public object Get()
{
TimeSpan ts;
if (BruteForceLock.IsBanned(HttpContext.Current.Request.UserHostAddress, out ts))
{
return(new
{
attempts = 0,
banTime = (int)ts.TotalSeconds
});
}
return(new { attempts = GetRemainingAttempts() });
}
public object Post([FromBody] LoginModel model)
{
if (IsAuthenticated)
{
return new { result = false }
}
;
if (BruteForceLock.IsBanned(HttpContext.Current.Request.UserHostAddress))
{
return new { result = false, attempts = 0 }
}
;
if (!ModelState.IsValid)
{
var errors = new List <string>();
foreach (var value in ModelState.Values)
{
foreach (var error in value.Errors)
{
errors.Add(error.ErrorMessage);
}
}
return(new { result = false, attempts = GetRemainingAttempts(), errors = errors });
}
var email = model.Email.ToLower();
var password_hash = model.Password.ToPasswordHash(email);
var user = _database.Login(email, password_hash);
if (user == null)
{
var ts = BruteForceLock.OnFailed(HttpContext.Current.Request.UserHostAddress);
if (ts.HasValue)
{
return(new
{
result = false,
attempts = 0,
banTime = (int)ts.Value.TotalSeconds
});
}
// username or password wrong
return(new
{
result = false,
attempts = GetRemainingAttempts()
});
}
// set cookie etc...
BruteForceLock.OnSuccess(HttpContext.Current.Request.UserHostAddress);
var userCookie = UserCookie.Create(email);
var expireDate = DateTime.UtcNow + UserCookieCache.CookieLifetime;
var cookie = new HttpCookie(UserCookie.CookieName);
cookie.Expires = expireDate;
cookie.Value = userCookie.SecureHash;
if (!string.IsNullOrWhiteSpace(UserCookie.CookieDomain))
{
cookie.Domain = UserCookie.CookieDomain;
}
HttpContext.Current.Response.Cookies.Add(cookie);
UserCookieCache.AddSession(userCookie.SecureHash, HttpContext.Current.Request.UserHostAddress, user.Id, expireDate);
_database.AddUserLog(user.Id, "Logged in");
return(new { result = true });
}
}
}
private int GetRemainingAttempts()
{
return(BruteForceLock.GetRemainingAttempts(HttpContext.Current.Request.UserHostAddress));
}