protected bool IsAccessTokenValid(string accessToken) { var users = _trackingUsers.Query( x => x.AccessToken != null && x.AccessToken.Token == accessToken && x.AccessToken.Expires > DateTime.Now) .FirstOrDefault(); return(users != null); }
public LoginModule(IDataStore dataStore, TrackingUsers trackingUsers, ErrorCodes errorCodes, PasswordManager passwordManager) : base("/login", dataStore, trackingUsers, errorCodes) { _trackingUsers = trackingUsers; _passwordManager = passwordManager; Post["/"] = parameters => { Response response; if (!CheckSaveRetention(SessionCache, out response)) { return(response); } var loginModel = this.Bind <LoginModel>(); var trackingUser = _trackingUsers.Query().FirstOrDefault(x => x.Username == loginModel.Username); if (trackingUser == null) { return(ErrorResponse(HttpStatusCode.Unauthorized, "Wrong username or password!")); } var password = loginModel.Password; var passwordSalt = trackingUser.Salt; var passwordHash = trackingUser.Password; var confirmPassword = _passwordManager.ConfirmPassword(password, passwordHash, passwordSalt); if (confirmPassword) { trackingUser.AccessToken = new AccessToken(Guid.NewGuid().ToString()); _trackingUsers.Update(trackingUser); } return(confirmPassword ? Response.AsJson(trackingUser.AccessToken) : ErrorResponse(HttpStatusCode.Unauthorized, "Wrong username or password!")); }; }
public UserModule(IDataStore dataStore, TrackingUsers trackingUsers, ErrorCodes errorCodes, PasswordManager passwordManager) : base("/user", dataStore, trackingUsers, errorCodes) { _trackingUsers = trackingUsers; _passwordManager = passwordManager; Get["/{page?}/{take?}"] = parameters => { int page; int take; page = int.TryParse(parameters.Page, out page) ? page : 0; take = int.TryParse(parameters.Take, out take) ? take : 10; var currentUser = Context.CurrentUser as UserIdentity; if (currentUser == null) { return(HttpStatusCode.Unauthorized); } this.RequiresClaims(new[] { "Admin" }); var users = _trackingUsers.Query().Skip(page * take).Take(take).ToList(); return(currentUser.Claims.All(x => x != "Admin") ? HttpStatusCode.Unauthorized : Response.AsJson(users)); }; Get["/{userId}"] = parameters => { var currentUser = Context.CurrentUser as UserIdentity; if (currentUser == null || currentUser.AccessToken == null || string.IsNullOrWhiteSpace(currentUser.AccessToken.Token)) { return(HttpStatusCode.Unauthorized); } string userId = parameters.UserId; var accessToken = currentUser.AccessToken; this.RequiresClaims(new[] { "Admin" }); var user = _trackingUsers.Get(userId); if (currentUser.Claims.All(x => x != "Admin")) { if (user == null || user.AccessToken == null || user.AccessToken.Token != accessToken.Token) { return(HttpStatusCode.Unauthorized); } } return(user == null ? (dynamic) new BasicResponseModel((int)HttpStatusCode.NotFound, "User not found!") : Response.AsJson(user)); }; Get["/availability/{username}"] = parameters => { string username = parameters.Username; var user = _trackingUsers.Query().FirstOrDefault(x => x.Username == username); var response = user == null ? new BasicResponseModel(0, "") : new BasicResponseModel(0, "User already exists!"); return(Response.AsJson(response)); }; Get["/availability/email/{email}"] = parameters => { string email = parameters.Email; var user = _trackingUsers.Query().FirstOrDefault(x => x.Email == email); var response = user == null ? new BasicResponseModel(0, "") : new BasicResponseModel(0, "Email is already registered!"); return(Response.AsJson(response)); }; Post["/"] = _ => { var model = this.Bind <UserModel>(); if (model == null) { return(ErrorResponse(HttpStatusCode.BadRequest, "Unknown request. Please provide a username and password.")); } var existingUser = _trackingUsers.Query().FirstOrDefault(x => x.Username == model.Username); if (existingUser != null) { return(ErrorResponse(HttpStatusCode.Conflict, "Username already exists!")); } existingUser = _trackingUsers.Query().FirstOrDefault(x => x.Email == model.Email); if (existingUser != null) { return(ErrorResponse(HttpStatusCode.Conflict, "E-mail is already registered!")); } var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()); var hashPassword = _passwordManager.HashPassword(model.Password, salt); var user = new TrackingUser(model.Username, hashPassword, salt) { Name = model.Name, Email = model.Email, }; _trackingUsers.Add(user); return(Response.AsJson(new UserModel(user), HttpStatusCode.Created)); }; Delete["/{id}"] = parameters => { string id = parameters.Id; var currentUser = Context.CurrentUser as UserIdentity; if (currentUser == null) { return(HttpStatusCode.Unauthorized); } var accessToken = currentUser.AccessToken; this.RequiresClaims(new[] { "Admin" }); var user = _trackingUsers.Get(id); if (currentUser.Claims.All(x => x != "Admin")) { if (user.AccessToken == null || user.AccessToken.Token != accessToken.Token) { return(HttpStatusCode.Unauthorized); } } if (user == null) { return(HttpStatusCode.NotFound); } _trackingUsers.Delete(id); return(HttpStatusCode.OK); }; }