| | | 1 | | using Elsa.Extensions; |
| | | 2 | | using Elsa.Identity.Contracts; |
| | | 3 | | using Elsa.Identity.Entities; |
| | | 4 | | using Microsoft.Extensions.Logging; |
| | | 5 | | using Microsoft.Extensions.Logging.Abstractions; |
| | | 6 | | |
| | | 7 | | namespace Elsa.Identity.Services; |
| | | 8 | | |
| | | 9 | | /// <summary> |
| | | 10 | | /// Validates user credentials |
| | | 11 | | /// </summary> |
| | | 12 | | public class DefaultUserCredentialsValidator : IUserCredentialsValidator |
| | | 13 | | { |
| | | 14 | | private readonly IUserProvider _userProvider; |
| | | 15 | | private readonly IUserStore? _userStore; |
| | | 16 | | private readonly ISecretHasher _secretHasher; |
| | | 17 | | private readonly ILogger<DefaultUserCredentialsValidator> _logger; |
| | | 18 | | |
| | | 19 | | /// <summary> |
| | | 20 | | /// Initializes a new instance of the <see cref="DefaultUserCredentialsValidator"/> class. |
| | | 21 | | /// </summary> |
| | 5 | 22 | | public DefaultUserCredentialsValidator(IUserProvider userProvider, ISecretHasher secretHasher) : this(userProvider, |
| | | 23 | | { |
| | 5 | 24 | | } |
| | | 25 | | |
| | | 26 | | /// <summary> |
| | | 27 | | /// Initializes a new instance of the <see cref="DefaultUserCredentialsValidator"/> class. |
| | | 28 | | /// </summary> |
| | 2 | 29 | | public DefaultUserCredentialsValidator(IUserProvider userProvider, IUserStore userStore, ISecretHasher secretHasher) |
| | | 30 | | { |
| | 2 | 31 | | } |
| | | 32 | | |
| | | 33 | | /// <summary> |
| | | 34 | | /// Initializes a new instance of the <see cref="DefaultUserCredentialsValidator"/> class. |
| | | 35 | | /// </summary> |
| | 10 | 36 | | public DefaultUserCredentialsValidator(IUserProvider userProvider, IUserStore? userStore, ISecretHasher secretHasher |
| | | 37 | | { |
| | 10 | 38 | | _userProvider = userProvider; |
| | 10 | 39 | | _userStore = userStore; |
| | 10 | 40 | | _secretHasher = secretHasher; |
| | 10 | 41 | | _logger = logger ?? NullLogger<DefaultUserCredentialsValidator>.Instance; |
| | 10 | 42 | | } |
| | | 43 | | |
| | | 44 | | /// <inheritdoc /> |
| | | 45 | | public async ValueTask<User?> ValidateAsync(string username, string password, CancellationToken cancellationToken = |
| | | 46 | | { |
| | 7 | 47 | | var user = await _userProvider.FindByNameAsync(username, cancellationToken); |
| | | 48 | | |
| | 7 | 49 | | if (user == null) |
| | 3 | 50 | | return null; |
| | | 51 | | |
| | 4 | 52 | | var isValidPassword = _secretHasher.VerifySecret(password, user.HashedPassword, user.HashedPasswordSalt, out var |
| | | 53 | | |
| | 4 | 54 | | if (!isValidPassword) |
| | 0 | 55 | | return null; |
| | | 56 | | |
| | 4 | 57 | | if (needsRehash && _userStore != null) |
| | | 58 | | { |
| | 2 | 59 | | var previousHashedPassword = user.HashedPassword; |
| | 2 | 60 | | var previousHashedPasswordSalt = user.HashedPasswordSalt; |
| | 2 | 61 | | var hashedPassword = _secretHasher.HashSecret(password); |
| | 2 | 62 | | user.HashedPassword = hashedPassword.EncodeSecret(); |
| | 2 | 63 | | user.HashedPasswordSalt = hashedPassword.EncodeSalt(); |
| | | 64 | | try |
| | | 65 | | { |
| | 2 | 66 | | await _userStore.SaveAsync(user, cancellationToken); |
| | 1 | 67 | | } |
| | 0 | 68 | | catch (OperationCanceledException) |
| | | 69 | | { |
| | 0 | 70 | | user.HashedPassword = previousHashedPassword; |
| | 0 | 71 | | user.HashedPasswordSalt = previousHashedPasswordSalt; |
| | 0 | 72 | | throw; |
| | | 73 | | } |
| | 1 | 74 | | catch (Exception e) |
| | | 75 | | { |
| | 1 | 76 | | user.HashedPassword = previousHashedPassword; |
| | 1 | 77 | | user.HashedPasswordSalt = previousHashedPasswordSalt; |
| | 1 | 78 | | _logger.LogWarning(e, "Failed to save upgraded password hash for user {UserId}.", user.Id); |
| | 1 | 79 | | } |
| | 2 | 80 | | } |
| | | 81 | | |
| | 4 | 82 | | return user; |
| | 7 | 83 | | } |
| | | 84 | | } |