/// <summary>
/// Logs an user in the application
/// </summary>
/// <param name="user">The info to log</param>
/// See <see cref="Areas.Identity.Models.UserLogIn"/> to see the param structure
/// <returns>The IActionResult of the login action</returns>
/// See <see cref="Areas.Identity.Models.UserSession"/> to see the return structure
public IActionResult logIn([FromBody] UserLogIn user)
{
var userExist = this._context.User.Where(u => u.email == user.email);
if (userExist.Count() != 1 || !PasswordHasher.areEquals(user.password, userExist.First().password))
{
return(BadRequest(new { error = "WrongEmailOrPassword" }));
}
User loggedUser = userExist.First();
if (loggedUser.tokenValidation != null)
{
return(BadRequest(new { error = "NotValidatedYet" }));
}
if (!loggedUser.open)
{
return(BadRequest(new { error = "YoureBanned" }));
}
if (loggedUser.dateDeleted != null)
{
ResetDelete.reset(loggedUser, _context);
Home.Util.GroupNew.launch(loggedUser, null, null, Home.Models.TypeGroupNew.WELCOMEBACK, false, _context);
}
UserSession session = MakeUserSession.getUserSession(_context, userExist.First(), user.provider);
if (session == null)
{
return(StatusCode(500));
}
return(Ok(session));
}
/// <summary>
/// Validate an email by the email token
/// </summary>
/// <param name="emailToken">The email token</param>
/// <param name="provider">The provider of the caller</param>
/// <returns>The IActionResult of the email validation</returns>
/// See <see cref="Areas.Identity.Models.UserSession"/> to know the return structure
public IActionResult validateEmail([Required] string emailToken, Boolean provider = false)
{
var tokenExists = _context.User.Where(u => u.tokenValidation == emailToken);
if (tokenExists.Count() != 1)
{
return(BadRequest());
}
User user = tokenExists.First();
if (API.Util.AdminPolicy.isAdmin(user, _context))
{
return(BadRequest("notAllowed"));
}
user.tokenValidation = null;
_context.Update(user);
UserSession session = MakeUserSession.getUserSession(_context, user, provider);
if (session == null)
{
return(StatusCode(500));
}
return(Ok(session));
}
/// <summary>
/// Get a new session token
/// </summary>
/// <param name="req">The info of the refresh</param>
/// See <see cref="Areas.Identity.Models.RefreshRequest"/> to know the param structure
/// <returns>The IActionResult of the refresh request</returns>
/// See <see cref="Areas.Identity.Models.UserSession"/> the response structure
public IActionResult refresh([FromBody] RefreshRequest req)
{
if (TokenGenerator.isValidClaim(req.token))
{
return(StatusCode(401));
}
string email = TokenGenerator.getEmailClaim(req.token);
string refreshToken = TokenGenerator.getRefreshTokenClaim(req.token);
if (refreshToken == null)
{
return(StatusCode(401));
}
List <UserToken> savedRefreshToken = _context.UserToken.Where(ut => ut.refreshToken == refreshToken).ToList();
if (savedRefreshToken.Count() != 1)
{
return(StatusCode(401));
}
if (savedRefreshToken.First().expirationTime < DateTime.Now)
{
try
{
_context.Remove(savedRefreshToken.First());
_context.SaveChanges();
}
catch (Exception) { }
return(StatusCode(401));
}
User user = _context.User.Where(u => u.email == email).First();
if (!user.open)
{
return(BadRequest(new { error = "YoureBanned" }));
}
UserSession session = MakeUserSession.getUserSession(_context, user, req.provider);
if (session == null)
{
return(StatusCode(500));
}
return(Ok(session));
}
//
// ────────────────────────────────────────────────────────────────────────────────────
// :::::: P R I V A T E F U N C T I O N S : : : : : : : :
// ────────────────────────────────────────────────────────────────────────────────────
//
/// <summary>
/// Do the social log on google and facebook
/// </summary>
/// <param name="socialUser">The info to log/sign the user</param>
/// See <see cref="Areas.Identity.Models.UserMediaLog"/> to know param structure
/// <param name="isGoogleType">True if the log/sign is to Google, false if is a Facebook log/sign</param>
/// <returns>The IActionResult of the social log</returns>
/// See <see cref="Areas.Identity.Models.UserSession"/> to know the return structure
private async Task <IActionResult> doSocialLog(UserMediaLog socialUser, Boolean isGoogleType)
{
try {
if (isGoogleType && !await verifyGoogleToken(socialUser.authToken, socialUser.id))
{
return(BadRequest(new { error = "InvalidSocialToken" }));
}
if (!isGoogleType && !await verifyFacebookToken(socialUser.authToken, socialUser.id))
{
return(BadRequest(new { error = "InvalidSocialToken" }));
}
User user = new User();
if (!existsUser(socialUser.email, ref user)) //The new user doesn't exists
{
//The new user doesn't exist but his password isn't correct or is null
if (!PasswordHasher.validPassword(socialUser.password))
{
//The user is trying to log without signUp first
return(BadRequest(new { error = "NotSocialSignYet" }));//No registrado
}
//The new user doesn't exist and his password is correct and != null
user = addSocialUser(socialUser);
Home.Util.GroupNew.launch(user, null, null, Home.Models.TypeGroupNew.WELCOME, false, _context);
}
else //The new user already exists
{
//The new user already exists but he has sent a new password (wtf?)
if (PasswordHasher.validPassword(socialUser.password) || socialUser.password != null)
{
if (user.dateDeleted != null)
{
return(BadRequest(new { error = "DeleteRequested" }));
}
//The user is trying to reSignUp again
return(BadRequest(new { error = "EmailAlreadyExistsError" }));
}
if (!user.open)
{
return(BadRequest(new { error = "YoureBanned" }));
}
if (user.dateDeleted != null)
{
//The user asked for delete the account, but he has log in to reset the delete request
ResetDelete.reset(user, _context);
Home.Util.GroupNew.launch(user, null, null, Home.Models.TypeGroupNew.WELCOMEBACK, false, _context);
}
//Here the user already exists and doesn't send a password, so is
// trying to do a normal logIn
}
if (AdminPolicy.isAdmin(user, _context))
{
return(BadRequest("notAllowed"));
}
UserSession session = MakeUserSession.getUserSession(_context, user, socialUser.provider);
if (session == null)
{
return(StatusCode(500));
}
return(Ok(session));
} catch (Exception) {
return(StatusCode(500));
}
}