login.service.ts" />
    <None Remove="ClientApp\src\app\registration\registration.service.ts" />
  </ItemGroup>
  <ItemGroup>
-    <TypeScriptCompile Include="ClientApp\src\app\auth.guard.service.ts" />
    <TypeScriptCompile Include="ClientApp\src\app\import\import.service.ts" />
    <TypeScriptCompile Include="ClientApp\src\app\login\login.service.ts">
      <SubType>Code</SubType>

--- a/Core/Core/Models/User.cs
+++ b/Core/Core/Models/User.cs
@@ -8,6 +8,10 @@ namespace Core.Models
 {
    public class User
    {
+        public User()
+        {
+        }
        public User(string username, string password)
        {
            Username = username;