Beispiel #1
0
        public object Post(LoginRequest request)
        {
            try
            {
                if (request.IsNotValid())
                    return new HttpResult {StatusCode = BadRequest};

                var app = Db.FirstOrDefaultById<Application>(request.ClientId);
                if (app == null || app.RedirectUri != request.RedirectUri)
                    return new HttpResult {StatusCode = BadRequest};

                var user = Db.FirstOrDefaultById<User>(request.Login);
                if (user == null)
                    return new HttpResult {StatusCode = BadRequest};

                var enc = Encoding.UTF8;
                string hashString;

                using (var sha1 = SHA1.Create())
                {
                    var hash = sha1.ComputeHash(enc.GetBytes(request.Password + user.Salt));
                    hashString = string.Join("", hash.Select(x => x.ToString("x")));
                }

                if (user.PasswordHash != hashString)
                    return new HttpResult {StatusCode = BadRequest};

                var code = new OAuthCode {ClientId = app.ClientId, UserLogin = user.Login, Code = Guid.NewGuid()};
                Db.Save(code);

                return new HttpResult
                {
                    StatusCode = Redirect,
                    Headers =
                    {
                        {
                            HttpHeaders.Location,
                            new UriBuilder(app.RedirectUri)
                            {
                                Query = $"code={code.Code}{(request.State == null ? "" : $"&state={request.State}")}"
                            }
                                .Uri.AbsoluteUri
                        }
                    }
                };
            }