#Login Help

1 messages · Page 1 of 1 (latest)

cursive oyster Oct 18, 2023, 2:49 PM

[HttpPost]
[ValidateAntiForgeryToken]
[ValidateUmbracoFormRouteString]
public async Task<IActionResult> Login([FromForm] LoginViewModel model)
{
if (!ModelState.IsValid)
{
return RedirectToCurrentUmbracoPage();
}

        bool userIsValid = await _usersMembers.IsUserValid(
            model.EmailOrUsername, model.Password);

        if (!userIsValid)
        {
            TempData["LoginSuccess"] = "Invalid email/username or password";
            return RedirectToCurrentUmbracoPage();
        }
        return RedirectToUmbracoPage(Guid.Parse("ee7ae6f0-056c-4e1e-8c30-772fd2c53a30"));


    }

public async Task<bool> IsUserValid(string emailOrUsername, string password)
{
IMember userByEmail = _memberService.GetByEmail(emailOrUsername);
if (userByEmail != null && await VerifyPassword(userByEmail, password))
{
return true;
}
IMember userByUsername = _memberService.GetByUsername(emailOrUsername);
if (userByUsername != null && await VerifyPassword(userByUsername, password))
{
return true;
}
return false;
}

private async Task<bool> VerifyPassword(IMember user, string password)
{
string storedHash = user.PasswordConfiguration;
string rawPassword = user.RawPasswordValue;
string passwordConfiguration = "{"hashAlgorithm":"HMACSHA256"}";

      using (HMACSHA256 hmac = new HMACSHA256())
      {
          byte[] passwordBytes = Encoding.UTF8.GetBytes(rawPassword);

          byte[] computedHashBytes = hmac.ComputeHash(passwordBytes);

          string computedHashBase64 = Convert.ToBase64String(computedHashBytes);

          if (computedHashBase64.Equals(storedHash))
          {
          }
          else
          {
          }
      }
      return false;
  }