public SsoLoginRequestDTO Fetch(AccountCredentialDTO credentials) { var loginDto = new SsoLoginRequestDTO { Username = credentials.Username, Password = credentials.Password, RoleType = _partialAccountLogic.GetPartialAccount(credentials.Username).AccountType }; return(loginDto); }
public void ReturnsJwtTokenWithRedirect() { // Arrange var credential = new AccountCredentialDTO { Username = "******", Password = "******" }; var controller = SetupControllerWithEmptyRepoMocks(); // Act // Assert }
public IHttpActionResult SubmitNewPassword(AccountCredentialDTO credentials) { Validate(credentials); if (credentials.Username == null || credentials.Password == null) { return(BadRequest("Bad Request")); } var response = _controllerLogic.PasswordSubmission(credentials); IHttpActionResult actionResultResponse = ResponseMessage(response); return(actionResultResponse); }
/// <summary> /// Logic takes new password credentials from controller and updates existing /// password and its salt stored in the user's account /// </summary> /// <param name="credentials"></param> /// <returns></returns> public HttpResponseMessage PasswordSubmission(AccountCredentialDTO credentials) { // Create new password salt and hash new password var pSalt = HashService.Instance.CreateSaltKey(); var hashedPassword = HashService.Instance.HashPasswordWithSalt(pSalt, credentials.Password, true); // Update new salt and password properties var saltModel = _saltLogic.GetSalt(credentials.Username); saltModel.PasswordSalt = pSalt; var accountModel = _accountLogic.GetSingle(credentials.Username); accountModel.Password = hashedPassword; try { // Save context _accountLogic.Update(accountModel); _saltLogic.Update(saltModel); // Return if successful return(new HttpResponseMessage { StatusCode = HttpStatusCode.OK }); } catch (Exception ex) { // Catch if exception with EF/DB occurs return(new HttpResponseMessage { ReasonPhrase = ex.Message, StatusCode = HttpStatusCode.InternalServerError }); } }
public IHttpActionResult Submit(AccountCredentialDTO credentials) { // Credentials is already read and deserialized into a DTO. Validate it. Validate(credentials); // Checks for valid model state if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // Check to make they are not a new SSO user if (_partialAccountRepository.Exists(d => d.UserName == credentials.Username)) { var transformer = new SsoLoginTransformer(); var ssoLoginDto = transformer.Fetch(credentials); var response = _ssoControllerLogic.Login(ssoLoginDto); return(ResponseMessage(response)); } // Proccess any other information. if (!_accountRepository.Exists(d => d.UserName == credentials.Username)) { return(Unauthorized()); } if (!_saltRepository.Exists(d => d.UserName == credentials.Username, d => d.Account)) { return(Unauthorized()); } Salt salt; try { salt = _saltRepository.GetSingle(d => d.UserName == credentials.Username, d => d.Account); } catch (Exception) { return(Unauthorized()); } // Check app DB for user. Account account; try { account = _accountRepository.GetSingle(d => d.UserName == credentials.Username); } catch (Exception) { return(Unauthorized()); } if (!account.AccountStatus) { return(BadRequest("SUSPENDED")); } // Issue login information if (account.Password == HashService.Instance.HashPasswordWithSalt(salt.PasswordSalt, credentials.Password, true)) { var response = new HttpResponseMessage(); JAccessToken token; var claims = (List <AccountType>)account.AccountTypes; // JWT token already exists if (_jwtRepository.Exists(d => d.UserName == account.UserName, d => d.Account)) { token = _jwtRepository.GetSingle(d => d.UserName == account.UserName, d => d.Account); token.Value = JwtManager.Instance.GenerateToken(claims); token.DateTimeIssued = DateTime.UtcNow; _jwtRepository.Update(token); } // JWT does not exist for this user else { token = new JAccessToken { Value = JwtManager.Instance.GenerateToken(claims), UserName = account.UserName, DateTimeIssued = DateTime.UtcNow }; _jwtRepository.Insert(token); } return(Json(new { AuthToken = token.Value })); } // Given password does no match the stored hashed password after being hashed else { return(Unauthorized()); } }