public HttpResponseMessage AdminRegistration(RegistrationRequest registrationRequest)
{
try
{
var respList = new List <string>();
if (!AuthUtils.IsEmailValid(registrationRequest.Email))
{
respList.Add(registrationRequest.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_EMAIL, respList)));
}
var admin = _context.Admins.AsNoTracking().SingleOrDefault(a => a.Email == registrationRequest.Email);
if (admin != null)
{
respList.Add(registrationRequest.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_EXISTS_EMAIL, respList)));
}
var salt = AuthUtils.GenerateSalt();
var newUser = new Admin
{
Id = SequentialGuid.NewGuid().ToString(),
Email = registrationRequest.Email,
Salt = salt,
SaltedAndHashedPassword = AuthUtils.Hash(registrationRequest.Password, salt)
};
_context.Admins.Add(newUser);
_context.SaveChanges();
respList.Add(newUser.Id);
return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_CREATED, respList)));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
public HttpResponseMessage Post(RegistrationRequest registrationRequest)
{
try
{
var respList = new List <string>();
if (!AuthUtils.IsEmailValid(registrationRequest.Email))
{
respList.Add(registrationRequest.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_EMAIL, respList)));
}
if (registrationRequest.Password.Length < 8)
{
respList.Add(registrationRequest.Password);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_PASSWORD, respList)));
}
var user = _context.Users.AsNoTracking().SingleOrDefault(a => a.Email == registrationRequest.Email);
if (user != null)
{
respList.Add(registrationRequest.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_EXISTS_EMAIL, respList)));
}
var salt = AuthUtils.GenerateSalt();
var confirmCode = AuthUtils.RandomNumString(6);
var userId = SequentialGuid.NewGuid().ToString();
var newUser = new User
{
Id = userId,
Email = registrationRequest.Email,
Salt = salt,
EmailSubCode = SequentialGuid.NewGuid().ToString(),
SaltedAndHashedPassword = AuthUtils.Hash(registrationRequest.Password, salt),
SaltedAndHashedEmail = AuthUtils.Hash(confirmCode, salt)
};
_context.Users.Add(newUser);
_context.SaveChanges();
AuthUtils.CreateAccount(_context, StandartLoginProvider.ProviderName, registrationRequest.Email,
StandartLoginProvider.ProviderName + ":" + registrationRequest.Email,
registrationRequest.Email, registrationRequest.FirstName);
using (MailSender mailSender = new MailSender())
{
var bem = new BaseEmailMessage
{
Code = ConstVals.Reg,
ToUserId = newUser.Id,
ToUserEmail = registrationRequest.Email,
ToUserName = registrationRequest.FirstName,
ConfirmCode = confirmCode
};
mailSender.Create(_context, bem);
}
respList.Add(newUser.Id);
return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_CREATED, respList)));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
public HttpResponseMessage ChangePassword(ConfirmRequest resetRequest)
{
try
{
User user;
if (!string.IsNullOrEmpty(resetRequest.UserId) || !string.IsNullOrEmpty(resetRequest.Email))
{
if (resetRequest.Code == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> {
"code"
})));
}
user = !string.IsNullOrEmpty(resetRequest.UserId)
? _context.Users.SingleOrDefault(x => x.Id == resetRequest.UserId)
: _context.Users.SingleOrDefault(x => x.Email == resetRequest.Email);
if (user == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_NOTFOUND,
new List <string> {
resetRequest.UserId ?? resetRequest.Email
})));
}
var standartAccount =
_context.Accounts.SingleOrDefault(
x => x.Provider == StandartLoginProvider.ProviderName && x.UserId == user.Id);
if (standartAccount == null)
{
var newstandartaccount = new Account
{
Id = SequentialGuid.NewGuid().ToString(),
UserId = user.Id,
AccountId = StandartLoginProvider.ProviderName + ":" + user.Email,
Provider = StandartLoginProvider.ProviderName,
ProviderId = user.Email
};
_context.Accounts.Add(newstandartaccount);
_context.SaveChanges();
}
if (!user.ResetRequested)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_RESET_NOT_REQUESTED,
new List <string> {
resetRequest.UserId ?? resetRequest.Email
})));
}
var incoming = AuthUtils.Hash(resetRequest.Code, user.Salt);
if (!AuthUtils.SlowEquals(incoming, user.SaltedAndHashedCode))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_WRONG_CODE,
new List <string> {
resetRequest.UserId ?? resetRequest.Email, resetRequest.Code
})));
}
user.SaltedAndHashedCode = null;
user.EmailConfirmed = true;
user.ResetRequested = false;
}
else
{
// Check Current User
var currentUser = User as ServiceUser;
if (currentUser == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_UNAUTH)));
}
var account = AuthUtils.GetUserAccount(_context, currentUser);
if (account == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, new List <string> {
currentUser.Id
})));
}
user =
_context.Users.SingleOrDefault(x => x.Id == account.UserId);
if (user == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_NOTFOUND,
new List <string> {
account.UserId
})));
}
var standartAccount =
_context.Accounts.SingleOrDefault(
x => x.Provider == StandartLoginProvider.ProviderName && x.UserId == user.Id);
if (standartAccount == null)
{
var newstandartaccount = new Account
{
Id = SequentialGuid.NewGuid().ToString(),
UserId = user.Id,
AccountId = StandartLoginProvider.ProviderName + ":" + user.Email,
Provider = StandartLoginProvider.ProviderName,
ProviderId = user.Email
};
_context.Accounts.Add(newstandartaccount);
_context.SaveChanges();
}
if (string.IsNullOrWhiteSpace(resetRequest.CurrentPassword))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> {
"current password"
})));
}
if (
!AuthUtils.SlowEquals(AuthUtils.Hash(resetRequest.CurrentPassword, user.Salt),
user.SaltedAndHashedPassword))
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_LOGIN_INVALID_PASS)));
}
}
if (string.IsNullOrWhiteSpace(resetRequest.Password))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> {
"password"
})));
}
if (resetRequest.Password.Length < 8)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_PASSWORD, new List <string> {
resetRequest.Password
})));
}
var salt = AuthUtils.GenerateSalt();
user.Salt = salt;
user.SaltedAndHashedPassword = AuthUtils.Hash(resetRequest.Password, salt);
_context.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK,
RespH.Create(RespH.SRV_USER_RESETED, new List <string> {
user.Id
})));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
public HttpResponseMessage SetEmail(UserDTO userdata)
{
try
{
var respList = new List <string>();
if (string.IsNullOrWhiteSpace(userdata.Email))
{
respList.Add("Email");
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, respList)));
}
if (!AuthUtils.IsEmailValid(userdata.Email))
{
respList.Add(userdata.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_EMAIL, respList)));
}
var usersame = _context.Users.AsNoTracking().SingleOrDefault(a => a.Email == userdata.Email);
if (usersame != null)
{
respList.Add(userdata.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_EXISTS_EMAIL, respList)));
}
// Check Current User
var currentUser = User as ServiceUser;
if (currentUser == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_UNAUTH)));
}
var account = AuthUtils.GetUserAccount(_context, currentUser);
if (account == null)
{
respList.Add(currentUser.Id);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, respList)));
}
var user = _context.Users.SingleOrDefault(x => x.Id == account.UserId);
var profile = _context.Profile.SingleOrDefault(x => x.Id == account.UserId);
if (user == null || profile == null)
{
respList.Add(account.UserId);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, respList)));
}
if (!string.IsNullOrWhiteSpace(user.Email))
{
respList.Add(user.Email);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_EXISTS, respList)));
}
var salt = AuthUtils.GenerateSalt();
var confirmCode = AuthUtils.RandomNumString(6);
user.Email = userdata.Email;
user.Salt = salt;
user.SaltedAndHashedEmail = AuthUtils.Hash(confirmCode, salt);
_context.MarkAsModified(user);
_context.SaveChanges();
using (MailSender mailSender = new MailSender())
{
var bem = new BaseEmailMessage
{
Code = ConstVals.Reg,
ToUserId = user.Id,
ToUserEmail = user.Email,
ToUserName = profile.FirstName,
ConfirmCode = confirmCode
};
mailSender.Create(_context, bem);
}
respList.Add(user.Id);
return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_UPDATED, respList)));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
