public HttpResponseMessage ForgetMe()
{
var formsAuth = new FormsAuthWrapper();
formsAuth.SignOut();
return(Request.CreateResponse(HttpStatusCode.NoContent));
}
public async Task <HttpResponseMessage> UserLogin(LoginCredentials login)
{
TokenModel token;
Database = login.Application;
User user;
using (var s = AsyncSession)
{
var items = await s.Query <User, UserByEmailIndex>()
.Customize(x => x.WaitForNonStaleResultsAsOfLastWrite())
.Where(x => x.Email == login.Email)
.ToListAsync();
if (items == null || items.Count != 1)
{
return(Request.CreateResponse(HttpStatusCode.NotFound,
new ResponseContainer(HttpStatusCode.NotFound, "User not found.")));
}
try
{
user = items.Single();
}
catch (InvalidOperationException)
{
return(Request.CreateResponse(HttpStatusCode.NotFound,
new ResponseContainer(HttpStatusCode.NotFound, "User not found.")));
}
var valid = await CommandExecutor.ExecuteCommand(
new ValidateUserPasswordCommand(login.Password,
new ValidateLoginCredentials(user.Password, user.Salt, App.Pepper,
user.Id)));
if (!valid)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
new ResponseContainer(HttpStatusCode.Unauthorized,
"Your password does not match our records.")));
}
if (user.Application != login.Application)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
new ResponseContainer(HttpStatusCode.Unauthorized,
string.Format("You do not have access to {0}.",
login.Application))));
}
var config = await s.LoadAsync <Config>("1");
if (config.UsersCanExpire)
{
var today = CommandExecutor.ExecuteCommand(new ConvertToJavascriptUtcCommand(DateTime.UtcNow)).Ticks;
if (user.AccessRules == null)
{
user.AccessRules = new User.UserAccessRules();
}
if (user.AccessRules.StartDate > today)
{
// TODO Fix date to be correct format
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
new ResponseContainer(HttpStatusCode.Unauthorized,
string.Format(
"You are are not authorized for use until {0}. Please contact the administrators if you wish to request a different start date.",
new DateTime(CommandExecutor.ExecuteCommand(new ConvertToNetUtcCommand(user.AccessRules.StartDate)).Ticks)
.ToShortDateString()))));
}
if (user.AccessRules.EndDate < today)
{
// TODO Fix date to be correct format
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
new ResponseContainer(HttpStatusCode.Unauthorized,
string.Format(
"You were only authorized for use until {0}. Please contact the administrators if you wish to request more time.",
new DateTime(CommandExecutor.ExecuteCommand(new ConvertToNetUtcCommand(user.AccessRules.EndDate)).Ticks)
.ToShortDateString()))));
}
}
token = await TokenService.GetToken(
new GetTokenCommandAsyncBase.GetTokenParams(App.ArcGisHostUrl, App.Instance, App.Ssl, App.Port),
new GetTokenCommandAsyncBase.User(null, App.Password), login.Application, user.Role);
if (!token.Successful)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
new ResponseContainer(HttpStatusCode.Unauthorized,
token.Error.Message)));
}
if (user.Role.Contains("admin"))
{
user.AdminToken = string.Format("{0}.{1}", user.Id, Guid.NewGuid());
}
try
{
user.LastLogin = CommandExecutor.ExecuteCommand(new ConvertToJavascriptUtcCommand(DateTime.UtcNow)).Ticks;
}
catch (Exception)
{
//swallow. who cares?
}
}
var response = Request.CreateResponse(HttpStatusCode.OK,
new ResponseContainer <AuthenticationResponse>(
new AuthenticationResponse(token, user)));
var formsAuth = new FormsAuthWrapper();
var cookie = formsAuth.SetAuthCookie(user.Email, user.Application, login.Persist);
response.Headers.AddCookies(new Collection <CookieHeaderValue> {
cookie
});
return(response);
}
