public HttpResponseMessage Login(string username, string password)
{
if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password))
{
User user = db.User.FirstOrDefault(u => u.username == username);
if (user != null)
{
if (HomeController.ComparePasswords(user.password, user.salt, password))
{
return(HomeController.CreateAuthorizationHeader(Request, username));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "usuario o contraseña incorrecta"));
}
}
return(Request.CreateResponse(HttpStatusCode.NotFound, "el usuario no existe"));
}
return(Request.CreateResponse(HttpStatusCode.BadRequest, "usuario o contraseña vacía"));
}
// POST: api/users
public HttpResponseMessage Post([FromBody] User user)
{
if (user != null && !string.IsNullOrEmpty(user.username) && !string.IsNullOrEmpty(user.password) && !string.IsNullOrWhiteSpace(user.email))
{
var usuarioDb = db.User.FirstOrDefault(u => u.username == user.username);
if (usuarioDb == null)
{
try
{
user.salt = HomeController.CreateSalt();
user.password = HomeController.HashPassword(user.password, user.salt);
db.User.Add(user);
db.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.Created));
}
catch (Exception e)
{
return(Request.CreateResponse(HttpStatusCode.InternalServerError, string.Format("{0} - {1}", ERROR, e.Message)));
}
}
return(Request.CreateResponse(HttpStatusCode.Conflict, "usuario duplicado"));
}
return(Request.CreateResponse(HttpStatusCode.BadRequest, "usuario no válido"));
}
