public bool AuthenticateUserToken(string usertoken)
{
UserTokensData tokenData = new UserTokensData(CurrentDataContext);
int id = tokenData.GetUserIdFromToken(usertoken);
return(id > 0);
}
public VerifyResponse VerifyUserRegistration(int id, string token)
{
VerifyResponse response = new VerifyResponse();
UserToken token2Verify = new UserToken();
token2Verify.UserId = id;
token2Verify.Token = new Guid(token);
token2Verify.TokenType = TokenType.Verify;
UserTokensData tokenData = new UserTokensData(CurrentDataContext);
UserToken returnToken = tokenData.ReadTokenForRegistration(token2Verify);
if (returnToken != null)
{
// Update user to be verified
UsersData uData = new UsersData(CurrentDataContext);
User theUser = uData.ReadUserById(id);
theUser.Verified = true;
uData.UpdateUser(theUser);
// Delete the registration token
tokenData.DeleteTokenById(returnToken.Id);
response.Success = true;
response.User = theUser.StripSecurity();
}
return(response);
}
public User ReadUserByToken(string usertoken)
{
UserTokensData tokenData = new UserTokensData(CurrentDataContext);
int id = tokenData.GetUserIdFromToken(usertoken);
if (id < 1)
{
return(null);
}
return(ReadUserById(id));
}
public bool ValidateUserAdmin(string userToken)
{
bool userTokenIsAdmin = false;
UserTokensData tokenData = new UserTokensData(CurrentDataContext);
int id = tokenData.GetUserIdFromToken(userToken);
if (id > 0)
{
// User exists now check admin privileges
UsersData usersData = new UsersData(CurrentDataContext);
User user = usersData.ReadUserById(id);
userTokenIsAdmin = user.IsAdmin;
}
return(userTokenIsAdmin);
}
public LoginResponse ValidateUser(string email, string password)
{
LoginResponse response = new LoginResponse();
UsersData data = new UsersData(CurrentDataContext);
User theUser = data.ReadUserByEmail(email);
if (theUser != null)
{
// PBKDF2 hashing of password and salt
Rfc2898DeriveBytes dBytes = new System.Security.Cryptography.Rfc2898DeriveBytes(password, theUser.Salt, NumKeyIterations);
byte[] pass2Check = dBytes.GetBytes(256);
if (pass2Check.SequenceEqual(theUser.Password))
{
// Create user login token
UserToken token = new UserToken();
token.UserId = theUser.Id;
token.Token = Guid.NewGuid();
token.TokenType = TokenType.Login;
token.CreateDate = DateTime.Now;
UserTokensData tokenData = new UserTokensData(CurrentDataContext);
token.Id = tokenData.CreateToken(token);
response.Success = true;
response.UserToken = token.Token;
response.AutoLogoutInMinutes = 0;
response.User = theUser.StripSecurity();
}
else
{
response.Message = ErrorMessages.LOGIN_INVALID_PASSWORD;
}
}
else
{
response.Message = ErrorMessages.LOGIN_NO_USER_WITH_PROVIDED_USERNAME;
}
return(response);
}
public RegisterResponse RegisterUser(InputUser regUser)
{
RegisterResponse response = new RegisterResponse();
response.Errors = new List <string>();
try
{
UsersData data = new UsersData(CurrentDataContext);
if (data.UserExists(regUser.Email))
{
response.Success = false;
response.Message = ErrorMessages.REGISTER_DUPLICATE_USER_EMAIL;
response.Errors.Add(ErrorMessages.REGISTER_DUPLICATE_USER_EMAIL);
}
else
{
// Create our random 256 bit salt
RNGCryptoServiceProvider rngGod = new System.Security.Cryptography.RNGCryptoServiceProvider();
byte[] salt = new byte[32];
rngGod.GetBytes(salt);
// Prepare our password
Rfc2898DeriveBytes dBytes = new System.Security.Cryptography.Rfc2898DeriveBytes(regUser.Password, salt, NumKeyIterations);
User newUser = new User();
newUser.Email = regUser.Email;
newUser.Username = regUser.UserName;
newUser.Password = dBytes.GetBytes(256);
newUser.Salt = salt;
newUser.Verified = false;
newUser.SignUpDate = DateTime.Now;
// Create our user
newUser.Id = data.CreateUser(newUser);
// Create registration verification token
UserToken token = new UserToken();
token.UserId = newUser.Id;
token.Token = Guid.NewGuid();
token.TokenType = TokenType.Verify;
token.CreateDate = DateTime.Now;
UserTokensData tokenData = new UserTokensData(CurrentDataContext);
token.Id = tokenData.CreateToken(token);
// Send back our response
response.Success = true;
response.Message = newUser.Email;
response.RegisteredUser = newUser;
response.RegisteredToken = token;
}
}
catch (Exception e)
{
response.Success = false;
response.Message = e.Message;
response.Errors.Add(ErrorMessages.REGISTER_GENERAL_ERROR);
}
return(response);
}
public void LogoutUser(int userId)
{
UserTokensData tData = new UserTokensData(CurrentDataContext);
tData.DeleteAllTokensByUserId(userId, TokenType.Login);
}
