// POST api/CustomRegistration
public async Task <HttpResponseMessage> Post(RegistrationRequest registrationRequest)
{
if (!Regex.IsMatch(registrationRequest.Login, "^[a-zA-Z0-9]{4,}$"))
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid login (at least 4 chars, alphanumeric only)"));
}
if (registrationRequest.Password.Length < 8)
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid password (at least 8 chars required)"));
}
var context = new AptkAmaContext();
var account = context.Accounts.SingleOrDefault(a => a.Login == registrationRequest.Login);
if (account != null)
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "That login already exists."));
}
byte[] salt = CustomLoginProviderUtils.GenerateSalt();
var newAccount = new Account
{
Id = Guid.NewGuid().ToString(),
Name = registrationRequest.Name,
Login = registrationRequest.Login,
Salt = salt,
SaltedAndHashedPassword = CustomLoginProviderUtils.Hash(registrationRequest.Password, salt)
};
context.Accounts.Add(newAccount);
await context.SaveChangesAsync();
return(this.Request.CreateResponse(HttpStatusCode.Created));
}
public HttpResponseMessage Post(LoginRequest loginRequest)
{
if (string.IsNullOrEmpty(loginRequest.Login) || string.IsNullOrEmpty(loginRequest.Password))
{
return(Request.CreateBadRequestResponse("Login and Password should not be null"));
}
var context = new AptkAmaContext();
var account = context.Accounts.SingleOrDefault(a => a.Login == loginRequest.Login);
if (account != null)
{
var incoming = CustomLoginProviderUtils.Hash(loginRequest.Password, account.Salt);
if (CustomLoginProviderUtils.SlowEquals(incoming, account.SaltedAndHashedPassword))
{
var token = AppServiceLoginHandler.CreateToken(new[] { new Claim(JwtRegisteredClaimNames.Sub, loginRequest.Login) },
GetSigningKey(),
_host,
_host,
TimeSpan.FromHours(24));
var customLoginResult = new JObject
{
{ "userId", account.Id },
{ "mobileServiceAuthenticationToken", token.RawData }
};
return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult));
}
}
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"));
}
protected override void Initialize(HttpControllerContext controllerContext)
{
base.Initialize(controllerContext);
AptkAmaContext context = new AptkAmaContext();
DomainManager = new EntityDomainManager <TodoItem>(context, Request);
}
