public HttpResponseMessage LoginUser(UserDto value)
{
BloggingSystemContext context = null;
try
{
context = new BloggingSystemContext();
this.ValidateUserIdentifier(
value.Username,
"Username",
MinUsernameLength,
MaxUsernameLength,
ValidUsernameCharacters);
this.ValidateAuthCode(value.AuthCode);
var user = context.Users.FirstOrDefault(
u => u.Username == value.Username &&
u.AuthCode == value.AuthCode);
if (user == null)
{
throw new InvalidOperationException("Invalid username or password.");
}
if (user.SessionKey == null || user.SessionKey.Length != SessionKeyLength)
{
user.SessionKey = this.GenerateSessionKey(user.Id);
context.SaveChanges();
}
var loggedUserDto = new LoggedUserDto()
{
DisplayName = user.DisplayName,
SessionKey = user.SessionKey
};
var response = Request.CreateResponse(HttpStatusCode.Accepted, loggedUserDto);
return(response);
}
catch (Exception ex)
{
var errorResponse = Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message);
throw new HttpResponseException(errorResponse);
}
finally
{
if (context != null)
{
context.Dispose();
}
}
}
public HttpResponseMessage LogoutUser()
{
BloggingSystemContext context = null;
try
{
string sessionKey = ApiControllerHelper.GetHeaderValue(Request.Headers, "X-SessionKey");
if (sessionKey == null)
{
throw new ArgumentNullException("No session key provided in the request header!");
}
context = new BloggingSystemContext();
var user = context.Users.FirstOrDefault(u => u.SessionKey == sessionKey);
if (user.SessionKey == null)
{
throw new ArgumentNullException("User is already logged out!");
}
user.SessionKey = null;
context.SaveChanges();
var response = Request.CreateResponse(HttpStatusCode.OK);
return(response);
}
catch (Exception ex)
{
var errorResponse = Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message);
throw new HttpResponseException(errorResponse);
}
finally
{
if (context != null)
{
context.Dispose();
}
}
}
public HttpResponseMessage RegisterUser(UserDto value)
{
BloggingSystemContext context = null;
try
{
context = new BloggingSystemContext();
this.ValidateUserIdentifier(
value.Username,
"Username",
MinUsernameLength,
MaxUsernameLength,
ValidUsernameCharacters);
this.ValidateUserIdentifier(
value.DisplayName,
"Display name",
MinDisplayNameLength,
MaxDisplayNameLength,
ValidDisplayNameCharacters);
this.ValidateAuthCode(value.AuthCode);
var user = context.Users.FirstOrDefault(
u => u.Username == value.Username ||
u.DisplayName == value.DisplayName);
if (user != null)
{
throw new InvalidOperationException("User already exists.");
}
user = new User()
{
Username = value.Username,
DisplayName = value.DisplayName,
AuthCode = value.AuthCode
};
context.Users.Add(user);
context.SaveChanges();
user.SessionKey = this.GenerateSessionKey(user.Id);
context.SaveChanges();
var loggedUserDto = new LoggedUserDto()
{
DisplayName = user.DisplayName,
SessionKey = user.SessionKey
};
var response = Request.CreateResponse(HttpStatusCode.Created, loggedUserDto);
return(response);
}
catch (Exception ex)
{
var errorResponse = Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message);
throw new HttpResponseException(errorResponse);
}
finally
{
if (context != null)
{
context.Dispose();
}
}
}