public void PostVerify()
{
A account = User.GetCurrentUserAccount(GetAccountsDbSet(_context));
if (account != null)
{
string confirmationKey = CustomLoginProviderUtils.RandomString(32);
account.ConfirmationHash = CustomLoginProviderUtils.Hash(confirmationKey, account.Salt);
account.Verified = false;
_context.SaveChanges();
_emailService.SendEmail("Account confirmation", CreateConfirmationLink(account.Sid, confirmationKey), account);
}
}
public IHttpActionResult RefreshToken(string userId, string refreshToken)
{
A account = GetAccountsDbSet(_context).GetUserAccount(userId, "Federation");
if (account == null || account.RefreshToken != refreshToken)
{
return(BadRequest("Invalid account or refresh token."));
}
else
{
var newAccessToken = GetAuthenticationTokenForUser(userId);
account.RefreshToken = CustomLoginProviderUtils.GenerateRefreshToken();
_context.SaveChanges();
return(Ok(new CustomLoginResult()
{
UserId = account.Sid,
MobileServiceAuthenticationToken = newAccessToken.RawData,
RefreshToken = account.RefreshToken
}));
}
}
public IHttpActionResult Login(CustomLoginRequest loginRequest)
{
A account = GetAccountsDbSet(_context).GetUserAccount(loginRequest.UserId, "Federation");
if (account != null)
{
byte[] incoming = CustomLoginProviderUtils.Hash(loginRequest.Password, account.Salt);
if (CustomLoginProviderUtils.SlowEquals(incoming, account.Hash))
{
var accessToken = GetAuthenticationTokenForUser(account.Sid);
account.RefreshToken = CustomLoginProviderUtils.GenerateRefreshToken();
_context.SaveChanges();
return(Ok(new CustomLoginResult()
{
UserId = account.Sid,
MobileServiceAuthenticationToken = accessToken.RawData,
RefreshToken = account.RefreshToken
}));
}
}
return(BadRequest("Invalid name or password."));
}
/// <summary>
/// Posts the specified registration request.
/// </summary>
/// <param name="registrationRequest">The registration request.</param>
/// <returns></returns>
public RegistrationResult Post(RegistrationRequest registrationRequest)
{
DbSet<A> accounts = GetAccountsDbSet(_context);
A account = accounts.GetUserAccount(registrationRequest.UserId, "Federation");
if (account != null)
{
return RegistrationResult.AlreadyRegistered;
}
else
{
byte[] salt = CustomLoginProviderUtils.GenerateSalt();
A newAccount = new A
{
Sid = registrationRequest.UserId,
Provider = "Federation",
Salt = salt,
Hash = CustomLoginProviderUtils.Hash(registrationRequest.Password, salt)
};
accounts.Add(newAccount);
_context.SaveChanges();
return RegistrationResult.Registered;
}
}
public HttpResponseMessage GetVerify(string userId, string key)
{
string result = null;
A account = GetAccountsDbSet(_context).GetUserAccount(userId, "Federation");
if (account != null)
{
if (account.Verified)
{
result = "Account is already verified.";
}
else
{
var hash = CustomLoginProviderUtils.Hash(key, account.Salt);
if (CustomLoginProviderUtils.SlowEquals(hash, account.ConfirmationHash))
{
account.Verified = true;
_context.SaveChanges();
result = "Account was successfuly verified.";
}
else
{
result = "Wrong verification key.";
}
}
}
else
{
result = "Account was not found.";
}
var response = Request.CreateResponse(HttpStatusCode.OK);
response.Content = new StringContent($"<html><body>{result}</body></html>");
response.Content.Headers.ContentType = new MediaTypeHeaderValue("text/html");
return(response);
}
