public LogInProMaUserResponse LogInProMaUser([FromBody] LogInProMaUserRequestObject requestObject)
{
string shaPassword = requestObject.skipHash ? requestObject.password : ProMaUser.ComputeSHA256(requestObject.password);
// For the convenience of users, we want to return a message in the case where a user name exists, but the password is wrong
// the slight security concerns relating to this is noted
ProMaUser relevantUser = ProMaUserHandler.ThisCache.FirstOrDefault(x => x.UserName.ToLower() == requestObject.userName.ToLower());
if (relevantUser != null)
{
if (relevantUser.HashedPassword == shaPassword)
{
HttpContext.Session.SetInt32(USERIDSESSIONKEY, relevantUser.UserId);
HttpContext.Session.SetString(USERPASSWORDSESSIONKEY, shaPassword);
LogInProMaUserResponse response = new LogInProMaUserResponse();
response.User = relevantUser;
response.PassBackPassword = shaPassword;
return(response);
}
else
{
throw new InvalidLogInException();
}
}
else
{
throw new InvalidLogInException();
}
}
public LogInProMaUserResponse GetLoggedInUser()
{
if (LoggedInUser == null)
{
return(null);
}
LogInProMaUserResponse response = new LogInProMaUserResponse();
response.User = LoggedInUser;
response.PassBackPassword = LoggedInUser.HashedPassword;
return(response);
}
