public string Authorise(AuthCredentials auth)
{
//Verify user is valid credentials
var isValidAuth = Security.ValidateBackOfficeCredentials(auth.Username, auth.Password);
//Are credentials correct?
if (isValidAuth)
{
//Get the backoffice user from username
var user = ApplicationContext.Services.UserService.GetByUsername(auth.Username);
//Generate AuthToken DB object
var newToken = new UmbracoAuthToken();
newToken.IdentityId = user.Id;
newToken.IdentityType = IdentityAuthType.User.ToString();
//Generate a new token for the user
var authToken = UmbracoAuthTokenFactory.GenerateUserAuthToken(newToken);
//Store in DB (inserts or updates existing)
UserAuthTokenDbHelper.InsertAuthToken(authToken);
//Return the JWT token as the response
//This means valid login & client in our case mobile app stores token in local storage
return(authToken.AuthToken);
}
//Throw unauthorised HTTP error
var httpUnauthorised = new HttpResponseMessage(HttpStatusCode.Unauthorized);
throw new HttpResponseException(httpUnauthorised);
}
public string AuthoriseMember(AuthCredentials auth)
{
//Verify user is valid credentials - using current membership provider
//Should be native Umbraco one
var isValidAuth = Membership.ValidateUser(auth.Username, auth.Password);
//Are credentials correct?
if (isValidAuth)
{
//Get the member from username
var member = ApplicationContext.Services.MemberService.GetByUsername(auth.Username);
//Check if we have an Auth Token for user
var hasAuthToken = UserAuthTokenDbHelper.GetAuthToken(member.Id);
//If the token already exists
if (hasAuthToken != null)
{
//Lets just return it in the request
return(hasAuthToken.AuthToken);
}
//Else user has no token yet - so let's create one
//Generate AuthToken DB object
var newToken = new UmbracoAuthToken();
newToken.IdentityId = member.Id;
newToken.IdentityType = IdentityAuthType.Member.ToString();
//Generate a new token for the user
var authToken = UmbracoAuthTokenFactory.GenerateAuthToken(newToken);
//We insert authToken as opposed to newToken
//As authToken now has DateTime & JWT token string on it now
//Store in DB (inserts or updates existing)
UserAuthTokenDbHelper.InsertAuthToken(authToken);
//Return the JWT token as the response
//This means valid login & client in our case mobile app stores token in local storage
return(authToken.AuthToken);
}
//Throw unauthorised HTTP error
var httpUnauthorised = new HttpResponseMessage(HttpStatusCode.Unauthorized);
throw new HttpResponseException(httpUnauthorised);
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
void MemberService_Saving(IMemberService sender, SaveEventArgs <IMember> e)
{
//Saved entites (Could be more than one member saved. Very unlikely?)
var member = e.SavedEntities.FirstOrDefault();
//Found a member that has been saved
if (member != null)
{
//Check if the password property (RawPasswordValue) is dirty aka has beeen changed
var passIsDirty = member.IsPropertyDirty("RawPasswordValue");
//Password has been changed
if (passIsDirty)
{
//Check if user already has token in DB (token created on first login/auth to API)
var hasAuthToken = UserAuthTokenDbHelper.GetAuthToken(member.Id);
//invalidate token (Only if token exists in DB)
//We have found an existing token
if (hasAuthToken != null)
{
//Generate AuthToken DB object
var newToken = new UmbracoAuthToken();
newToken.IdentityId = member.Id;
newToken.IdentityType = IdentityAuthType.Member.ToString();
//Generate a new token for the user
var authToken = UmbracoAuthTokenFactory.GenerateUserAuthToken(newToken);
//NOTE: We insert authToken as opposed to newToken
//As authToken now has DateTime & JWT token string on it now
//Store in DB (inserts or updates existing)
UserAuthTokenDbHelper.InsertAuthToken(authToken);
}
}
}
}