DD.WellWorkover.Cloud/AsbCloudInfrastructure/Services/AuthService.cs

using AsbCloudApp.Data;
using AsbCloudApp.Services;
using AsbCloudDb.Model;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;
using System.Threading;
using System.Threading.Tasks;

namespace AsbCloudInfrastructure.Services
{
    public class AuthService : IAuthService
    {
        private readonly IAsbCloudDbContext db;

        public const string issuer = "a";
        public const string audience = "a";
        public static readonly SymmetricSecurityKey securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("супер секретный ключ для шифрования"));
        public const string algorithms = SecurityAlgorithms.HmacSha256;

        private static readonly TimeSpan expiresTimespan = TimeSpan.FromDays(365.25);
        private static readonly Encoding encoding = Encoding.UTF8;
        private const int PasswordSaltLength = 5;
        private const string claimIdUser = "id";
        private const string claimNameidCompany = "idCompany";
        private readonly HashAlgorithm hashAlgoritm;
        private readonly Random rnd;

        public AuthService(IAsbCloudDbContext db)
        {
            this.db = db;
            hashAlgoritm = SHA384.Create();
            rnd = new Random((int)(DateTime.Now.Ticks % 2147480161));
        }

        public async Task<UserTokenDto> LoginAsync(string login, string password,
            CancellationToken token = default)
        {
            var identity = await GetClaimsUserAsync(login, password, token)
                .ConfigureAwait(false);

            if (identity == default || identity.User.State == 0)
                return null;

            return new UserTokenDto
            {
                Id = identity.User.Id,
                Name = identity.User.Name,
                CompanyName = identity.User.Company.Caption,
                Level = identity.User.Level,
                Login = identity.User.Login,
                Patronymic = identity.User.Patronymic,
                RoleName = identity.User.Role.Caption,
                Surname = identity.User.Surname,
                Token = MakeToken(identity.Identity.Claims),
            };
        }

        public string Refresh(ClaimsPrincipal user)
        {
            return MakeToken(user.Claims);
        }

        public int Register(UserDto userDto)
        {
            if (userDto.Login is null || userDto.Login.Length is < 3 or > 50)
                return -1;

            if (userDto.Password is null || userDto.Password.Length is < 3 or > 50)
                return -2;
            
            if (userDto.Email?.Length > 255)
                return -3;
            
            if (userDto.Phone?.Length > 50)
                return -4;
            
            if (userDto.Position?.Length > 255)
                return -5;

            var salt = GenerateSalt();

            var user = new User
            {
                IdCompany = userDto.IdCompany,
                IdRole = 2, // simple user
                State = 0,
                Name = userDto.Name,
                Surname = userDto.Surname,
                Patronymic = userDto.Patronymic,
                Email = userDto.Email,
                Phone = userDto.Phone,
                Position = userDto.Position,
                Level = userDto.Level,
                Login = userDto.Login,
                PasswordHash = salt + ComputeHash(salt, userDto.Password),
            };

            db.Users.Add(user);
            try
            {
                db.SaveChanges();
            }
            catch //(Exception ex)
            {
                return -6;
            }

            return 0;
        }

        public int ChangePassword(string userLogin, string newPassword)
        {
            var user = db.Users.AsNoTracking().FirstOrDefault(u => u.Login == userLogin);
            if (user == null)
                return -1;

            var salt = GenerateSalt();
            user.PasswordHash = salt + ComputeHash(salt, newPassword);
            db.SaveChanges();
            return 0;
        }

        public int ChangePassword(int idUser, string newPassword)
        {
            var user = db.Users.FirstOrDefault(u => u.Id == idUser);
            if (user == null)
                return -1;

            var salt = GenerateSalt();
            user.PasswordHash = salt + ComputeHash(salt, newPassword);
            db.SaveChanges();
            return 0;
        }

        private static string MakeToken(IEnumerable<Claim> claims)
        {
            var now = DateTime.Now;

            var jwt = new JwtSecurityToken(
                    issuer: issuer,
                    audience: audience,
                    notBefore: now,
                    claims: claims,
                    expires: now.Add(expiresTimespan),
                    signingCredentials: new SigningCredentials(securityKey, algorithms));

            return new JwtSecurityTokenHandler().WriteToken(jwt);
        }

        private async Task<(ClaimsIdentity Identity, User User)> GetClaimsUserAsync(string login,
            string password, CancellationToken token = default)
        {
            var user = await db
                .GetUsersByLogin(login)
                .AsNoTracking()
                .FirstOrDefaultAsync(token)
                .ConfigureAwait(false);

            if (user is null)
                return default;

            if (!CheckPassword(user.PasswordHash, password))
                return default;

            var claims = new List<Claim>
                {
                    new Claim(claimIdUser, user.Id.ToString()),
                    new Claim(ClaimsIdentity.DefaultNameClaimType, user.Login),
                    new Claim(ClaimsIdentity.DefaultRoleClaimType, user.Role?.Caption??"GUEST"),
                    new Claim(claimNameidCompany, user.IdCompany.ToString()),
                };
            var claimsIdentity = new ClaimsIdentity(claims, "Token", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
            return (claimsIdentity, user);
        }

        private bool CheckPassword(string passwordHash, string password)
        {
            if (passwordHash.Length == 0 && password.Length == 0)
                return true;

            if (passwordHash.Length < PasswordSaltLength)
                return false;

            var salt = passwordHash[0..PasswordSaltLength];
            var hashDb = passwordHash[PasswordSaltLength..];

            return hashDb == ComputeHash(salt, password);
        }

        private string ComputeHash(string salt, string password)
        {
            var hashBytes = hashAlgoritm.ComputeHash(encoding.GetBytes(salt + password));
            var hashString = BitConverter.ToString(hashBytes)
                    .Replace("-", "")
                    .ToLower();
            return hashString;
        }

        public string GenerateSalt()
        {
            const string saltChars = "sHwiaX7kZT1QRp0cPILGUuK2Sz=9q8lmejDNfoYCE3B_WtgyVv6M5OxAJ4Frbhnd";
            string salt = "";
            for (int i = 0; i < PasswordSaltLength - 1; i++)
                salt += saltChars[rnd.Next(0, saltChars.Length)];
            salt += "|";
            return salt;
        }
    }
}