public HttpResponseMessage SSOLaunch([FromBody] SSORequestDTO request)
{
var response = new HttpResponseMessage();
if (!ModelState.IsValid || request == null)
{
response.Content = new StringContent("Invalid request payload.");
response.StatusCode = HttpStatusCode.Unauthorized;
return(response);
}
Guid ssoID;
//check id is correct format
try
{
ssoID = Guid.Parse(request.ssoUserId);
}catch (Exception)
{
response.Content = new StringContent("Invalid Guid format");
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
using (var db = new DataBaseContext())
{
try
{
//Create manager
LoginManager lm = new LoginManager(db);
//Validate request and login user
string token = lm.SSOLogin(ssoID, request.email, request.timeStamp, request.signature);
if (token == null)
{
response.Content = new StringContent("Token is null");
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
//Create Redirect response
//TODO: make sure our redirect is to our site
string redirectUrl = "https://checkitspyderz.net/#/ssologin?token=" + token;
response = Request.CreateResponse(HttpStatusCode.Moved);
response.Headers.Location = new Uri(redirectUrl);
return(response);
}
catch (InvalidRequestSignature e)
{
//Send the unathorized response with message of exception
response.Content = new StringContent(e.Message);
response.StatusCode = HttpStatusCode.Unauthorized;
return(response);
}
}
}
public HttpResponseMessage SSODelete([FromBody] SSORequestDTO request)
{
var response = new HttpResponseMessage();
if (!ModelState.IsValid || request == null)
{
//TODO: log
response.Content = new StringContent("Invalid request payload.");
response.StatusCode = HttpStatusCode.Unauthorized;
return(response);
}
Guid ssoID;
//check id is correct format
try
{
ssoID = Guid.Parse(request.ssoUserId);
}
catch (Exception)
{
//TODO: Log
response.Content = new StringContent("Invalid Guid format");
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
using (var db = new DataBaseContext())
{
try
{
//Remove user from database
UserManager userManager = new UserManager(db);
userManager.DeleteUserFromSSO(ssoID, request.email, request.timeStamp, request.signature);
//make response
response.StatusCode = HttpStatusCode.OK;
return(response);
}
catch (InvalidRequestSignature e)
{
//TODO: log
response.Content = new StringContent(e.Message);
response.StatusCode = HttpStatusCode.Unauthorized;
return(response);
}
catch (UserDoesNotExistException e)
{
//TODO: log
response.Content = new StringContent(e.Message);
response.StatusCode = HttpStatusCode.OK;
return(response);
}
}
}