public HttpResponseMessage RoadZenLogin(LoginRequest loginRequest) { Services.Log.Info("RoadZen Login Request from Phone# [" + loginRequest.Phone + "]"); stranddContext context = new stranddContext(); Account useraccount = context.Accounts.Where(a => a.Phone == loginRequest.Phone).SingleOrDefault(); if (useraccount != null) { // Check if Registered Phone Number is through Google-Provider Account if (useraccount.ProviderUserID.Substring(0,6)=="Google") { string responseText = "Phone Number Registered with Google"; Services.Log.Warn(responseText); return this.Request.CreateResponse(HttpStatusCode.Unauthorized, WebConfigurationManager.AppSettings["RZ_MobileClientUserWarningPrefix"] + responseText); } byte[] incoming = RoadZenSecurityUtils.hash(loginRequest.Password, useraccount.Salt); if (RoadZenSecurityUtils.slowEquals(incoming, useraccount.SaltedAndHashedPassword)) { ClaimsIdentity claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.Phone)); claimsIdentity.AddClaim(new Claim("AccountGUID", useraccount.Id)); LoginResult loginResult = new RoadZenLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey); Services.Log.Info("Account [" + useraccount.ProviderUserID + "] has logged-in"); return this.Request.CreateResponse(HttpStatusCode.OK, loginResult); } else { string responseText = "Incorrect Password"; Services.Log.Warn(responseText); return this.Request.CreateResponse(HttpStatusCode.Unauthorized, WebConfigurationManager.AppSettings["RZ_MobileClientUserWarningPrefix"] + responseText); } } else { string responseText = "Unregistered Phone Number"; Services.Log.Warn(responseText); return this.Request.CreateResponse(HttpStatusCode.Unauthorized, WebConfigurationManager.AppSettings["RZ_MobileClientUserWarningPrefix"] + responseText); } }
public HttpResponseMessage RoadZenResetPassword(LoginRequest passwordRequest) { Services.Log.Info("RoadZen Password Reset Request from Phone# [" + passwordRequest.Phone + "]"); stranddContext context = new stranddContext(); Account useraccount = context.Accounts.Where(a => a.Phone == passwordRequest.Phone).SingleOrDefault(); if (useraccount != null) { if (useraccount.ProviderUserID.Substring(0, 7) != "RoadZen") { string responseText = "Phone# Registered with Google"; Services.Log.Warn(responseText); return this.Request.CreateResponse(HttpStatusCode.BadRequest, WebConfigurationManager.AppSettings["RZ_MobileClientUserWarningPrefix"] + responseText); } else { //Generate random characters from GUID string newPassword = Guid.NewGuid().ToString().Replace("-", string.Empty).Substring(0, 8); //Encrypt new Password byte[] salt = RoadZenSecurityUtils.generateSalt(); useraccount.Salt = salt; useraccount.SaltedAndHashedPassword = RoadZenSecurityUtils.hash(newPassword, salt); Services.Log.Info("Password for Phone# [" + passwordRequest.Phone + "] Reset & Saved"); //Save Encrypted Password context.SaveChanges(); //Prepare SendGrid Mail SendGridMessage resetEmail = new SendGridMessage(); resetEmail.From = SendGridHelper.GetAppFrom(); resetEmail.AddTo(useraccount.Email); resetEmail.Subject = "StrandD Password Reset"; resetEmail.Html = "<h3>New Password</h3><p>"+ newPassword +"</p>"; resetEmail.Text = "New Password: "******"New Password Email Sent to [" + useraccount.Email + "]"; Services.Log.Info(responseText); return this.Request.CreateResponse(HttpStatusCode.OK, responseText); } } else { string responseText = "Phone Number Not Registered"; Services.Log.Warn(responseText); return this.Request.CreateResponse(HttpStatusCode.BadRequest, WebConfigurationManager.AppSettings["RZ_MobileClientUserWarningPrefix"] + responseText); } }