optimize code

nager · Nov 14, 2023 · 6bd51c9 · 6bd51c9
1 parent 1c07804
commit 6bd51c9
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/src/Nager.Authentication.Abstraction/Services/IUserAuthenticationService.cs b/src/Nager.Authentication.Abstraction/Services/IUserAuthenticationService.cs
@@ -10,7 +10,7 @@ Task<AuthenticationStatus> ValidateCredentialsAsync(
             AuthenticationRequest authenticationRequest,
             CancellationToken cancellationToken = default);
 
-        Task<UserInfo> GetUserInfoAsync(
+        Task<UserInfo?> GetUserInfoAsync(
             string emailAddress,
             CancellationToken cancellationToken = default);
     }

diff --git a/src/Nager.Authentication.AspNet/Controllers/AuthenticationController.cs b/src/Nager.Authentication.AspNet/Controllers/AuthenticationController.cs
@@ -54,6 +54,7 @@ private async Task<JwtSecurityToken> CreateTokenAsync(
             var issuer = this._configuration["Authentication:Tokens:Issuer"];
             var audience = this._configuration["Authentication:Tokens:Audience"];
             var signingKey = this._configuration["Authentication:Tokens:SigningKey"];
+
             //TODO: load from config
             var expiresAt = DateTime.UtcNow.AddDays(7);
 
@@ -149,7 +150,8 @@ public async Task<ActionResult<AuthenticationResponseDto>> AuthenticateAsync(
                     try
                     {
                         var jwtSecurityToken = await this.CreateTokenAsync(request);
-                        var token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
+                        var tokenHandler = new JwtSecurityTokenHandler();
+                        var token = tokenHandler.WriteToken(jwtSecurityToken);
 
                         return StatusCode(StatusCodes.Status200OK, new AuthenticationResponseDto
                         {

diff --git a/src/Nager.Authentication/Services/UserAuthenticationService.cs b/src/Nager.Authentication/Services/UserAuthenticationService.cs
@@ -86,7 +86,7 @@ private async Task<bool> IsIpAddressBlockedAsync(string ipAddress)
 
             if (authenticationInfo == null)
             {
-                throw new ArgumentNullException(nameof(authenticationInfo));
+                throw new NullReferenceException(nameof(authenticationInfo));
             }
 
             if (authenticationInfo.InvalidCount < this._maxInvalidLoginsBeforeDelay)
@@ -115,25 +115,35 @@ public async Task<AuthenticationStatus> ValidateCredentialsAsync(
 
             if (string.IsNullOrEmpty(authenticationRequest.IpAddress))
             {
-                throw new ArgumentNullException(nameof(authenticationRequest.IpAddress));
+                throw new NullReferenceException(nameof(authenticationRequest.IpAddress));
             }
 
             if (await this.IsIpAddressBlockedAsync(authenticationRequest.IpAddress))
             {
                 return AuthenticationStatus.TemporaryBlocked;
             }
 
+            //TODO: Protect users when trying to flood the same user
+            //      with requests from different IP addresses in a short period of time
+            //      add cache item with username
+
             var userEntity = await this._userRepository.GetAsync(o => o.EmailAddress == authenticationRequest.EmailAddress, cancellationToken);
             if (userEntity == null)
             {
                 this.SetInvalidLogin(authenticationRequest.IpAddress);
                 return AuthenticationStatus.Invalid;
             }
 
-            var passwordHash = PasswordHelper.HashPasword(authenticationRequest.Password, userEntity.PasswordSalt);
+            if (userEntity.PasswordHash == null)
+            {
+                throw new NullReferenceException(nameof(userEntity.PasswordHash));
+            }
 
+            var passwordHash = PasswordHelper.HashPasword(authenticationRequest.Password, userEntity.PasswordSalt);
             if (userEntity.PasswordHash.SequenceEqual(passwordHash))
             {
+                //Set Last Login Time
+
                 this.SetValidLogin(authenticationRequest.IpAddress);
                 return AuthenticationStatus.Valid;
             }
@@ -142,11 +152,17 @@ public async Task<AuthenticationStatus> ValidateCredentialsAsync(
             return AuthenticationStatus.Invalid;
         }
 
-        public async Task<UserInfo> GetUserInfoAsync(
+        public async Task<UserInfo?> GetUserInfoAsync(
             string emailAddress,
             CancellationToken cancellationToken = default)
         {
             var userEntity = await this._userRepository.GetAsync(o => o.EmailAddress == emailAddress);
+
+            if (userEntity == null)
+            {
+                return null;
+            }
+
             return new UserInfo
             {
                 Id = userEntity.Id,