public IHttpActionResult PostLogin(LoginModel loginModel)
        {
            WebApplication1Context context = new WebApplication1Context();

            string error = "Invalid Username or Password";

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            AccountsModel account = context.AccountsModel.Where(a => a.username == loginModel.username).FirstOrDefault();

            if (account.username == loginModel.username)
            {
                byte[] saltInput     = LoginUtils.hash(loginModel.password, account.Salt);
                bool   slowHashCheck = LoginUtils.slowEquals(saltInput, account.SaltedAndHashedPassword);

                if (slowHashCheck == true)
                {
                    // Success!
                    string rawToken        = LoginUtils.makeSimpleToken();
                    string timeStamp       = DateTime.UtcNow.ToString("dd/MM/yyyy HH:mm:ss");
                    string obfuscatedToken = LoginUtils.encryptToken(rawToken, timeStamp);

                    byte[] hashedToken = LoginUtils.hashNoSalt(rawToken);

                    context.TokensModel.Add(
                        new TokenModel
                    {
                        tokenHash = hashedToken,
                        tokenDate = timeStamp,
                        userid    = account.primaryKey
                    });

                    context.SaveChangesAsync();

                    //return Ok(obfuscatedToken); // return the obfuscated token!
                    return(Ok(new
                    {
                        token = obfuscatedToken,
                        userId = account.primaryKey,
                    }));
                }
                else
                {
                    //return BadRequest("i failed here!");
                    return(BadRequest(error));
                }
            }
            else
            {
                //return BadRequest("i failed there!");
                return(BadRequest(error));
            }
        }
        public IHttpActionResult PostRegister(LoginModel loginModel)
        {
            WebApplication1Context context = new WebApplication1Context();

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (loginModel.password != loginModel.password_validator)
            {
                string error = "Uhhhhh. I can't believe you've done this.";
                return(BadRequest(error));
            }

            byte[] salt     = LoginUtils.generateSalt();
            byte[] saltPass = LoginUtils.hash(loginModel.password, salt);

            // Add validations!


            //WebApplication1Context context = new WebApplication1Context();

            context.AccountsModel.Add(
                new AccountsModel
            {
                username                = loginModel.username,
                email                   = loginModel.email,
                organizationId          = loginModel.organization,
                Salt                    = salt,
                SaltedAndHashedPassword = saltPass,
            });

            context.SaveChangesAsync();

            return(Ok());
        }