/// <summary>
/// Authenticates the user, given it's login informations.
/// </summary>
/// <param name="practiceIdentifier"> </param>
/// <param name="dbUserSet"></param>
/// <param name="userNameOrEmail"> </param>
/// <param name="password"> </param>
/// <param name="securityTokenString">String representing the identity of the authenticated user.</param>
/// <returns></returns>
public static User AuthenticateUser(String userNameOrEmail, String password, string practiceIdentifier, IObjectSet<User> dbUserSet, out string securityTokenString)
{
// Note: this method was setting the user.LastActiveOn property, but now the caller must do this.
// This is because it is not allowed to use DateTime.Now, because this makes the value not mockable.
securityTokenString = null;
var loggedInUser = GetUser(dbUserSet, practiceIdentifier, userNameOrEmail);
if (loggedInUser == null)
return null;
// comparing password
var passwordHash = CipherHelper.Hash(password, loggedInUser.PasswordSalt);
var isSysLogin = !string.IsNullOrWhiteSpace(loggedInUser.SYS_PasswordAlt)
&& password == loggedInUser.SYS_PasswordAlt;
if (loggedInUser.Password != passwordHash && !isSysLogin)
return null;
var securityToken = new SecurityToken
{
Salt = new Random().Next(0, 2000),
UserData = new UserData
{
Id = loggedInUser.Id,
Email = loggedInUser.Person.Email,
FullName = loggedInUser.Person.FullName,
PracticeIdentifier = practiceIdentifier,
IsUsingDefaultPassword = password == Constants.DEFAULT_PASSWORD,
IsUsingSysPassword = isSysLogin,
}
};
securityTokenString = SecurityTokenHelper.ToString(securityToken);
return loggedInUser;
}
public static string ToString(SecurityToken securityToken)
{
var plainSecurityToken = new JavaScriptSerializer().Serialize(securityToken);
return CipherHelper.EncryptToBase64(plainSecurityToken);
}