public IHttpActionResult LogoutFromSSO([FromBody] LogoutRequestModel request)
{
using (var _dbcontext = new BroadwayBuilderContext())
{
try
{
ControllerHelper.ValidateLoginRequestModel(ModelState, request);
//Guid userSsoId = ControllerHelper.ParseAndCheckId(request.SSOUserId);
//SignatureService signatureService = new SignatureService();
//if (!signatureService.IsValidClientRequest(request.SSOUserId, request.Email, request.Timestamp, request.Signature))
//{
// return Content(HttpStatusCode.Unauthorized, "Invalid Signature Token");
//}
_dbcontext.Sessions.Remove(_dbcontext.Sessions
.Where(o => o.Signature == request.Signature)
.First());
_dbcontext.SaveChanges();
return(Ok("User logged out"));
}
catch (Exception e)
{
return(InternalServerError(e));
}
}
}
public IHttpActionResult DeleteUserFromSSO([FromBody] LoginRequestModel request)
{
using (var _dbcontext = new BroadwayBuilderContext())
{
try
{
ControllerHelper.ValidateLoginRequestModel(ModelState, request);
Guid userSsoId = ControllerHelper.ParseAndCheckId(request.SSOUserId);
SignatureService signatureService = new SignatureService();
if (!signatureService.IsValidClientRequest(request.SSOUserId, request.Email, request.Timestamp, request.Signature))
{
return(Content(HttpStatusCode.Unauthorized, "Invalid Signature Token"));
}
UserService userService = new UserService(_dbcontext);
var user = userService.GetUser(request.Email);
userService.DeleteUser(request.Email);
_dbcontext.Sessions.RemoveRange(_dbcontext.Sessions.Where(o => o.UserId == user.UserId));
_dbcontext.SaveChanges();
return(Ok("User deleted"));
}
catch (Exception e)
{
return(InternalServerError(e));
}
}
}
public IHttpActionResult LoginFromSSO([FromBody] LoginRequestModel request)
{
using (var _dbcontext = new BroadwayBuilderContext())
{
try
{
ControllerHelper.ValidateLoginRequestModel(ModelState, request);
Guid userSsoId = ControllerHelper.ParseAndCheckId(request.SSOUserId);
SignatureService signatureService = new SignatureService();
// Check if the signature is invalid
if (!signatureService.IsValidClientRequest(request.SSOUserId, request.Email, request.Timestamp, request.Signature))
{
return(Content(HttpStatusCode.Unauthorized, "Invalid Signature Token"));
}
// Now we have to get a user (check if it exists)
UserService userService = new UserService(_dbcontext);
User user;
try
{
user = userService.GetUser(request.Email);
}
catch (UserNotFoundException ex)
{
var newUser = new User()
{
UserGuid = userSsoId,
Username = request.Email,
DateCreated = DateTime.UtcNow,
IsEnabled = false,
IsComplete = false
};
userService.CreateUser(newUser);
user = newUser;
// Everyone starts off as a general user
userService.AddUserRole(user.UserId, DataAccessLayer.Enums.RoleEnum.GeneralUser);
}
// User was found, so login user
Session session = new Session()
{
UserId = user.UserId,
Token = Guid.NewGuid().ToString(),
Signature = request.Signature,
CreatedAt = DateTime.UtcNow,
ExpiresAt = DateTime.UtcNow.AddMinutes(30),
UpdatedAt = DateTime.UtcNow,
Id = Guid.NewGuid(),
};
_dbcontext.Sessions.Add(session);
_dbcontext.SaveChanges();
//Logging Usage
//TODO: possibly change the userid argument for LogUsage
LoggerHelper.LogUsage("Login", user.UserId);
var redirectURL = $"https://ui.broadwaybuilder.xyz/#/login?token={session.Token}";
return(Redirect(redirectURL));
}
catch (Exception e)
{
return(InternalServerError(e));
//TODO: LogError
}
}
}