update registratsiya

Tohirjon-Odilov · Mar 4, 2024 · 5bfef43 · 5bfef43
1 parent bfd4f2a
commit 5bfef43
Show file tree

Hide file tree

Showing 31 changed files with 909 additions and 105 deletions.
diff --git a/Exam.StockManagement.API/Controllers/Identity/AuthController.cs b/Exam.StockManagement.API/Controllers/Identity/AuthController.cs
@@ -1,6 +1,5 @@
 using Exam.StockManagement.Application.Abstractions.IServices;
 using Exam.StockManagement.Domain.Entities.DTOs.Auth;
-using Exam.StockManagement.Domain.Exceptions;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Exam.StockManagement.API.Controllers.Identity
@@ -27,7 +26,16 @@ public AuthController(IAuthService authService,
         public async Task<IActionResult> SignUp([FromForm] RequestSignUp model)
         {
             var result = await _authService.RegisterUser(model);
-            return Ok(result);
+
+            if (result.Email == "501")
+            {
+                return BadRequest("Parol bir-biriga mos kelmadi.");
+            } else if (result.Email == "502")
+            {
+                return BadRequest("Email oldindan band qilingan.");
+            }
+
+            return Ok("User muvaffaqiyatli ro'yxatdan o'tkazildi. Iltimos login qismidan qayta kiriting.");
         }
 
         [HttpPost]
@@ -36,20 +44,29 @@ public async Task<IActionResult> Login([FromForm] RequestLogin model)
             var result = await _authService.UserExist(model);
             if (result)
             {
-                string path = Path.Combine(_webHostEnvironment.WebRootPath, "code.txt");
+                // emailga qarab fayl ochadi.
+                // coddan foydalanib bo'lganidan so'ng avtomatik o'chib ketadi.
+                string path = Path.Combine(_webHostEnvironment.WebRootPath, "Users",
+                    $"{model.Email.Remove(model.Email.IndexOf("@"))}.txt");
 
                 await _emailSenderService.SendEmailAsync(model.Email, path);
-                return Ok(result);
+                return Ok("User Emailiga kod yuborildi. Iltimos tasdiqlash qismidan kodni kiriting.");
             }
-            throw new NotFoundException();
+            return NotFound("Email topilmadi.");
         }
 
         [HttpPost]
         public async Task<IActionResult> AcceptUser([FromForm] CheckEmail model)
         {
-            string path = Path.Combine(_webHostEnvironment.WebRootPath, "code.txt");
+            string path = Path.Combine(_webHostEnvironment.WebRootPath, "Users",
+                $"{model.Email.Remove(model.Email.IndexOf("@"))}.txt");
+
             var result = await _authService.GenerateToken(model, path);
-            return Ok(result.Token);
+            if (result.Token == "503")
+            {
+                return BadRequest("User'ga yuborilgan kod bilan to'g'ri kelmadi.");
+            }
+            return StatusCode(201,result.Token);
         }
     }
 }
diff --git a/Exam.StockManagement.API/wwwroot/Users/coderr89.txt b/Exam.StockManagement.API/wwwroot/Users/coderr89.txt
@@ -0,0 +1 @@
+2453
diff --git a/Exam.StockManagement.API/wwwroot/Users/test.cs b/Exam.StockManagement.API/wwwroot/Users/test.cs
@@ -0,0 +1,6 @@
+namespace Exam.StockManagement.API.wwwroot.Users
+{
+    public class test
+    {
+    }
+}
diff --git a/Exam.StockManagement.Application/Abstractions/IServices/IAuthService.cs b/Exam.StockManagement.Application/Abstractions/IServices/IAuthService.cs
@@ -7,7 +7,6 @@ public interface IAuthService
     {
         public Task<ResponseLogin> GenerateToken(CheckEmail model, string path);
         public Task<bool> UserExist(RequestLogin user);
-        public Task<string> CorrectEmail(RegisterLogin user);
         public Task<User> RegisterUser(RequestSignUp signUp);
     }
 }
diff --git a/Exam.StockManagement.Application/Abstractions/IServices/IHashingPassword.cs b/Exam.StockManagement.Application/Abstractions/IServices/IHashingPassword.cs
@@ -0,0 +1,11 @@
+namespace Exam.StockManagement.Application.Abstractions.IServices
+{
+    public interface IHashingPassword
+    {
+        public bool VerifyPassword(
+            string passwordFromUser,
+            string hashFromDB,
+            string saltAsStringFromDB);
+        public string HashPassword(string password, out byte[] salt);
+    }
+}
diff --git a/Exam.StockManagement.Application/Abstractions/IServices/IUserService.cs b/Exam.StockManagement.Application/Abstractions/IServices/IUserService.cs
@@ -8,7 +8,7 @@ namespace Exam.StockManagement.Application.Abstractions.IServices
 {
     public interface IUserService
     {
-        public Task<User> Create(RequestSignUp signUp);
+        public Task<User> Create(RequestSignUp requestSignUp);
         public Task<User> GetByEmail(string email);
         public Task<IEnumerable<UserViewModel>> GetAll();
         public Task<bool> Delete(Expression<Func<User, bool>> expression);

diff --git a/Exam.StockManagement.Application/Services/AuthServices/AuthService.cs b/Exam.StockManagement.Application/Services/AuthServices/AuthService.cs
@@ -25,16 +25,6 @@ public AuthService(IConfiguration conf, IUserService userService)
             _userService = userService;
         }
 
-        public async Task<string> CorrectEmail(RegisterLogin user)
-        {
-            var result = await _userService.GetByEmail(user.Email!);
-            if (result.Code == user.Code)
-            {
-                return "Login successfully!";
-            }
-            throw new NotFoundException();
-        }
-
         public async Task<ResponseLogin> GenerateToken(CheckEmail model, string path)
         {
             var login = new RequestLogin()
@@ -44,11 +34,9 @@ public async Task<ResponseLogin> GenerateToken(CheckEmail model, string path)
 
             if (File.ReadAllText(path) != model.Code && await UserExist(login))
             {
-                throw new PasswordNotMatchException();
+                return new ResponseLogin { Token = "503" };
             }
 
-            File.WriteAllText(path, "");
-
             var result = await _userService.GetByEmail(model.Email);
 
             IEnumerable<int> permissionsId = new List<int>();
@@ -68,6 +56,8 @@ public async Task<ResponseLogin> GenerateToken(CheckEmail model, string path)
                 new Claim("permissions",permmisionJson)
             };
 
+            File.Delete(path);
+
             return await GenerateToken(claims);
         }
 
@@ -106,14 +96,16 @@ public async Task<ResponseLogin> GenerateToken(IEnumerable<Claim> additionalClai
 
         public async Task<bool> UserExist(RequestLogin user)
         {
-            if (user.Email == null)
+            if (user.Email == null || user.Password == null)
             {
                 throw new NotFoundException();
             }
 
             var result = await _userService.GetByEmail(user.Email);
+            var hash = new HashingPassword();
 
-            if (result != null)
+            if(result != null && hash.VerifyPassword(
+                user.Password, result.Password, result.Salt))
             {
                 return true;
             }

diff --git a/Exam.StockManagement.Application/Services/HashingPassword.cs b/Exam.StockManagement.Application/Services/HashingPassword.cs
@@ -0,0 +1,42 @@
+using Exam.StockManagement.Application.Abstractions.IServices;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace Exam.StockManagement.Application.Services
+{
+    public class HashingPassword : IHashingPassword
+    {
+        private readonly int keySize = 64;
+        private readonly int iterations = 350000;
+        private readonly HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA512;
+
+        public string HashPassword(string password, out byte[] salt)
+        {
+            salt = RandomNumberGenerator.GetBytes(keySize);
+
+            var hash = Rfc2898DeriveBytes.Pbkdf2(
+                Encoding.UTF8.GetBytes(password),
+                salt,
+                iterations,
+                hashAlgorithm,
+                keySize);
+
+            return Convert.ToHexString(hash);
+        }
+
+        public bool VerifyPassword(string passwordFromUser, string hashFromDB, string saltAsStringFromDB)
+        {
+            byte[] salt = Convert.FromHexString(saltAsStringFromDB);
+
+            var hashToCompare = Rfc2898DeriveBytes.Pbkdf2(
+                password: passwordFromUser,
+                salt,
+                iterations: iterations,
+                hashAlgorithm: hashAlgorithm,
+                outputLength: keySize);
+
+            return CryptographicOperations.FixedTimeEquals(hashToCompare, Convert.FromHexString(hashFromDB));
+
+        }
+    }
+}
diff --git a/Exam.StockManagement.Application/Services/UserService.cs b/Exam.StockManagement.Application/Services/UserService.cs
@@ -4,7 +4,6 @@
 using Exam.StockManagement.Domain.Entities.DTOs.Auth;
 using Exam.StockManagement.Domain.Entities.Models;
 using Exam.StockManagement.Domain.Entities.ViewModels;
-using Exam.StockManagement.Domain.Exceptions;
 using System.Linq.Expressions;
 
 namespace Exam.StockManagement.Application.Services
@@ -24,24 +23,26 @@ public async Task<User> Create(RequestSignUp requestSignUp)
 
             if (requestSignUp.Password != requestSignUp.ConfirmPassword)
             {
-                throw new PasswordNotMatchException();
+                return new User { Email = "501" };
             }
 
             if (hasEmail != null)
             {
-                throw new AlreadyExistException();
+                return new User { Email = "502" };
             }
 
+            var hash = new HashingPassword();
+
             User? user = new User()
             {
                 Name = requestSignUp.Name,
                 Email = requestSignUp.Email,
-                Password = requestSignUp.Password,
+                Password = hash.HashPassword(requestSignUp.Password, out byte[]? salt),
+                Salt = Convert.ToHexString(salt),
                 Role = requestSignUp.Role
-
             };
 
-            User? result = await _userRepository.Create(user);
+            var result = await _userRepository.Create(user);
 
             return result;
         }
@@ -104,7 +105,6 @@ public async Task<User> Update(int Id, UserDTO userDTO)
                 return result;
             }
             return new User();
-
         }
     }
 }
diff --git a/Exam.StockManagement.Domain/Entities/DTOs/Auth/CheckEmail.cs b/Exam.StockManagement.Domain/Entities/DTOs/Auth/CheckEmail.cs
@@ -1,11 +1,15 @@
 using DataAnnotationsExtensions;
+using System.ComponentModel.DataAnnotations;
 
 namespace Exam.StockManagement.Domain.Entities.DTOs.Auth
 {
     public class CheckEmail
     {
+        [Required]
         [Email]
-        public string Email { get; set; }
-        public string Code { get; set; }
+        public string? Email { get; set; }
+        [Required]
+        [Length(4, 4)]
+        public string? Code { get; set; }
     }
 }
diff --git a/Exam.StockManagement.Domain/Entities/DTOs/Auth/RegisterLogin.cs b/Exam.StockManagement.Domain/Entities/DTOs/Auth/RegisterLogin.cs
diff --git a/Exam.StockManagement.Domain/Entities/DTOs/Auth/RequestLogin.cs b/Exam.StockManagement.Domain/Entities/DTOs/Auth/RequestLogin.cs
@@ -1,11 +1,15 @@
 using DataAnnotationsExtensions;
+using System.ComponentModel.DataAnnotations;
 
 namespace Exam.StockManagement.Domain.Entities.DTOs.Auth
 {
     public class RequestLogin
     {
+        [Required]
         [Email]
         public string Email { get; set; }
+        [Required]
+        [Length(8, 16)]
         public string Password { get; set; }
     }
 }
diff --git a/Exam.StockManagement.Domain/Entities/DTOs/Auth/RequestSignUp.cs b/Exam.StockManagement.Domain/Entities/DTOs/Auth/RequestSignUp.cs
@@ -1,11 +1,22 @@
+using DataAnnotationsExtensions;
+using System.ComponentModel.DataAnnotations;
+
 namespace Exam.StockManagement.Domain.Entities.DTOs.Auth
 {
     public class RequestSignUp
     {
+        [Required]
         public required string? Name { get; set; }
+        [Required]
+        [Email]
         public required string? Email { get; set; }
+        [Required]
+        [Length(8, 16)]
         public required string Password { get; set; }
+        [Required]
+        [Length(8, 16)]
         public required string ConfirmPassword { get; set; }
+        [Required]
         public required string Role { get; set; }
     }
 }
diff --git a/Exam.StockManagement.Domain/Entities/DTOs/ProductDTO.cs b/Exam.StockManagement.Domain/Entities/DTOs/ProductDTO.cs
@@ -1,11 +1,15 @@
 using Microsoft.AspNetCore.Http;
+using System.ComponentModel.DataAnnotations;
 
 namespace Exam.StockManagement.Domain.Entities.DTOs
 {
     public class ProductDTO
     {
+        [Required]
         public required string ProductName { get; set; }
+        [Required]
         public required int CategoryId { get; set; }
+        [Required]
         public required int ProductPrice { get; set; }
         public string? ProductDescription { get; set; }
         public required IFormFile ProductPicture { get; set; }

diff --git a/Exam.StockManagement.Domain/Entities/DTOs/UserDTO.cs b/Exam.StockManagement.Domain/Entities/DTOs/UserDTO.cs
@@ -1,13 +1,18 @@
-using DataAnnotationsExtensions;
+using System.ComponentModel.DataAnnotations;
 
 namespace Exam.StockManagement.Domain.Entities.DTOs
 {
     public class UserDTO
     {
+        //required'larga tekshirdim lekin package'dan qandaydir ogohlantirish bor
+
+        [Required]
         public string? Name { get; set; }
-        [Email]
+        [Required]
         public string? Email { get; set; }
+        [Required]
         public string Password { get; set; }
-        public string Role { get; set; }
+        [Required]
+        public string? Role { get; set; }
     }
 }
diff --git a/Exam.StockManagement.Domain/Entities/Models/Category.cs b/Exam.StockManagement.Domain/Entities/Models/Category.cs
@@ -1,8 +1,11 @@
+using System.ComponentModel.DataAnnotations;
+
 namespace Exam.StockManagement.Domain.Entities.Models
 {
     public class Category
     {
         public int CategoryId { get; set; }
+        [Required]
         public string CategoryName { get; set; }
     }
 }
diff --git a/Exam.StockManagement.Domain/Entities/Models/Product.cs b/Exam.StockManagement.Domain/Entities/Models/Product.cs
@@ -1,14 +1,18 @@
 using Exam.StockManagement.Domain.Entities.Common;
+using System.ComponentModel.DataAnnotations;
 
 namespace Exam.StockManagement.Domain.Entities.Models
 {
     public class Product : Auditable
     {
+        [Required]
         public string ProductName { get; set; }
+        [Required]
         public int CategoryId { get; set; }
+        [Required]
         public int ProductPrice { get; set; }
-        public string ProductDescription { get; set; }
-        public string ProductPicture { get; set; }
+        public string? ProductDescription { get; set; }
+        public string? ProductPicture { get; set; }
 
         public Category Category { get; set; }
     }

diff --git a/Exam.StockManagement.Domain/Entities/Models/User.cs b/Exam.StockManagement.Domain/Entities/Models/User.cs
@@ -13,7 +13,8 @@ public class User : Auditable
         public string? Email { get; set; }
         [Required]
         public string Password { get; set; }
-        public string? Code { get; set; }
+        public string? Salt { get; set; }
+        [Required]
         public string? Role { get; set; }
     }
 }