public IHttpActionResult ChangePassword(AccountPasswordChangeDTO accountPasswordChangeDTO) { // Credentials is already read and deserialized into a DTO. Validate it. Validate(accountPasswordChangeDTO); if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // Proccess any other information. if (!_accountLogic.Exists(accountPasswordChangeDTO.Username)) { return(Unauthorized()); } if (!_saltLogic.Exists(accountPasswordChangeDTO.Username)) { return(Unauthorized()); } Salt salt; try { salt = _saltLogic.GetSalt(accountPasswordChangeDTO.Username); } catch (Exception) { return(Unauthorized()); } // Check app DB for user. Account account; try { account = _accountLogic.GetSingle(accountPasswordChangeDTO.Username); } catch (Exception) { return(Unauthorized()); } if (account.Password == HashService.Instance.HashPasswordWithSalt(salt.PasswordSalt, accountPasswordChangeDTO.Password, true)) { _accountControllerLogic.ChangePassword(account, salt, accountPasswordChangeDTO.NewPassword); } else { return(Unauthorized()); } return(Ok("Password changed.")); }
/// <summary> /// Business logic for registering accounts from Single Sign On. /// </summary> /// <param name="registrationDto"></param> /// <returns></returns> public HttpResponseMessage RegisterPartialAccount(SsoRegistrationRequestDTO registrationDto) { // Validation Step if (_partialAccountLogic.Exists(registrationDto.Username) || _accountLogic.Exists(registrationDto.Username)) { return(new HttpResponseMessage(HttpStatusCode.Conflict)); } // Add new PartialAccount to the database var partialAccount = new PartialAccount() { UserName = registrationDto.Username, Password = registrationDto.HashedPassword, AccountType = registrationDto.RoleType }; // Add new attached Salt to the database connected with PartialAccount. var salt = new PartialAccountSalt() { PasswordSalt = registrationDto.PasswordSalt, UserName = registrationDto.Username, PartialAccount = partialAccount }; _partialAccountSaltLogic.Create(salt); return(new HttpResponseMessage(HttpStatusCode.OK)); }
public IHttpActionResult SingleScholarAccountInformation(UsernameDTO usernameDTO) { Account requestedAccount; // Verifying the requested account exists if (_accountLogic.Exists(usernameDTO.username)) { requestedAccount = _accountLogic.GetByUsername(usernameDTO.username); } // The requested account does not exist. else { return(BadRequest("The requested account with the given username does not exist!")); } return(Json(new { requestedAccount.AccountStatus })); }
/// <summary> /// Logic takes username from controller and returns the set of security questions /// that were set during registration /// Security questions are assoicated with username parameter /// </summary> /// <param name="username"></param> /// <returns></returns> public HttpResponseMessage UsernameSubmission(string username) { // Check if username doesn't exist if (!_accountLogic.Exists(username)) { return(new HttpResponseMessage { ReasonPhrase = "No Username Found", StatusCode = HttpStatusCode.Conflict }); } // Retrieve security questions from user's account by username var securityQuestionsAccounts = _securityQuestionsAccountLogic.GetAllByUsername(username); // Create a list that only contains needed information: Security Question and ID List <object> objects = new List <object>(); object temp; foreach (var account in securityQuestionsAccounts) { temp = new { account.SecurityQuestion.SecurityQuestionID, account.SecurityQuestion.SecQuestion }; objects.Add(temp); } // Serialize list as string var jsonContent = JsonConvert.SerializeObject(objects, Formatting.Indented, new JsonSerializerSettings { ReferenceLoopHandling = ReferenceLoopHandling.Ignore }); var stringContent = new StringContent(jsonContent); // Return successful message return(new HttpResponseMessage { Content = stringContent, StatusCode = HttpStatusCode.OK }); }
/// <summary> /// Logic that takes form properties and inserts to context /// </summary> /// <param name="registrationForm"></param> /// <returns></returns> public HttpResponseMessage Registration(RegistrationDTO registrationForm) { // Check if user already exists if (_accountLogic.Exists(registrationForm.Username)) { return(new HttpResponseMessage { ReasonPhrase = "Username Exists", StatusCode = HttpStatusCode.Conflict }); } // Create salts and hash password and answers to security questions var pSalt = HashService.Instance.CreateSaltKey(); var aSalt1 = HashService.Instance.CreateSaltKey(); var aSalt2 = HashService.Instance.CreateSaltKey(); var aSalt3 = HashService.Instance.CreateSaltKey(); var hashedPassword = HashService.Instance.HashPasswordWithSalt(pSalt, registrationForm.Password, true); var hashedAnswer1 = HashService.Instance.HashPasswordWithSalt(aSalt1, registrationForm.SecurityQuestions[0].Answer, true); var hashedAnswer2 = HashService.Instance.HashPasswordWithSalt(aSalt2, registrationForm.SecurityQuestions[1].Answer, true); var hashedAnswer3 = HashService.Instance.HashPasswordWithSalt(aSalt3, registrationForm.SecurityQuestions[2].Answer, true); // Collections representing child models of Account List <SaltSecurityAnswer> saltSecurityAnswers = new List <SaltSecurityAnswer> { new SaltSecurityAnswer { SaltValue = aSalt1, UserName = registrationForm.Username, SecurityQuestionID = registrationForm.SecurityQuestions[0].Question }, new SaltSecurityAnswer { SaltValue = aSalt2, UserName = registrationForm.Username, SecurityQuestionID = registrationForm.SecurityQuestions[1].Question }, new SaltSecurityAnswer { SaltValue = aSalt3, UserName = registrationForm.Username, SecurityQuestionID = registrationForm.SecurityQuestions[2].Question }, }; List <SecurityQuestionAccount> securityAnswers = new List <SecurityQuestionAccount> { new SecurityQuestionAccount { Answer = hashedAnswer1, SecurityQuestionID = registrationForm.SecurityQuestions[0].Question, Username = registrationForm.Username }, new SecurityQuestionAccount { Answer = hashedAnswer2, SecurityQuestionID = registrationForm.SecurityQuestions[1].Question, Username = registrationForm.Username }, new SecurityQuestionAccount { Answer = hashedAnswer3, SecurityQuestionID = registrationForm.SecurityQuestions[2].Question, Username = registrationForm.Username } }; List <AccountType> accountTypes = new List <AccountType> { new AccountType() { PermissionName = ClaimValues.Scholar, Username = registrationForm.Username }, new AccountType() { PermissionName = ClaimValues.CanEditInformation, Username = registrationForm.Username }, new AccountType() { PermissionName = ClaimValues.CanViewArticle, Username = registrationForm.Username }, new AccountType() { PermissionName = ClaimValues.CanEnterRaffle, Username = registrationForm.Username }, new AccountType() { PermissionName = ClaimValues.CanShareLinkedIn, Username = registrationForm.Username } }; List <ZipLocation> zipLocations = new List <ZipLocation> { CreateZipLocationHelper(registrationForm.Address, registrationForm.City, registrationForm.State, registrationForm.ZipCode.ToString()) }; // Account model child to UserProfile Account account = new Account { UserName = registrationForm.Username, Email = registrationForm.Email, Password = hashedPassword, Points = 0, AccountStatus = true, SuspensionTime = DateTime.UtcNow, FirstTimeUser = true, SecurityAnswers = securityAnswers, // Navigation Property AccountTags = new List <InterestTag>(), // Navigation Property SaltSecurityAnswers = saltSecurityAnswers, // Navigation Property AccountTypes = accountTypes // Navigation Property }; UserProfile user = new UserProfile() { Email = registrationForm.Email, FirstName = registrationForm.FirstName, LastName = registrationForm.LastName, ZipLocations = zipLocations, Account = account // Navigation Property }; Salt salt = new Salt() { PasswordSalt = pSalt, UserName = registrationForm.Username }; try { _userProfileLogic.Create(user); _saltLogic.Create(salt); return(new HttpResponseMessage(HttpStatusCode.OK)); } catch (Exception ex) { return(new HttpResponseMessage { ReasonPhrase = ex.Message, StatusCode = HttpStatusCode.InternalServerError }); } }