public HttpResponseMessage Login(string username, string password) { if (!string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password)) { User user = db.User.FirstOrDefault(u => u.username == username); if (user != null) { if (HomeController.ComparePasswords(user.password, user.salt, password)) { return(HomeController.CreateAuthorizationHeader(Request, username)); } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "usuario o contraseña incorrecta")); } } return(Request.CreateResponse(HttpStatusCode.NotFound, "el usuario no existe")); } return(Request.CreateResponse(HttpStatusCode.BadRequest, "usuario o contraseña vacía")); }
// POST: api/users public HttpResponseMessage Post([FromBody] User user) { if (user != null && !string.IsNullOrEmpty(user.username) && !string.IsNullOrEmpty(user.password) && !string.IsNullOrWhiteSpace(user.email)) { var usuarioDb = db.User.FirstOrDefault(u => u.username == user.username); if (usuarioDb == null) { try { user.salt = HomeController.CreateSalt(); user.password = HomeController.HashPassword(user.password, user.salt); db.User.Add(user); db.SaveChanges(); return(Request.CreateResponse(HttpStatusCode.Created)); } catch (Exception e) { return(Request.CreateResponse(HttpStatusCode.InternalServerError, string.Format("{0} - {1}", ERROR, e.Message))); } } return(Request.CreateResponse(HttpStatusCode.Conflict, "usuario duplicado")); } return(Request.CreateResponse(HttpStatusCode.BadRequest, "usuario no válido")); }