-
Notifications
You must be signed in to change notification settings - Fork 0
/
UsersController.cs
98 lines (93 loc) · 4.13 KB
/
UsersController.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Net;
using System.Net.Http;
using System.Reflection;
using System.Security.Claims;
using System.Web.Http;
using System.Web.Http.Cors;
using EventFeedback.Common;
using EventFeedback.Domain;
using EventFeedback.Web.Api.Models;
using Microsoft.ApplicationInsights;
using Microsoft.ApplicationInsights.DataContracts;
using Microsoft.AspNet.Identity;
using Microsoft.Owin.Infrastructure;
using Microsoft.Owin.Security;
namespace EventFeedback.Web.Api.Controllers
{
[RoutePrefix("api/v1/user")]
[EnableCors(origins: "*", headers: "*", methods: "*")]
[ExceptionHandling]
public class UserController : ApiController
{
private readonly TraceSource _traceSource = new TraceSource(Assembly.GetExecutingAssembly().GetName().Name);
private readonly UserService _userService;
private readonly TelemetryClient _telemetry = new TelemetryClient();
public UserController(UserService userService)
{
Guard.Against<ArgumentException>(userService == null, "userService cannot be null");
_userService = userService;
}
[HttpPost]
[Route("token")] // = SIGNIN
public HttpResponseMessage Token(LoginBindingModel login)
{
using (new TraceLogicalScope(_traceSource, "UserController:Token"))
{
Guard.Against<ArgumentException>(login == null, "login cannot be empty be null");
var et = new EventTelemetry("API:Users/Login");
et.Properties.Add("username", login.UserName);
_telemetry.TrackEvent(et);
var user = _userService.FindUser(login.UserName, login.Password);
if (user != null && user.IsActive())
{
//_userService.HideSensitiveData(user);
var identity = _userService.CreateIdentity(user, Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, login.UserName));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(1440));
_traceSource.Warn("login success");
return new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ObjectContent<object>(new
{
UserName = identity.GetUserName(),
AccessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket),
Issued = DateTime.UtcNow,
Expires = ticket.Properties.ExpiresUtc
}, Configuration.Formatters.JsonFormatter)
};
}
_traceSource.Warn("login failed");
return new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
}
[HttpGet]
[Route("profile")]
[Authorize]
public HttpResponseMessage Profile()
{
using (new TraceLogicalScope(_traceSource, "UserController:Profile"))
{
var user = _userService.FindUserByName(User.Identity.Name);
if (user == null || !user.IsActive()) return new HttpResponseMessage(HttpStatusCode.Unauthorized);
var roles = _userService.UserRoles(user);
_userService.HideSensitiveData(user);
return new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ObjectContent<object>(new
{
UserName = User.Identity.Name,
Profile = user,
Roles = roles
}, Configuration.Formatters.JsonFormatter)
};
}
}
}
}