// POST api/CustomRegistration public async Task <HttpResponseMessage> Post(RegistrationRequest registrationRequest) { if (!Regex.IsMatch(registrationRequest.Login, "^[a-zA-Z0-9]{4,}$")) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid login (at least 4 chars, alphanumeric only)")); } if (registrationRequest.Password.Length < 8) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid password (at least 8 chars required)")); } var context = new AptkAmaContext(); var account = context.Accounts.SingleOrDefault(a => a.Login == registrationRequest.Login); if (account != null) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "That login already exists.")); } byte[] salt = CustomLoginProviderUtils.GenerateSalt(); var newAccount = new Account { Id = Guid.NewGuid().ToString(), Name = registrationRequest.Name, Login = registrationRequest.Login, Salt = salt, SaltedAndHashedPassword = CustomLoginProviderUtils.Hash(registrationRequest.Password, salt) }; context.Accounts.Add(newAccount); await context.SaveChangesAsync(); return(this.Request.CreateResponse(HttpStatusCode.Created)); }
public HttpResponseMessage Post(LoginRequest loginRequest) { if (string.IsNullOrEmpty(loginRequest.Login) || string.IsNullOrEmpty(loginRequest.Password)) { return(Request.CreateBadRequestResponse("Login and Password should not be null")); } var context = new AptkAmaContext(); var account = context.Accounts.SingleOrDefault(a => a.Login == loginRequest.Login); if (account != null) { var incoming = CustomLoginProviderUtils.Hash(loginRequest.Password, account.Salt); if (CustomLoginProviderUtils.SlowEquals(incoming, account.SaltedAndHashedPassword)) { var token = AppServiceLoginHandler.CreateToken(new[] { new Claim(JwtRegisteredClaimNames.Sub, loginRequest.Login) }, GetSigningKey(), _host, _host, TimeSpan.FromHours(24)); var customLoginResult = new JObject { { "userId", account.Id }, { "mobileServiceAuthenticationToken", token.RawData } }; return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult)); } } return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password")); }
protected override void Initialize(HttpControllerContext controllerContext) { base.Initialize(controllerContext); AptkAmaContext context = new AptkAmaContext(); DomainManager = new EntityDomainManager <TodoItem>(context, Request); }