public IHttpActionResult Submit(AccountCredentialDTO credentials)
        {
            // Credentials is already read and deserialized into a DTO. Validate it.
            Validate(credentials);

            // Checks for valid model state
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            // Check to make they are not a new SSO user
            if (_partialAccountRepository.Exists(d => d.UserName == credentials.Username))
            {
                var transformer = new SsoLoginTransformer();
                var ssoLoginDto = transformer.Fetch(credentials);
                var response    = _ssoControllerLogic.Login(ssoLoginDto);
                return(ResponseMessage(response));
            }

            // Proccess any other information.
            if (!_accountRepository.Exists(d => d.UserName == credentials.Username))
            {
                return(Unauthorized());
            }

            if (!_saltRepository.Exists(d => d.UserName == credentials.Username, d => d.Account))
            {
                return(Unauthorized());
            }

            Salt salt;

            try
            {
                salt = _saltRepository.GetSingle(d => d.UserName == credentials.Username, d => d.Account);
            }
            catch (Exception)
            {
                return(Unauthorized());
            }

            // Check app DB for user.
            Account account;

            try
            {
                account = _accountRepository.GetSingle(d => d.UserName == credentials.Username);
            }
            catch (Exception)
            {
                return(Unauthorized());
            }

            if (!account.AccountStatus)
            {
                return(BadRequest("SUSPENDED"));
            }

            // Issue login information
            if (account.Password == HashService.Instance.HashPasswordWithSalt(salt.PasswordSalt, credentials.Password, true))
            {
                var          response = new HttpResponseMessage();
                JAccessToken token;
                var          claims = (List <AccountType>)account.AccountTypes;
                // JWT token already exists
                if (_jwtRepository.Exists(d => d.UserName == account.UserName, d => d.Account))
                {
                    token                = _jwtRepository.GetSingle(d => d.UserName == account.UserName, d => d.Account);
                    token.Value          = JwtManager.Instance.GenerateToken(claims);
                    token.DateTimeIssued = DateTime.UtcNow;
                    _jwtRepository.Update(token);
                }
                // JWT does not exist for this user
                else
                {
                    token = new JAccessToken
                    {
                        Value          = JwtManager.Instance.GenerateToken(claims),
                        UserName       = account.UserName,
                        DateTimeIssued = DateTime.UtcNow
                    };
                    _jwtRepository.Insert(token);
                }

                return(Json(new { AuthToken = token.Value }));
            }
            // Given password does no match the stored hashed password after being hashed
            else
            {
                return(Unauthorized());
            }
        }
Esempio n. 2
0
 public bool Exists(string username)
 {
     return(_partialAccountRepository.Exists(acc => acc.UserName == username));
 }