Added a way to login and register and a tools project

BrightGlimmer.Auth/BrightGlimmer.Auth.csproj

@@ -18,6 +18,7 @@
   <ItemGroup>
     <ProjectReference Include="..\BrightGlimmer.Data\BrightGlimmer.Data.csproj" />
     <ProjectReference Include="..\BrightGlimmer.Domain\BrightGlimmer.Domain.csproj" />
+    <ProjectReference Include="..\BrightGlimmer.Service\BrightGlimmer.Service.csproj" />
   </ItemGroup>
 
 </Project>

BrightGlimmer.Auth/Controllers/UserController.cs

@@ -5,35 +5,40 @@ using System.Linq;
 using System.Security.Claims;
 using System.Text;
 using System.Threading.Tasks;
+using BrightGlimmer.Auth.Request;
+using BrightGlimmer.Domain.Auth;
+using BrightGlimmer.Service.Interfaces;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.IdentityModel.Tokens;
 
 namespace BrightGlimmer.Auth.Controllers
 {
+    [Authorize]
     [Route("api/[controller]")]
     [ApiController]
     public class UserController : ControllerBase
     {
+        private readonly IUserService userService;
+
+        public UserController(IUserService userService)
+        {
+            this.userService = userService;
+        }
+
         [AllowAnonymous]
         [HttpGet]
         public ActionResult Login(string username, string password)
         {
-            /* TODO: Move token creation to service */
+            var token = userService.Login(username, password);
-            var tokenHandler = new JwtSecurityTokenHandler();
+            return new JsonResult(token);
-            var key = Encoding.UTF8.GetBytes(Startup.Configuration.GetSection("Keys")["JwtPrivateKey"]);
+        }
-            var tokenDescriptor = new SecurityTokenDescriptor
-            {
-                Subject = new ClaimsIdentity(new Claim[]
-                {
-                    new Claim(ClaimTypes.NameIdentifier, username)
-                }),
-                Expires = DateTime.UtcNow.AddDays(3),
-                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
-            };
-            var tokenSecurity = tokenHandler.CreateToken(tokenDescriptor);
-            var token = tokenHandler.WriteToken(tokenSecurity);
 
+        [AllowAnonymous]
+        [HttpPost]
+        public async Task<ActionResult> Register(RegisterUserRequest request)
+        {
+            var token = await userService.RegisterAsync(request.User, request.Password);
             return new JsonResult(token);
         }
     }

BrightGlimmer.Auth/Request/RegisterUserRequest.cs

@@ -0,0 +1,14 @@
+using BrightGlimmer.Domain.Auth;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BrightGlimmer.Auth.Request
+{
+    public class RegisterUserRequest
+    {
+        public User User { get; set; }
+        public string Password { get; set; }
+    }
+}

BrightGlimmer.Auth/Startup.cs

@@ -4,6 +4,8 @@ using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 using BrightGlimmer.Data;
+using BrightGlimmer.Service.Interfaces;
+using BrightGlimmer.Service.Services;
 using JsonNet.PrivateSettersContractResolvers;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
@@ -26,7 +28,7 @@ namespace BrightGlimmer.Auth
             Configuration = configuration;
         }
 
-        public static IConfiguration Configuration { get; private set; }
+        public IConfiguration Configuration { get; private set; }
 
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
@@ -63,6 +65,9 @@ namespace BrightGlimmer.Auth
             services.AddDbContext<AuthContext>(options => options.UseLazyLoadingProxies()
                                                                  .UseSqlite(Configuration.GetConnectionString("DefaultConnection")));
             services.AddTransient<AuthContext, AuthContext>();
+
+            /* Inject Services */
+            services.AddTransient<IUserService, UserService>();
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

BrightGlimmer.Data/BrightGlimmer.Data.csproj

@@ -13,6 +13,7 @@
 
   <ItemGroup>
     <ProjectReference Include="..\BrightGlimmer.Domain\BrightGlimmer.Domain.csproj" />
+    <ProjectReference Include="..\BrightGlimmer.Tools\BrightGlimmer.Tools.csproj" />
   </ItemGroup>
 
 </Project>

BrightGlimmer.Data/Services/UserService.cs

@@ -1,10 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Text;
-
-namespace BrightGlimmer.Data.Services
-{
-    public class UserService
-    {
-    }
-}

BrightGlimmer.Domain/Auth/User.cs

@@ -11,7 +11,10 @@ namespace BrightGlimmer.Domain.Auth
         public string FirstName { get; private set; }
         public string MiddleName { get; private set; }
         public string LastName { get; private set; }
-        public string PasswordHash { get; private set; }
+
+        /* TODO: Missing DOB */
+
+        public string PasswordHash { get; set; }
         public bool EmailConfirmed { get; private set; }
         public bool AccountLocked { get; private set; }
         public int RetryAttempts { get; private set; }

BrightGlimmer.Service/BrightGlimmer.Service.csproj

@@ -4,10 +4,6 @@
     <TargetFramework>netstandard2.0</TargetFramework>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Folder Include="Interfaces\" />
-  </ItemGroup>
-
   <ItemGroup>
     <PackageReference Include="MediatR" Version="6.0.0" />
   </ItemGroup>

BrightGlimmer.Service/Interfaces/IUserService.cs

@@ -0,0 +1,14 @@
+using BrightGlimmer.Domain.Auth;
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace BrightGlimmer.Service.Interfaces
+{
+    public interface IUserService
+    {
+        string Login(string username, string password);
+        Task<string> RegisterAsync(User user, string password);
+    }
+}

BrightGlimmer.Service/Services/UserService.cs

@@ -0,0 +1,55 @@
+using BrightGlimmer.Data;
+using BrightGlimmer.Domain.Auth;
+using BrightGlimmer.Service.Interfaces;
+using BrightGlimmer.Tools;
+using Microsoft.Extensions.Configuration;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BrightGlimmer.Service.Services
+{
+    public class UserService : IUserService
+    {
+        private readonly IConfiguration configuration;
+        private readonly AuthContext context;
+
+        public UserService(IConfiguration configuration, AuthContext context)
+        {
+            this.configuration = configuration;
+            this.context = context;
+        }
+
+        public string Login(string username, string password)
+        {
+            var user = context.Users.SingleOrDefault(x => x.Username == username);
+            var hasher = new PasswordHasher();
+
+            if (user == null || hasher.Verify(password, user.PasswordHash))
+            {
+                return CreateAuthToken(username, user.Email);
+            }
+
+            return null;
+        }
+
+        public async Task<string> RegisterAsync(User user, string password)
+        {
+            /* TODO: Perform validation on user */
+
+            var hasher = new PasswordHasher();
+            var hash = hasher.GetHash(password);
+            user.PasswordHash = hash;
+
+            context.Users.Add(user);
+            await context.SaveChangesAsync();
+
+            return CreateAuthToken(user.Username, user.Email);
+        }
+
+        private string CreateAuthToken(string username, string email)
+        {
+            var tokenCreator = new JwtTokenCreator(configuration.GetSection("Keys")["JwtPrivateKey"]);
+            return tokenCreator.CreateToken(username, email);
+        }
+    }
+}

BrightGlimmer.Tools/BrightGlimmer.Tools.csproj

@@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Reference Include="Microsoft.IdentityModel.Tokens">
+      <HintPath>..\..\..\..\..\..\Program Files\dotnet\sdk\NuGetFallbackFolder\microsoft.identitymodel.tokens\5.3.0\lib\netstandard2.0\Microsoft.IdentityModel.Tokens.dll</HintPath>
+    </Reference>
+    <Reference Include="System.IdentityModel.Tokens.Jwt">
+      <HintPath>..\..\..\..\..\..\Program Files\dotnet\sdk\NuGetFallbackFolder\system.identitymodel.tokens.jwt\5.3.0\lib\netstandard2.0\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    </Reference>
+  </ItemGroup>
+
+</Project>

BrightGlimmer.Tools/JwtTokenCreator.cs

@@ -0,0 +1,41 @@
+using Microsoft.IdentityModel.Tokens;
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Text;
+
+namespace BrightGlimmer.Tools
+{
+    /* TODO: WIP */
+    public class JwtTokenCreator
+    {
+        private readonly string privateKey;
+
+        public JwtTokenCreator(string privateKey)
+        {
+            this.privateKey = privateKey;
+        }
+
+        public string CreateToken(string username, string email)
+        {
+            var tokenHandler = new JwtSecurityTokenHandler();
+            var key = Encoding.UTF8.GetBytes(privateKey);
+
+            var tokenDescriptor = new SecurityTokenDescriptor
+            {
+                Subject = new ClaimsIdentity(new Claim[]
+                {
+                    new Claim(ClaimTypes.NameIdentifier, username),
+                    new Claim(ClaimTypes.Email, email)
+                }),
+                Expires = DateTime.UtcNow.AddDays(1),
+                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
+            };
+            var tokenSecurity = tokenHandler.CreateToken(tokenDescriptor);
+            var token = tokenHandler.WriteToken(tokenSecurity);
+
+            return token;
+        }
+    }
+}

BrightGlimmer.Tools/PasswordHasher.cs

@@ -0,0 +1,53 @@
+using System;
+using System.Security.Cryptography;
+
+namespace BrightGlimmer.Tools
+{
+    public class PasswordHasher
+    {
+        private readonly int SALT_LENGTH = 16;
+        private readonly int PASS_LENGTH = 20;
+        private readonly int ITERATIONS = 10000;
+
+        public bool Verify(string password, string hash)
+        {
+            var storedHash = Convert.FromBase64String(hash);
+
+            var salt = new byte[SALT_LENGTH];
+            Array.Copy(storedHash, 0, salt, 0, SALT_LENGTH);
+
+            var givenHash = GetHash(password, salt);
+
+            return hash == givenHash;
+        }
+
+        public string GetHash(string password, byte[] salt = null)
+        {
+            if (salt == null)
+            {
+                salt = CreateSalt();
+            }
+            var hash = CreateHash(password, salt);
+
+            var completeHash = new byte[SALT_LENGTH + PASS_LENGTH];
+            Array.Copy(salt, 0, completeHash, 0, SALT_LENGTH);
+            Array.Copy(hash, 0, completeHash, SALT_LENGTH, PASS_LENGTH);
+
+            return Convert.ToBase64String(completeHash);
+        }
+
+        private byte[] CreateHash(string password, byte[] salt)
+        {
+            var pbkdf2 = new Rfc2898DeriveBytes(password, salt, ITERATIONS);
+            return pbkdf2.GetBytes(PASS_LENGTH);
+        }
+
+        private byte[] CreateSalt()
+        {
+            var salt = new byte[SALT_LENGTH];
+            new RNGCryptoServiceProvider().GetBytes(salt);
+
+            return salt;
+        }
+    }
+}

BrightGlimmer.sln

@@ -13,7 +13,9 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BrightGlimmer.Service", "Br
 EndProject
 Project("{9092AA53-FB77-4645-B42D-1CCCA6BD08BD}") = "BrightGlimmer.Client", "BrightGlimmer.Client\BrightGlimmer.Client.njsproj", "{6971AB72-FBC2-4F3F-A59C-319E377A9A51}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "BrightGlimmer.Auth", "BrightGlimmer.Auth\BrightGlimmer.Auth.csproj", "{E3265892-2D6C-4D51-A7A4-DF845C17CF49}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BrightGlimmer.Auth", "BrightGlimmer.Auth\BrightGlimmer.Auth.csproj", "{E3265892-2D6C-4D51-A7A4-DF845C17CF49}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "BrightGlimmer.Tools", "BrightGlimmer.Tools\BrightGlimmer.Tools.csproj", "{FE3B361C-BC0D-4D48-A861-9B10908F5E37}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -45,6 +47,10 @@ Global
 		{E3265892-2D6C-4D51-A7A4-DF845C17CF49}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{E3265892-2D6C-4D51-A7A4-DF845C17CF49}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{E3265892-2D6C-4D51-A7A4-DF845C17CF49}.Release|Any CPU.Build.0 = Release|Any CPU
+		{FE3B361C-BC0D-4D48-A861-9B10908F5E37}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{FE3B361C-BC0D-4D48-A861-9B10908F5E37}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{FE3B361C-BC0D-4D48-A861-9B10908F5E37}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{FE3B361C-BC0D-4D48-A861-9B10908F5E37}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE