public IHttpActionResult ChangePassword(AccountPasswordChangeDTO accountPasswordChangeDTO)
{
// Credentials is already read and deserialized into a DTO. Validate it.
Validate(accountPasswordChangeDTO);
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// Proccess any other information.
if (!_accountLogic.Exists(accountPasswordChangeDTO.Username))
{
return(Unauthorized());
}
if (!_saltLogic.Exists(accountPasswordChangeDTO.Username))
{
return(Unauthorized());
}
Salt salt;
try
{
salt = _saltLogic.GetSalt(accountPasswordChangeDTO.Username);
}
catch (Exception)
{
return(Unauthorized());
}
// Check app DB for user.
Account account;
try
{
account = _accountLogic.GetSingle(accountPasswordChangeDTO.Username);
}
catch (Exception)
{
return(Unauthorized());
}
if (account.Password == HashService.Instance.HashPasswordWithSalt(salt.PasswordSalt, accountPasswordChangeDTO.Password, true))
{
_accountControllerLogic.ChangePassword(account, salt, accountPasswordChangeDTO.NewPassword);
}
else
{
return(Unauthorized());
}
return(Ok("Password changed."));
}
/// <summary>
/// Business logic for registering accounts from Single Sign On.
/// </summary>
/// <param name="registrationDto"></param>
/// <returns></returns>
public HttpResponseMessage RegisterPartialAccount(SsoRegistrationRequestDTO registrationDto)
{
// Validation Step
if (_partialAccountLogic.Exists(registrationDto.Username) ||
_accountLogic.Exists(registrationDto.Username))
{
return(new HttpResponseMessage(HttpStatusCode.Conflict));
}
// Add new PartialAccount to the database
var partialAccount = new PartialAccount()
{
UserName = registrationDto.Username,
Password = registrationDto.HashedPassword,
AccountType = registrationDto.RoleType
};
// Add new attached Salt to the database connected with PartialAccount.
var salt = new PartialAccountSalt()
{
PasswordSalt = registrationDto.PasswordSalt,
UserName = registrationDto.Username,
PartialAccount = partialAccount
};
_partialAccountSaltLogic.Create(salt);
return(new HttpResponseMessage(HttpStatusCode.OK));
}
public IHttpActionResult SingleScholarAccountInformation(UsernameDTO usernameDTO)
{
Account requestedAccount;
// Verifying the requested account exists
if (_accountLogic.Exists(usernameDTO.username))
{
requestedAccount = _accountLogic.GetByUsername(usernameDTO.username);
}
// The requested account does not exist.
else
{
return(BadRequest("The requested account with the given username does not exist!"));
}
return(Json(new { requestedAccount.AccountStatus }));
}
/// <summary>
/// Logic takes username from controller and returns the set of security questions
/// that were set during registration
/// Security questions are assoicated with username parameter
/// </summary>
/// <param name="username"></param>
/// <returns></returns>
public HttpResponseMessage UsernameSubmission(string username)
{
// Check if username doesn't exist
if (!_accountLogic.Exists(username))
{
return(new HttpResponseMessage
{
ReasonPhrase = "No Username Found",
StatusCode = HttpStatusCode.Conflict
});
}
// Retrieve security questions from user's account by username
var securityQuestionsAccounts = _securityQuestionsAccountLogic.GetAllByUsername(username);
// Create a list that only contains needed information: Security Question and ID
List <object> objects = new List <object>();
object temp;
foreach (var account in securityQuestionsAccounts)
{
temp = new
{
account.SecurityQuestion.SecurityQuestionID,
account.SecurityQuestion.SecQuestion
};
objects.Add(temp);
}
// Serialize list as string
var jsonContent = JsonConvert.SerializeObject(objects, Formatting.Indented,
new JsonSerializerSettings
{
ReferenceLoopHandling = ReferenceLoopHandling.Ignore
});
var stringContent = new StringContent(jsonContent);
// Return successful message
return(new HttpResponseMessage
{
Content = stringContent,
StatusCode = HttpStatusCode.OK
});
}
/// <summary>
/// Logic that takes form properties and inserts to context
/// </summary>
/// <param name="registrationForm"></param>
/// <returns></returns>
public HttpResponseMessage Registration(RegistrationDTO registrationForm)
{
// Check if user already exists
if (_accountLogic.Exists(registrationForm.Username))
{
return(new HttpResponseMessage
{
ReasonPhrase = "Username Exists",
StatusCode = HttpStatusCode.Conflict
});
}
// Create salts and hash password and answers to security questions
var pSalt = HashService.Instance.CreateSaltKey();
var aSalt1 = HashService.Instance.CreateSaltKey();
var aSalt2 = HashService.Instance.CreateSaltKey();
var aSalt3 = HashService.Instance.CreateSaltKey();
var hashedPassword = HashService.Instance.HashPasswordWithSalt(pSalt, registrationForm.Password, true);
var hashedAnswer1 = HashService.Instance.HashPasswordWithSalt(aSalt1, registrationForm.SecurityQuestions[0].Answer, true);
var hashedAnswer2 = HashService.Instance.HashPasswordWithSalt(aSalt2, registrationForm.SecurityQuestions[1].Answer, true);
var hashedAnswer3 = HashService.Instance.HashPasswordWithSalt(aSalt3, registrationForm.SecurityQuestions[2].Answer, true);
// Collections representing child models of Account
List <SaltSecurityAnswer> saltSecurityAnswers = new List <SaltSecurityAnswer>
{
new SaltSecurityAnswer
{
SaltValue = aSalt1,
UserName = registrationForm.Username,
SecurityQuestionID = registrationForm.SecurityQuestions[0].Question
},
new SaltSecurityAnswer
{
SaltValue = aSalt2,
UserName = registrationForm.Username,
SecurityQuestionID = registrationForm.SecurityQuestions[1].Question
},
new SaltSecurityAnswer
{
SaltValue = aSalt3,
UserName = registrationForm.Username,
SecurityQuestionID = registrationForm.SecurityQuestions[2].Question
},
};
List <SecurityQuestionAccount> securityAnswers = new List <SecurityQuestionAccount>
{
new SecurityQuestionAccount
{
Answer = hashedAnswer1,
SecurityQuestionID = registrationForm.SecurityQuestions[0].Question,
Username = registrationForm.Username
},
new SecurityQuestionAccount
{
Answer = hashedAnswer2,
SecurityQuestionID = registrationForm.SecurityQuestions[1].Question,
Username = registrationForm.Username
},
new SecurityQuestionAccount
{
Answer = hashedAnswer3,
SecurityQuestionID = registrationForm.SecurityQuestions[2].Question,
Username = registrationForm.Username
}
};
List <AccountType> accountTypes = new List <AccountType>
{
new AccountType()
{
PermissionName = ClaimValues.Scholar,
Username = registrationForm.Username
},
new AccountType()
{
PermissionName = ClaimValues.CanEditInformation,
Username = registrationForm.Username
},
new AccountType()
{
PermissionName = ClaimValues.CanViewArticle,
Username = registrationForm.Username
},
new AccountType()
{
PermissionName = ClaimValues.CanEnterRaffle,
Username = registrationForm.Username
},
new AccountType()
{
PermissionName = ClaimValues.CanShareLinkedIn,
Username = registrationForm.Username
}
};
List <ZipLocation> zipLocations = new List <ZipLocation>
{
CreateZipLocationHelper(registrationForm.Address, registrationForm.City, registrationForm.State, registrationForm.ZipCode.ToString())
};
// Account model child to UserProfile
Account account = new Account
{
UserName = registrationForm.Username,
Email = registrationForm.Email,
Password = hashedPassword,
Points = 0,
AccountStatus = true,
SuspensionTime = DateTime.UtcNow,
FirstTimeUser = true,
SecurityAnswers = securityAnswers, // Navigation Property
AccountTags = new List <InterestTag>(), // Navigation Property
SaltSecurityAnswers = saltSecurityAnswers, // Navigation Property
AccountTypes = accountTypes // Navigation Property
};
UserProfile user = new UserProfile()
{
Email = registrationForm.Email,
FirstName = registrationForm.FirstName,
LastName = registrationForm.LastName,
ZipLocations = zipLocations,
Account = account // Navigation Property
};
Salt salt = new Salt()
{
PasswordSalt = pSalt,
UserName = registrationForm.Username
};
try
{
_userProfileLogic.Create(user);
_saltLogic.Create(salt);
return(new HttpResponseMessage(HttpStatusCode.OK));
}
catch (Exception ex)
{
return(new HttpResponseMessage
{
ReasonPhrase = ex.Message,
StatusCode = HttpStatusCode.InternalServerError
});
}
}
