Example #1
0
        public IActionResult Login([FromBody] DTOs.LoginRequestDTO dto)
        {
            using (var transaction = DBSession.BeginTransaction())
            {
                try
                {
                    var person = DBSession.QueryOver <Person>().Where(x => x.Username == dto.Username).SingleOrDefault();

                    if (person == null)
                    {
                        return(Unauthorized());
                    }

                    if (!PasswordHash.ValidatePassword(dto.Password, person.PasswordHash))
                    {
                        if (person.EmailAddresses.Any())
                        {
                            var model = new Email.Models.FailedAccountLoginEmailModel
                            {
                                FriendlyName = person.ToString()
                            };

                            //Ok, so we have an email we can use to contact the person!
                            Email.EmailInterface.CCEmailMessage
                            .CreateDefault()
                            .To(person.EmailAddresses.Select(x => new System.Net.Mail.MailAddress(x.Address, person.ToString())))
                            .Subject("Security Alert : Failed Login")
                            .HTMLAlternateViewUsingTemplateFromEmbedded("CommandCentral.Email.Templates.FailedAccountLogin_HTML.html", model)
                            .SendWithRetryAndFailure(TimeSpan.FromSeconds(1));

                            //Now we also need to add the event to client's account history.
                            person.AccountHistory.Add(new AccountHistoryEvent
                            {
                                AccountHistoryEventType = ReferenceListHelper <AccountHistoryType> .Find("Failed Login"),
                                EventTime = this.CallTime
                            });

                            DBSession.Update(person);
                        }

                        transaction.Commit();
                        return(Unauthorized());
                    }

                    //The client is who they claim to be so let's make them an authentication session.
                    AuthenticationSession ses = new AuthenticationSession
                    {
                        Id           = Guid.NewGuid(),
                        IsActive     = true,
                        LastUsedTime = CallTime,
                        LoginTime    = CallTime,
                        Person       = person
                    };

                    //Now insert it
                    DBSession.Save(ses);

                    //Also put the account history on the client.
                    person.AccountHistory.Add(new AccountHistoryEvent
                    {
                        AccountHistoryEventType = ReferenceListHelper <AccountHistoryType> .Find("Login"),
                        EventTime = CallTime
                    });

                    Response.Headers.Add("sessionId", new Microsoft.Extensions.Primitives.StringValues(ses.Id.ToString()));

                    transaction.Commit();

                    return(Ok());
                }
                catch (Exception e)
                {
                    LogException(e);
                    transaction.Rollback();
                    return(StatusCode(500));
                }
            }
        }
Example #2
0
 public ReferenceListAppService(IRepository <ReferenceList, Guid> repository, ReferenceListHelper refListHelper) : base(repository)
 {
     _refListHelper = refListHelper;
 }