// POST api/SignIn
public HttpResponseMessage Post(LoginRequest loginRequest)
{
helpsDbContext context = new helpsDbContext();
User account = context.Users
.Where(a => a.StudentId == loginRequest.StudentId).SingleOrDefault();
if (account != null)
{
byte[] incoming = LoginProviderUtil
.hash(loginRequest.Password, account.Salt);
if (!account.Confirmed)
{
return this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Email has not been confirmed");
}
if (LoginProviderUtil.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.StudentId));
LoginResult loginResult = new helpsLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
var customLoginResult = new helpsLoginResult()
{
StudentId = account.StudentId,
FirstName = account.FirstName,
LastName = account.LastName,
Email = account.Email,
HasLoggedIn = account.HasLoggedIn,
AuthToken = loginResult.AuthenticationToken
};
return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult);
}
}
return this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password");
}
// GET api/ForgotPassword
public HttpResponseMessage Post(ResetPasswordRequest request)
{
helpsDbContext context = new helpsDbContext();
// Find the User with the token which was emailed to them
User user = context.Users.Where(a => a.ForgotPasswordToken == request.ResetToken).SingleOrDefault();
if (user != null)
{
if (request.Password != request.ConfirmPassword)
{
request.Errors = "Passwords do not match";
return ViewHelper.View("ResetPassword/Index", request);
} else if (request.Password.Length < 8) {
request.Errors = "Password must be minimum 8 characters";
return ViewHelper.View("ResetPassword/Index", request);
}
byte[] salt = LoginProviderUtil.generateSalt();
user.Salt = salt;
user.SaltedAndHashedPassword = LoginProviderUtil.hash(request.Password, salt);
user.ForgotPasswordToken = Guid.NewGuid().ToString();
context.Entry(user).State = System.Data.Entity.EntityState.Modified;
context.SaveChanges();
return ViewHelper.View("ResetPassword/Success");
}
request.Errors = "An error occured";
return ViewHelper.View("ResetPassword/Index", request);
}
public HttpResponseMessage Get(string StudentId)
{
helpsDbContext context = new helpsDbContext();
// Find the User with the token which was emailed to them
User user = context.Users.Where(a => a.StudentId == StudentId).SingleOrDefault();
if (user != null)
{
user.HasLoggedIn = true;
context.SaveChanges();
return this.Request.CreateResponse(HttpStatusCode.OK, "Success");
}
return this.Request.CreateResponse(HttpStatusCode.NotFound, "User not found");
}
// POST api/CustomRegistration
public HttpResponseMessage Post(RegistrationRequest registrationRequest)
{
if (!Regex.IsMatch(registrationRequest.StudentId, "^[0-9]{8}$"))
{
return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Student Id");
}
//else if (!Regex.IsMatch(registrationRequest.Email, "^[A-Za-z0-9._%+-]+@+(.*?.)?uts.edu.au$"))
//{
// return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Email must be a UTS email address");
//}
else if (registrationRequest.Password.Length < 8)
{
return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Password (at least 8 chars required)");
}
helpsDbContext context = new helpsDbContext();
User account = context.Users.Where(a => a.StudentId == registrationRequest.StudentId).SingleOrDefault();
if (account != null)
{
return this.Request.CreateResponse(HttpStatusCode.BadRequest, "That user already exists, please log in.");
}
else
{
byte[] salt = LoginProviderUtil.generateSalt();
User newUser = new User
{
Id = Guid.NewGuid().ToString(),
FirstName = registrationRequest.FirstName,
LastName = registrationRequest.LastName,
StudentId = registrationRequest.StudentId,
Salt = salt,
Email = registrationRequest.StudentId + "@student.uts.edu.au",
Confirmed = false,
ConfirmToken = Guid.NewGuid().ToString(),
ForgotPasswordToken = Guid.NewGuid().ToString(),
ResetTokenSentAt = DateTime.Now,
SaltedAndHashedPassword = LoginProviderUtil.hash(registrationRequest.Password, salt)
};
var url = Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("DefaultApi", new { controller = "ConfirmEmail", Token = newUser.ConfirmToken });
EmailProviderUtil.SendConfirmationEmail(newUser, url);
context.Users.Add(newUser);
context.SaveChanges();
return this.Request.CreateResponse(HttpStatusCode.Created);
}
}
public HttpResponseMessage Get(string studentId)
{
helpsDbContext context = new helpsDbContext();
User user = context.Users.Where(a => a.StudentId == studentId).SingleOrDefault();
if (user != null)
{
// Found the user
user.ResetTokenSentAt = DateTime.Now;
var url = Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("DefaultApi", new { controller = "ResetPassword", Token = user.ForgotPasswordToken });
EmailProviderUtil.SendPasswordResetEmail(user, url);
return this.Request.CreateResponse(HttpStatusCode.OK);
}
return this.Request.CreateResponse(HttpStatusCode.NotFound, "User not found");
}
// GET api/ConfirmEmail
public HttpResponseMessage Get(string Token)
{
helpsDbContext context = new helpsDbContext();
// Find the User with the token which was emailed to them
User user = context.Users.Where(a => a.ConfirmToken == Token).SingleOrDefault();
if (user != null)
{
// Mark the user as confirmed
user.Confirmed = true;
// Update the database
context.Entry(user).State = System.Data.Entity.EntityState.Modified;
context.SaveChanges();
//Return success
return ViewHelper.View("ConfirmEmail/Index", new { Message = "Email confirmed! Please navigate back to the app to log in" });
}
return ViewHelper.View("ConfirmEmail/Index", new { Message = "An error occured" });
}
public HttpResponseMessage Get(string StudentId, string Resend)
{
helpsDbContext context = new helpsDbContext();
// Find the User with the token which was emailed to them
User user = context.Users.Where(a => a.StudentId == StudentId).SingleOrDefault();
if (user != null)
{
if (user.Confirmed)
return this.Request.CreateResponse(HttpStatusCode.InternalServerError, "Email already confirmed");
var url = Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("DefaultApi", new { controller = "ConfirmEmail", Token = user.ConfirmToken });
EmailProviderUtil.SendConfirmationEmail(user, url);
//Return success
return this.Request.CreateResponse(HttpStatusCode.OK, "Email confirmation sent");
}
return this.Request.CreateResponse(HttpStatusCode.NotFound, "User not found");
}
