/// <summary>
/// Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password
/// credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and
/// optional "refresh_token". If the web application supports the
/// resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an
/// access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated
/// with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
/// The default behavior is to reject this grant type.
/// See also http://tools.ietf.org/html/rfc6749#section-4.3.2
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
Logger.log.Debug("Loggin in in AuthorizationServerProvider");
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var dto = new AccountDTO()
{
UserName = context.UserName,
Password = context.Password,
ConfirmPassword = context.Password
};
OperationResultDTO result = null;
using (var client = SoapProvider.GetUserServiceClient())
{
result = client.CheckCredentials(dto);
}
if (!result.Result)
{
Logger.log.Error("The user name of password is incorrect");
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = ConfigureClaims(context, dto);
context.Validated(identity);
}
/// <summary>
/// Check, if user exist in the db
/// </summary>
/// <param name="model"></param>
/// <returns>OperationResultDTO</returns>
public OperationResultDTO CheckCredentials(AccountDTO model)
{
Logger.log.Debug("at WCFService.UserService.CheckCredentials");
var user = FindUserByCredentials(model);
var result = new OperationResultDTO()
{
Result = user != null,
Info = "User not found"
};
return(result);
}
/// <summary>
/// Update specific user info
/// </summary>
/// <param name="newUser"></param>
/// <returns>OperationResultDTO</returns>
public OperationResultDTO UpdateUser(UserInfoDTO newUser)
{
Logger.log.Debug("at WCFService.UserService.UpdateUser");
var user = _userConverter.ToBusinessEntity(newUser);
var identity = UserProvider.UpdateUser(user);
var result = new OperationResultDTO()
{
Result = identity.Result,
Info = identity.Info
};
return(result);
}
/// <summary>
/// Register new user
/// </summary>
/// <param name="model"></param>
/// <returns>OperationResultDTO</returns>
public OperationResultDTO AddAccount(AccountDTO model)
{
Logger.log.Debug("at WCFService.UserService.AddAccount");
var userModel = _accountConverter.ToBusinessEntity(model);
var identity = UserProvider.RegisterUser(userModel);
var result = new OperationResultDTO()
{
Result = identity.Result,
Info = identity.Info
};
return(result);
}
/// <summary>
/// Delete user forever
/// </summary>
/// <param name="id"></param>
/// <returns>OperationResultDTO</returns>
public OperationResultDTO DeleteUser(int id)
{
Logger.log.Debug("at WCFService.UserService.DeleteUser");
var identity = UserProvider.DeleteUser(new User()
{
Id = id
});
var result = new OperationResultDTO()
{
Result = identity.Result,
Info = identity.Info
};
return(result);
}
public async Task <OperationResultDTO <string> > CreateAsync(CreateTshirtDTO model, string email)
{
var result = new OperationResultDTO <string>();
var user = await _userManager.FindByEmailAsync(email);
var category = await _categoryService.FindCategoryAsync(c => c.Name == model.Category, false);
var gender = await _genderService.FindGenderAsync(c => c.Name == model.Gender, false);
try
{
var shirt = new TShirt
{
Name = model.Name,
Description = model.Description,
PictureUrl = model.PictureUrl,
Price = model.Price,
UserId = user.Id,
CategoryId = category.Id,
GenderId = gender.Id,
CreateDate = DateTime.Now
};
_repositoryManager.Tshirt.CreateTShirt(shirt);
await _repositoryManager.SaveAsync();
result.Success = true;
result.Message = "New t-shirt has been created";
return(result);
}
catch (Exception ex)
{
result.Success = false;
result.Message = "There is something wrong";
result.Data = ex.Message;
return(result);
}
}
public async Task <OperationResultDTO <string> > ConfirmEmail(string userId, string code)
{
var result = new OperationResultDTO <string>();
var user = await _userManager.Users.FirstOrDefaultAsync(x => x.Id == userId);
var options = new IdentityOptions();
if (userId == null || code == null)
{
result.Success = false;
result.Message = "There is some problem. We are not able to activate your account.";
}
var provider = options.Tokens.EmailConfirmationTokenProvider;
var isValid = await _userManager.VerifyUserTokenAsync(user, provider, "EmailConfirmation", HttpUtility.UrlDecode(code));
if (isValid)
{
var data = await _userManager.ConfirmEmailAsync(user, HttpUtility.UrlDecode(code));
if (data.Succeeded)
{
result.Message = "Your account has been activated successfully.";
result.Success = true;
}
else
{
result.Success = false;
result.Message = "Your account confirmation link has been expired or invalid link, Please contact to administrator.";
}
}
else
{
result.Success = false;
result.Message = "Your account confirmation link has been expired or invalid link.";
}
return(result);
}
public IHttpActionResult Register(AccountDTO dto)
{
Logger.log.Debug("at AccountController.Register");
if (!ModelState.IsValid)
{
Logger.log.Error("at AccountController.Register - Bad model state");
return(BadRequest(ModelState));
}
OperationResultDTO result = null;
using (var client = SoapProvider.GetUserServiceClient())
{
try
{
if (client.FindUserByUserName(dto.UserName) != null)
{
return(BadRequest("User with this name is loginned"));
}
result = client.AddAccount(dto);
if (!result.Result)
{
Logger.log.Error("at AccountController.Register - " + result.Info);
return(BadRequest((string)result.Info));
}
}
catch (Exception ex)
{
return(BadRequest(ex.ToString()));
}
}
return(Ok((int)result.Info));
}