eegov/DepartmentProject
1
1
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity
2c64975fb1
DepartmentProject/DepartmentPortal/Common/DatabaseCore/SecurityManager.cs
kotcheshir73 e8836c8806 куча наработко по выводу элемента и списка 
правки по сущностям безоапсности
2021-04-01 21:30:29 +04:00

234 lines
7.0 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using DatabaseCore.Models.Security;
using ModuleTools.Enums;
using ModuleTools.Interfaces;
using ModuleTools.Models;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
namespace DatabaseCore
{
public class SecurityManager : ISecurityManager
{
private readonly int _countDayToBanned = 3;
private readonly int _countMaxAttempt = 3;
public Guid? User { get; set; }
public List<Guid> Roles { get; set; }
public string ErrorMessage { get; set; }
public bool IsAuth => User != null;
public bool CheckAccess(SecurityManagerCheckAccessModel model)
{
using var context = DatabaseManager.GetContext;
Access access = null;
if (model.Model != null)
{
// если не указан идентификатор пользователя, то смотрим, может он авторизован
if (!model.Model.UserIdForAccess.HasValue && User.HasValue)
{
model.Model.UserIdForAccess = User.Value;
}
var roles = context.UserRoles.Where(x => x.UserId == model.Model.UserIdForAccess && !x.IsDeleted).Select(x => x.Role).OrderByDescending(x => x.RolePriority).ToList();
if (roles == null)
{
ErrorMessage = $"Не верный пользователь";
return false;
}
access = context.Accesses.FirstOrDefault(a => a.AccessOperation == model.Operation && roles.Contains(a.Role));
}
else if (Roles != null)
{
access = context.Accesses.FirstOrDefault(a => a.AccessOperation == model.Operation && Roles.Contains(a.RoleId));
}
if (access != null)
{
if (access.AccessType >= model.Type) return true;
}
switch (model.Type)
{
case AccessType.View:
ErrorMessage = $"Нет доступа на чтение данных по сущности '{model.Entity}'";
return false;
case AccessType.Change:
ErrorMessage = $"Нет доступа на изменение данных по сущности '{model.Entity}'";
return false;
case AccessType.Delete:
ErrorMessage = $"Нет доступа на удаление данных по сущности '{model.Entity}'";
return false;
default:
ErrorMessage = $"Нет доступа по сущности '{model.Entity}'";
return false;
}
}
public void CheckStartDataSource()
{
using var context = DatabaseManager.GetContext;
using var transaction = context.Database.BeginTransaction();
var role = context.Roles.FirstOrDefault(x => x.RoleName == "Администратор");
if (role == null)
{
role = new Role
{
RoleName = "Администратор",
RolePriority = 100
};
context.Roles.Add(role);
context.SaveChanges();
}
var accesses = context.Accesses.Where(x => x.RoleId == role.Id);
foreach (AccessOperation operation in Enum.GetValues(typeof(AccessOperation)))
{
if (!accesses.Any(x => x.AccessOperation == operation && x.AccessType == AccessType.Delete))
{
context.Accesses.Add(new Access
{
AccessOperation = operation,
AccessType = AccessType.Delete,
RoleId = role.Id
});
}
}
context.SaveChanges();
var md5 = new MD5CryptoServiceProvider();
var user = context.Users.FirstOrDefault(x => x.UserName == "admin");
if (user == null)
{
user = new User
{
UserName = "admin",
PasswordHash = Encoding.ASCII.GetString(md5.ComputeHash(Encoding.ASCII.GetBytes("qwerty"))),
CountAttempt = 0
};
context.Users.Add(user);
context.SaveChanges();
}
var link = context.UserRoles.FirstOrDefault(x => x.RoleId == role.Id && x.UserId == user.Id);
if (link == null)
{
context.UserRoles.Add(new UserRole
{
RoleId = role.Id,
UserId = user.Id
});
context.SaveChanges();
}
List<string> enviromentKeys = new()
{
"Практика",
"Учебный год",
"Даты семестра",
"Дисциплины (модули)",
"Кафедра",
"ГИА"
};
foreach(var key in enviromentKeys)
{
var es = context.EnviromentSettings.FirstOrDefault(x => x.Key == key);
if(es == null)
{
context.EnviromentSettings.Add(new EnviromentSetting
{
Key = key,
Value = "Прописать значение!"
});
}
}
context.SaveChanges();
transaction.Commit();
}
public async Task LoginAsync(string login, string password)
{
var passwordHash = GetPasswordHash(password);
using var context = DatabaseManager.GetContext;
var user = context.Users.FirstOrDefault(x => x.UserName == login && x.PasswordHash == passwordHash && !x.IsDeleted);
await CheckUserAsync(login, user, context);
user.DateLastVisit = DateTime.Now;
user.CountAttempt = 0;
await context.SaveChangesAsync();
User = user.Id;
Roles = context.UserRoles.Where(x => x.UserId == user.Id && !x.IsDeleted).Select(x => x.RoleId).ToList();
}
public async Task LogoutAsync()
{
await Task.Run(() =>
{
User = null;
Roles = null;
});
}
public async Task ChangePassword(string login, string oldPassword, string newPassword)
{
using var context = DatabaseManager.GetContext;
var user = context.Users.FirstOrDefault(x => x.UserName == login && x.PasswordHash == GetPasswordHash(oldPassword) && !x.IsDeleted);
await CheckUserAsync(login, user, context);
user.PasswordHash = GetPasswordHash(newPassword);
await context.SaveChangesAsync();
}
/// <summary>
/// Получение хеша пароля
/// </summary>
/// <param name="password"></param>
/// <returns></returns>
private static string GetPasswordHash(string password) => Encoding.ASCII.GetString((new MD5CryptoServiceProvider()).ComputeHash(Encoding.ASCII.GetBytes(password)));
/// <summary>
/// Проверка пользователя при авторизации и при смене пароля
/// </summary>
/// <param name="login"></param>
/// <param name="user"></param>
/// <param name="context"></param>
/// <returns></returns>
private async Task CheckUserAsync(string login, User user, DatabaseContext context)
{
if (user == null)
{
user = context.Users.FirstOrDefault(x => x.UserName == login && !x.IsDeleted);
if (user != null)
{
user.CountAttempt++;
if (user.CountAttempt > _countMaxAttempt)
{
user.IsBanned = true;
user.DateBanned = DateTime.Now;
await context.SaveChangesAsync();
throw new Exception($"Введен неверный логин/пароль? учетная запись заблоикрована на {_countDayToBanned} дней(я)");
}
}
throw new Exception("Введен неверный логин/пароль");
}
if (user.IsBanned)
{
if (user.DateBanned.Value.AddDays(_countDayToBanned) > DateTime.Now)
{
user.IsBanned = false;
await context.SaveChangesAsync();
}
else
{
throw new Exception("Пользователь заблокирован");
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink