public async Task <IActionResult> Register([FromBody] AccountDTO dto)
{
if (!IsPopulated(dto?.email) || !IsPopulated(dto?.password))
{
return(BadRequest());
}
if (!EmailHelpers.Validate(dto.Username))
{
return(BadRequest());
}
if (!Boolean.Parse(_config["Tracktor:RegistrationEnabled"]))
{
return(BadRequest("@RegistrationDisabled"));
}
if (_config["Tracktor:RegistrationCode"] != dto.code)
{
return(BadRequest("@BadCode"));
}
var user = new ApplicationUser {
UserName = dto.Username, Email = dto.Username
};
var result = await _userManager.CreateAsync(user, dto.password);
if (result.Succeeded)
{
user = await _userManager.FindByEmailAsync(dto.Username);
await _userManager.AddToRoleAsync(user, "User");
await _signInManager.SignInAsync(user, isPersistent : true);
_logger.LogInformation(3, $"User {dto.Username} created a new account with a password");
// create user in tracktor
user.TUserID = await _client.CreateUserAsync(user.Id);
user.TimeZone = dto.timezone;
await _userManager.UpdateAsync(user);
return(Ok(await CreateResponse(user)));
}
else if (result.Errors != null && result.Errors.Any(e => e.Code == "DuplicateUserName"))
{
return(BadRequest("@UsernameTaken"));
}
else
{
_logger.LogWarning($"Unable to register user {dto.Username}: {string.Join(", ", result.Errors.Select(e => e.Description))}");
}
return(BadRequest("@UnableToRegister"));
}
public async Task <IActionResult> ExternalLogin([FromBody] AccountDTO dto)
{
if (!IsPopulated(dto?.code) || !IsPopulated(dto?.provider))
{
return(BadRequest());
}
var appVerified = false;
var emailVerified = false;
switch (dto.provider)
{
case "Facebook":
{
try
{
var hc = new HttpClient();
var verifyUrl = _config["Facebook:VerifyUrl"];
var appId = _config["Facebook:AppId"];
var userUrl = _config["Facebook:UserUrl"];
if (string.IsNullOrWhiteSpace(verifyUrl) || string.IsNullOrWhiteSpace(userUrl))
{
return(BadRequest("@ProviderNotEnabled"));
}
var appString = await hc.GetStringAsync(verifyUrl + dto.code);
var userString = await hc.GetStringAsync(userUrl + dto.code);
if (!string.IsNullOrWhiteSpace(appString) && !string.IsNullOrWhiteSpace(userString))
{
var appResult = Newtonsoft.Json.JsonConvert.DeserializeObject(appString) as JObject;
var userResult = Newtonsoft.Json.JsonConvert.DeserializeObject(userString) as JObject;
if (userResult["email"] != null)
{
dto.email = userResult["email"].ToString();
emailVerified = true;
}
if (appResult["id"] != null && appResult["id"].ToString() == appId)
{
appVerified = true;
}
}
} catch (Exception ex)
{
_logger.LogError($"Unable to log via {dto.provider}: {ex.Message}");
return(BadRequest("@UnableToLogin" + dto.provider));
}
}
break;
default:
return(BadRequest("@UnknownLoginProvider"));
}
if (string.IsNullOrWhiteSpace(dto.Username) || !emailVerified || !appVerified)
{
return(BadRequest("@UnableToLogin" + dto.provider));
}
if (!EmailHelpers.Validate(dto.Username))
{
return(BadRequest());
}
// create user if necessary
var user = await _userManager.FindByEmailAsync(dto.Username);
if (user == null)
{
if (!Boolean.Parse(_config["Tracktor:RegistrationEnabled"]))
{
return(BadRequest("@RegistrationDisabled"));
}
user = new ApplicationUser {
Email = dto.Username, UserName = dto.Username
};
await _userManager.CreateAsync(user);
await _userManager.AddToRoleAsync(user, "User");
}
if (await _signInManager.CanSignInAsync(user))
{
await _signInManager.SignInAsync(user, true);
_logger.LogInformation(1, $"User {dto.Username} logged in from {Request.HttpContext.Connection.RemoteIpAddress} via Facebook");
return(Ok(await CreateResponse(user)));
}
else
{
_logger.LogWarning(2, $"Invalid login attempt for user {dto.Username} from {Request.HttpContext.Connection.RemoteIpAddress}.");
return(BadRequest("@UnableToLogin" + dto.provider));
}
}
