public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
UserMo user = await _loginUserService.ValidateUser(context.UserName, context.Password);
if (user != null)
{
context.Result = new GrantValidationResult(
subject: context.UserName,
authenticationMethod: "custom",
claims: new Claim[] {
new Claim("Name", context.UserName),
new Claim(ClaimTypes.Sid, user.Id.ToString()),
new Claim(ClaimTypes.Role, user.Role)
}
);
}
else
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Invalid client credential");
}
}
public static async Task <HttpResponseMessage> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "users/validate/")] HttpRequest req,
ILogger log)
{
//get all query string params
string usernameQuery = req.Query["username"];
string hashedPasswordQuery = req.Query["password"];
//get all req body values
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
string username = usernameQuery ?? data?.username;
string hashedPassword = hashedPasswordQuery ?? data?.password;
if (username == null || hashedPassword == null)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("Usage: username and password must be provided.", Encoding.UTF8, "text/plain")
});
}
var azureService = new AzureService();
try
{
var row = (await azureService.executeCommand($"SELECT * FROM Users WHERE Username = '******';", "UserMo")).FirstOrDefault();
if (row != null)
{
UserMo user = (UserMo)row;
var storedPassword = user.HashedPassword;
if (storedPassword.Equals(hashedPassword))
{
var azureService2 = new AzureService();
var game = await azureService2.executeCommand($"SELECT * FROM Games WHERE UserId = '{user.UserId}'", "GameMo");
if (game != null)
{
var result = JsonConvert.SerializeObject(game.FirstOrDefault());
return(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(result, Encoding.UTF8, "application/json")
});
}
}
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("Invalid Password", Encoding.UTF8, "application/json")
});
}
else
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("Username doesn't exist", Encoding.UTF8, "application/json")
});
}
}
catch
{
return(new HttpResponseMessage(HttpStatusCode.InternalServerError));
}
}