From 6bd51c93691cef4d27db2fa765ec892e153b01c4 Mon Sep 17 00:00:00 2001
From: Tino Hager <tino.hager@nager.at>
Date: Tue, 14 Nov 2023 10:45:08 +0100
Subject: [PATCH] optimize code

---
 .../Services/IUserAuthenticationService.cs    |  2 +-
 .../Controllers/AuthenticationController.cs   |  4 +++-
 .../Services/UserAuthenticationService.cs     | 24 +++++++++++++++----
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/Nager.Authentication.Abstraction/Services/IUserAuthenticationService.cs b/src/Nager.Authentication.Abstraction/Services/IUserAuthenticationService.cs
index 4bc4250..f27124d 100644
--- a/src/Nager.Authentication.Abstraction/Services/IUserAuthenticationService.cs
+++ b/src/Nager.Authentication.Abstraction/Services/IUserAuthenticationService.cs
@@ -10,7 +10,7 @@ Task<AuthenticationStatus> ValidateCredentialsAsync(
             AuthenticationRequest authenticationRequest,
             CancellationToken cancellationToken = default);
 
-        Task<UserInfo> GetUserInfoAsync(
+        Task<UserInfo?> GetUserInfoAsync(
             string emailAddress,
             CancellationToken cancellationToken = default);
     }
diff --git a/src/Nager.Authentication.AspNet/Controllers/AuthenticationController.cs b/src/Nager.Authentication.AspNet/Controllers/AuthenticationController.cs
index 8abf76b..5f543d4 100644
--- a/src/Nager.Authentication.AspNet/Controllers/AuthenticationController.cs
+++ b/src/Nager.Authentication.AspNet/Controllers/AuthenticationController.cs
@@ -54,6 +54,7 @@ private async Task<JwtSecurityToken> CreateTokenAsync(
             var issuer = this._configuration["Authentication:Tokens:Issuer"];
             var audience = this._configuration["Authentication:Tokens:Audience"];
             var signingKey = this._configuration["Authentication:Tokens:SigningKey"];
+
             //TODO: load from config
             var expiresAt = DateTime.UtcNow.AddDays(7);
 
@@ -149,7 +150,8 @@ public async Task<ActionResult<AuthenticationResponseDto>> AuthenticateAsync(
                     try
                     {
                         var jwtSecurityToken = await this.CreateTokenAsync(request);
-                        var token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
+                        var tokenHandler = new JwtSecurityTokenHandler();
+                        var token = tokenHandler.WriteToken(jwtSecurityToken);
 
                         return StatusCode(StatusCodes.Status200OK, new AuthenticationResponseDto
                         {
diff --git a/src/Nager.Authentication/Services/UserAuthenticationService.cs b/src/Nager.Authentication/Services/UserAuthenticationService.cs
index 6211835..351dea3 100644
--- a/src/Nager.Authentication/Services/UserAuthenticationService.cs
+++ b/src/Nager.Authentication/Services/UserAuthenticationService.cs
@@ -86,7 +86,7 @@ private async Task<bool> IsIpAddressBlockedAsync(string ipAddress)
 
             if (authenticationInfo == null)
             {
-                throw new ArgumentNullException(nameof(authenticationInfo));
+                throw new NullReferenceException(nameof(authenticationInfo));
             }
 
             if (authenticationInfo.InvalidCount < this._maxInvalidLoginsBeforeDelay)
@@ -115,7 +115,7 @@ public async Task<AuthenticationStatus> ValidateCredentialsAsync(
 
             if (string.IsNullOrEmpty(authenticationRequest.IpAddress))
             {
-                throw new ArgumentNullException(nameof(authenticationRequest.IpAddress));
+                throw new NullReferenceException(nameof(authenticationRequest.IpAddress));
             }
 
             if (await this.IsIpAddressBlockedAsync(authenticationRequest.IpAddress))
@@ -123,6 +123,10 @@ public async Task<AuthenticationStatus> ValidateCredentialsAsync(
                 return AuthenticationStatus.TemporaryBlocked;
             }
 
+            //TODO: Protect users when trying to flood the same user
+            //      with requests from different IP addresses in a short period of time
+            //      add cache item with username
+
             var userEntity = await this._userRepository.GetAsync(o => o.EmailAddress == authenticationRequest.EmailAddress, cancellationToken);
             if (userEntity == null)
             {
@@ -130,10 +134,16 @@ public async Task<AuthenticationStatus> ValidateCredentialsAsync(
                 return AuthenticationStatus.Invalid;
             }
 
-            var passwordHash = PasswordHelper.HashPasword(authenticationRequest.Password, userEntity.PasswordSalt);
+            if (userEntity.PasswordHash == null)
+            {
+                throw new NullReferenceException(nameof(userEntity.PasswordHash));
+            }
 
+            var passwordHash = PasswordHelper.HashPasword(authenticationRequest.Password, userEntity.PasswordSalt);
             if (userEntity.PasswordHash.SequenceEqual(passwordHash))
             {
+                //Set Last Login Time
+
                 this.SetValidLogin(authenticationRequest.IpAddress);
                 return AuthenticationStatus.Valid;
             }
@@ -142,11 +152,17 @@ public async Task<AuthenticationStatus> ValidateCredentialsAsync(
             return AuthenticationStatus.Invalid;
         }
 
-        public async Task<UserInfo> GetUserInfoAsync(
+        public async Task<UserInfo?> GetUserInfoAsync(
             string emailAddress,
             CancellationToken cancellationToken = default)
         {
             var userEntity = await this._userRepository.GetAsync(o => o.EmailAddress == emailAddress);
+
+            if (userEntity == null)
+            {
+                return null;
+            }
+
             return new UserInfo
             {
                 Id = userEntity.Id,