public async Task <IHttpActionResult> Register(RegisterUserViewModel model)
{
try
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CommandWorker.RegisterUser(model);
// Create new Account
IdentityUser user = new IdentityUser
{
UserName = model.UserName
};
string decryptedPwd = Codec.DecryptStringAES(model.Password);
IdentityResult result = UserManager.Create(user, decryptedPwd);
IHttpActionResult errorResult = GetErrorResult(result);
if (errorResult != null)
{
return(errorResult);
}
await MailProvider.GetMailprovider().SendActivationEmail(model.Email, model.UserName, decryptedPwd, model.ActivationKey, Request.Headers.Referrer.AbsoluteUri);
//TODO: Remove -> Register a user does NOT require to return a User (needs an activation step)
User discuser = await QueryWorker.GetUserByUserName(model.UserName);
return(Ok(discuser));
}
catch (Exception e)
{
return(BadDisciturRequest(e.Message));
}
}
//[Mag14.Controllers.AccountController.JsonResultWebApiFilter]
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (UserManager <IdentityUser> userManager = _userManagerFactory())
{
// Sent encrypted password to decrypt with the same algorithm
IdentityUser user = await userManager.FindAsync(context.UserName, Codec.DecryptStringAES(context.Password));
if (user == null)
{
context.SetError("discerr03", "The user name or password is incorrect.");
//context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
// TODO: remove bastard instantiation with DI
UserActivation activation = await(new DisciturContext()).UserActivations.FindAsync(context.UserName);
if (activation != null)
{
context.SetError("not_activated", "The account is not activated.");
return;
}
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user, context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user, CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
try
{
User _user = await QueryWorker.GetUserByUserName(user.UserName);
CommandWorker.LogInUser(_user.UserId, DateTime.Now);
}
// TODO: gestire l'eccezione di validazione (per loginripetute ello stesso giorno
catch (Exception) { }
}
}