public ActionResult Login(LoginViewModel vm)
        {
            var customerService = _uow.GetRepository<Customer>();
            var tokenService = _uow.GetRepository<ApiToken>();

            var success = WebSecurity.Login(vm.EmailAddress, vm.Password);
            var user = new Customer();

            if (!success) return Json(user);

            var userId = WebSecurity.GetUserId(vm.EmailAddress);
            user = customerService.GetById(userId);
            var token = new ApiToken
            {
                Key = HashSecurity.GenerateAppSecret(),
                UserId = user.Id,
                Created = DateTime.Now,
                ValidUntil = DateTime.Now.AddDays(30),
                ExplicitExpirationDate = null
            };
            tokenService.InsertOrUpdate(token);
            _uow.SaveChanges();

            return Json(new {user, token});
        }
        public ActionResult ValidateToken(string token)
        {
            var tokenService = _uow.GetRepository<ApiToken>();
            var customerService = _uow.GetRepository<Customer>();
            var user = new Customer();
            var foundToken = tokenService.Query()
                .FirstOrDefault(t => t.Key == token);

            var isValid = foundToken != null && 
                !foundToken.ExplicitExpirationDate.HasValue &&
                          foundToken.ValidUntil > DateTime.Now;
            if (isValid)
            {
                user = customerService.GetById(foundToken.UserId);
            }

            return Json(new { isValid, user, token = foundToken });
        }