148 lines
No EOL
5 KiB
C#
148 lines
No EOL
5 KiB
C#
using Couchbase.Lite;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.Extensions.Options;
|
|
using WorkTracker.Configuration;
|
|
using WorkTracker.Services.Storage;
|
|
|
|
namespace WorkTracker.Services.Auth;
|
|
|
|
public sealed class CouchbaseLiteAuthService : IAuthService
|
|
{
|
|
private readonly Collection users;
|
|
private readonly PasswordHasher<AuthUser> passwordHasher = new();
|
|
private readonly IOptions<SingleUserOptions> options;
|
|
private readonly ILogger<CouchbaseLiteAuthService> logger;
|
|
|
|
public CouchbaseLiteAuthService(
|
|
CouchbaseLiteDatabaseProvider databaseProvider,
|
|
IOptions<SingleUserOptions> options,
|
|
ILogger<CouchbaseLiteAuthService> logger)
|
|
{
|
|
users = databaseProvider.Users;
|
|
this.options = options;
|
|
this.logger = logger;
|
|
}
|
|
|
|
public Task EnsureSeedUserAsync(CancellationToken cancellationToken)
|
|
{
|
|
cancellationToken.ThrowIfCancellationRequested();
|
|
|
|
var username = options.Value.Username.Trim();
|
|
var normalizedUsername = NormalizeUsername(username);
|
|
|
|
if (users.GetDocument(normalizedUsername) is not null)
|
|
{
|
|
return Task.CompletedTask;
|
|
}
|
|
|
|
var user = new AuthUser
|
|
{
|
|
Id = normalizedUsername,
|
|
Username = username,
|
|
UsernameNormalized = normalizedUsername,
|
|
PasswordHash = string.Empty,
|
|
MustChangePassword = true
|
|
};
|
|
|
|
var passwordHash = passwordHasher.HashPassword(user, options.Value.Password);
|
|
var userToCreate = new AuthUser
|
|
{
|
|
Id = normalizedUsername,
|
|
Username = username,
|
|
UsernameNormalized = normalizedUsername,
|
|
PasswordHash = passwordHash
|
|
};
|
|
|
|
// Ensure the seeded user requires a password change on first login
|
|
var seeded = new AuthUser
|
|
{
|
|
Id = userToCreate.Id,
|
|
Username = userToCreate.Username,
|
|
UsernameNormalized = userToCreate.UsernameNormalized,
|
|
PasswordHash = userToCreate.PasswordHash,
|
|
MustChangePassword = true
|
|
};
|
|
|
|
SaveUser(seeded);
|
|
logger.LogInformation("Seeded single user account {Username} in Couchbase Lite", username);
|
|
return Task.CompletedTask;
|
|
}
|
|
|
|
public Task<AuthUser?> ValidateCredentialsAsync(string username, string password, CancellationToken cancellationToken)
|
|
{
|
|
cancellationToken.ThrowIfCancellationRequested();
|
|
|
|
var normalizedUsername = NormalizeUsername(username);
|
|
var user = GetUser(normalizedUsername);
|
|
if (user is null)
|
|
{
|
|
logger.LogWarning("Authentication failed: user {Username} not found", username);
|
|
return Task.FromResult<AuthUser?>(null);
|
|
}
|
|
|
|
var result = passwordHasher.VerifyHashedPassword(user, user.PasswordHash, password);
|
|
if (result == PasswordVerificationResult.Failed)
|
|
{
|
|
logger.LogWarning("Authentication failed: invalid password for user {Username}", username);
|
|
}
|
|
|
|
return Task.FromResult(result == PasswordVerificationResult.Failed ? null : user);
|
|
}
|
|
|
|
private AuthUser? GetUser(string normalizedUsername)
|
|
{
|
|
var document = users.GetDocument(normalizedUsername);
|
|
if (document is null)
|
|
{
|
|
return null;
|
|
}
|
|
|
|
return new AuthUser
|
|
{
|
|
Id = document.Id,
|
|
Username = document.GetString("username") ?? document.GetString("email") ?? string.Empty,
|
|
UsernameNormalized = document.GetString("usernameNormalized") ?? document.GetString("emailNormalized") ?? string.Empty,
|
|
PasswordHash = document.GetString("passwordHash") ?? string.Empty,
|
|
MustChangePassword = document.GetBoolean("mustChangePassword")
|
|
};
|
|
}
|
|
|
|
private void SaveUser(AuthUser user)
|
|
{
|
|
var document = new MutableDocument(user.Id);
|
|
document.SetString("username", user.Username);
|
|
document.SetString("usernameNormalized", user.UsernameNormalized);
|
|
document.SetString("passwordHash", user.PasswordHash);
|
|
document.SetBoolean("mustChangePassword", user.MustChangePassword);
|
|
|
|
users.Save(document);
|
|
}
|
|
|
|
public Task<bool> ChangePasswordAsync(string userId, string newPassword, CancellationToken cancellationToken)
|
|
{
|
|
cancellationToken.ThrowIfCancellationRequested();
|
|
|
|
var document = users.GetDocument(userId);
|
|
if (document is null)
|
|
{
|
|
return Task.FromResult(false);
|
|
}
|
|
|
|
var user = GetUser(userId);
|
|
if (user is null)
|
|
{
|
|
return Task.FromResult(false);
|
|
}
|
|
|
|
var newHash = passwordHasher.HashPassword(user, newPassword);
|
|
|
|
var mutable = document.ToMutable();
|
|
mutable.SetString("passwordHash", newHash);
|
|
mutable.SetBoolean("mustChangePassword", false);
|
|
users.Save(mutable);
|
|
|
|
return Task.FromResult(true);
|
|
}
|
|
|
|
private static string NormalizeUsername(string username) => username.Trim().ToUpperInvariant();
|
|
} |