public async Task<IHttpActionResult> Register(UserModel model)
{
try
{
if (!ModelState.IsValid)
return BadRequest(ModelState);
using (AuthRepository repo = new AuthRepository())
{
IdentityResult result = await repo.RegisterUser(model);
if (!result.Succeeded)
{
foreach (string error in result.Errors)
ModelState.AddModelError(string.Empty, error);
return BadRequest(ModelState);
}
}
}
catch (Exception ex)
{
ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
return Ok();
}
public async Task<HttpResponseMessage> ConfirmEmail(string aspUserId, string code)
{
AuthRepository repo = new AuthRepository();
try
{
if (aspUserId != null && code != null)
{
IdentityResult result = await repo.ConfirmEmail(aspUserId, code);
if (result.Succeeded)
{
//If email confirmation succeeds, automatically give the a 2FA token
ApplicationUser user = await repo.FindAspUserByUserId(aspUserId);
var userIdentity = await user.GenerateUserIdentityAsync(UserManager);
string pinCode = await repo.GetTwoFactorCode(aspUserId);
await repo.VerifyTwoFactorToken(aspUserId, pinCode);
var rememberBrowserIdentity = repo.authManager.CreateTwoFactorRememberBrowserIdentity(user.Id);
repo.authManager.SignIn(new AuthenticationProperties { IsPersistent = true }, userIdentity, rememberBrowserIdentity);
var response = Request.CreateResponse(HttpStatusCode.Moved);
response.Headers.Location = new Uri(Config.BaseWWClientURL + "#/registerConfirm");
return response;
}
}
var errorResponse = Request.CreateResponse(HttpStatusCode.Moved);
errorResponse.Headers.Location = new Uri(Config.BaseWWClientURL + "/#/registerError?id=" + aspUserId);
return errorResponse;
}
catch (Exception ex)
{
ErrorLogging.LogError(ex);
var errorResponse = Request.CreateResponse(HttpStatusCode.Moved);
errorResponse.Headers.Location = new Uri(Config.BaseWWClientURL + "/#/registerError?id=" + aspUserId);
return errorResponse;
}
finally
{
repo.Dispose();
}
}
public async Task<IHttpActionResult> DemographicUserUpdate(UpdatedDemographicModel model)
{
try
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
using (AuthRepository repo = new AuthRepository())
{
await repo.UpdateUserAsync(model);
return Ok();
}
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
public async Task<IHttpActionResult> ChangeEmail(ChangeEmailModel model)
{
try
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
using (AuthRepository repo = new AuthRepository())
{
ApplicationUser user = await repo.FindAspUserByUserId(HttpContext.Current.User.Identity.Name);
if (user != null)
{
IdentityResult updatedEmail = await repo.ChangeEmailAsync(user, model.Email, user.Email);
if (!updatedEmail.Succeeded)
{
foreach (string error in updatedEmail.Errors)
ModelState.AddModelError(ModelStateType.ErrorList, error);
return BadRequest(ModelState);
}
return Ok(user);
}
else
{
// Don't reveal that the user does not exist
ModelState.AddModelError(string.Empty, "Sorry, there was an error.");
return BadRequest(ModelState);
}
}
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
public async Task<IHttpActionResult> ResetPassword(string email, string password, string code)
{
try
{
using (AuthRepository _repo = new AuthRepository())
{
code = code.Replace(" ", "+");
ApplicationUser user = await _repo.FindUserByName(email);
if (user == null)
{
// Don't reveal that the user does not exist
ModelState.AddModelError(string.Empty, "Sorry, there was an error.");
return BadRequest(ModelState);
}
IdentityResult result = await _repo.ResetPasswordAsync(user.Id, code, password);
if (!result.Succeeded)
{
foreach (string error in result.Errors)
ModelState.AddModelError(ModelStateType.ErrorList, error);
return BadRequest(ModelState);
}
return Ok();
}
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
public async Task<IHttpActionResult> DemographicUserGet()
{
try
{
using (AuthRepository repo = new AuthRepository())
{
UpdatedDemographicModel model = await repo.DemographicUserGetAsync(HttpContext.Current.User.Identity.Name);
if (model == null)
return BadRequest("Could Not Find Demographics");
return Ok(model);
}
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
public async Task<IHttpActionResult> ForgotPassword(string email)
{
try
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
using (AuthRepository _repo = new AuthRepository())
{
ApplicationUser initialUser = await _repo.FindUserByName(email);
if (initialUser == null)
{
// Don't reveal that the user does not exist
ModelState.AddModelError(ModelStateType.ErrorList, "Sorry, there was an error.");
return BadRequest(ModelState);
}
var confirmed = await _repo.VerifyEmailConfirmed(initialUser.Id);
if (!confirmed)
{
ModelState.AddModelError(ModelStateType.ErrorList, "eMailNotConfirmed");
return BadRequest(ModelState);
}
await _repo.SendChangePasswordConfirmation(initialUser.Id, email);
return Ok();
}
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
public async Task<IHttpActionResult> ChangePassword(ChangePasswordModel model)
{
try
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
using (AuthRepository repo = new AuthRepository())
{
ApplicationUser appUser = await repo.FindAspUserByUserId(User.Identity.Name);
var user = await repo.CheckCredentials(appUser.UserName, model.OldPassword);
if (user == null)
{
// Don't reveal that the user does not exist
ModelState.AddModelError(ModelStateType.ErrorList, "The current password is incorrect");
return BadRequest(ModelState);
}
IdentityResult result = await repo.ChangePasswordAsync(user, model.OldPassword, model.NewPassword);
if (!result.Succeeded)
{
foreach (string error in result.Errors)
ModelState.AddModelError(ModelStateType.ErrorList, error);
return BadRequest(ModelState);
}
return Ok();
}
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
public async Task<IHttpActionResult> ResendTFAEmail(ResendTFAEmailModel model)
{
try
{
if (!ModelState.IsValid)
return BadRequest(ModelState);
using (AuthRepository repo = new AuthRepository())
{
ApplicationUser currentUser = await repo.CheckCredentials(model.HiddenUserName, model.HiddenPassword);
if (currentUser != null)
{
await repo.SendTwoFactorAuthentionToken(currentUser.Id);
}
}
return Ok();
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
public async Task<IHttpActionResult> ResendEmailVerification(string aspUserId)
{
try
{
using (AuthRepository repo = new AuthRepository())
{
await repo.SendConfirmationEmail(aspUserId, WWBusiness.Helper.EmailMessage.EmailNotVerifiedConfirmation);
}
return Ok();
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
public async Task<IHttpActionResult> Verify2FACode(string userName, string pinCode)
{
try
{
using (AuthRepository repo = new AuthRepository())
{
ApplicationUser user = await repo.FindUserByName(userName);
bool isCodeValid = await repo.VerifyTwoFactorToken(user.Id, pinCode);
ClaimsIdentity userIdentity = await user.GenerateUserIdentityAsync(UserManager);
if (isCodeValid)
{
var rememberBrowserIdentity = repo.authManager.CreateTwoFactorRememberBrowserIdentity(user.Id);
repo.authManager.SignIn(new AuthenticationProperties { IsPersistent = true }, userIdentity, rememberBrowserIdentity);
}
else
{
return BadRequest("Sorry, that is not a valid code.");
}
}
return Ok();
}
catch (Exception ex)
{
Helper.ErrorLogging.LogError(ex);
return InternalServerError(ex);
}
}
