public bool AddAuthToken(AuthTokenVM authTokenVM)
 {
     //todo delete old tokens/expired
     var authToken = MapMVM.AuthTokenVMToAuthToken(authTokenVM);
     _uow.SecurityRepository.AddAuthToken(authToken);
     return true;
 }
Example #2
0
 public static AuthToken AuthTokenVMToAuthToken(AuthTokenVM authTokenVM)
 {
     var authToken = new AuthToken()
     {
         Expiration = authTokenVM.Expiration,
         Token = authTokenVM.Token,
         ApiUser = authTokenVM.ApiUser
     };
     return authToken;
 }
Example #3
0
        public HttpResponseMessage Post([FromBody]TokenRequestModel model)
        {
            try
            {
                var user = _service.GetApiUser(model.ApiKey);
                if (user != null)
                {
                    var secret = user.Secret;

                    // Simplistic implementation DO NOT USE
                    var key = Convert.FromBase64String(secret);
                    var provider = new System.Security.Cryptography.HMACSHA256(key);
                    // Compute Hash from API Key (NOT SECURE)
                    var hash = provider.ComputeHash(Encoding.UTF8.GetBytes(user.AppId));
                    var signature = Convert.ToBase64String(hash);

                    if (signature == model.Signature)
                    {
                        var rawTokenInfo = string.Concat(user.AppId + DateTime.UtcNow.ToString("d"));
                        var rawTokenByte = Encoding.UTF8.GetBytes(rawTokenInfo);
                        var token = provider.ComputeHash(rawTokenByte);
                        var authToken = new AuthTokenVM()
                        {
                            Token = Convert.ToBase64String(token),
                            Expiration = DateTime.UtcNow.AddDays(7),
                            ApiUser = user
                        };
                        if (_service.AddAuthToken(authToken))
                        {
                            return Request.CreateResponse(HttpStatusCode.Created, authToken);
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex);
            }

            return Request.CreateResponse(HttpStatusCode.BadRequest);
        }