// POST api/CustomRegistration
public HttpResponseMessage Post(RegistrationRequest registrationRequest)
{
if (!Regex.IsMatch(registrationRequest.StudentId, "^[0-9]{8}$"))
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Student Id"));
}
//else if (!Regex.IsMatch(registrationRequest.Email, "^[A-Za-z0-9._%+-]+@+(.*?.)?uts.edu.au$"))
//{
// return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Email must be a UTS email address");
//}
else if (registrationRequest.Password.Length < 8)
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Password (at least 8 chars required)"));
}
helpsDbContext context = new helpsDbContext();
User account = context.Users.Where(a => a.StudentId == registrationRequest.StudentId).SingleOrDefault();
if (account != null)
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "That user already exists, please log in."));
}
else
{
byte[] salt = LoginProviderUtil.generateSalt();
User newUser = new User
{
Id = Guid.NewGuid().ToString(),
FirstName = registrationRequest.FirstName,
LastName = registrationRequest.LastName,
StudentId = registrationRequest.StudentId,
Salt = salt,
Email = registrationRequest.StudentId + "@student.uts.edu.au",
Confirmed = false,
ConfirmToken = Guid.NewGuid().ToString(),
ForgotPasswordToken = Guid.NewGuid().ToString(),
ResetTokenSentAt = DateTime.Now,
SaltedAndHashedPassword = LoginProviderUtil.hash(registrationRequest.Password, salt)
};
var url = Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("DefaultApi", new { controller = "ConfirmEmail", Token = newUser.ConfirmToken });
EmailProviderUtil.SendConfirmationEmail(newUser, url);
context.Users.Add(newUser);
context.SaveChanges();
return(this.Request.CreateResponse(HttpStatusCode.Created));
}
}
public HttpResponseMessage Get(string studentId)
{
helpsDbContext context = new helpsDbContext();
User user = context.Users.Where(a => a.StudentId == studentId).SingleOrDefault();
if (user != null)
{
// Found the user
user.ResetTokenSentAt = DateTime.Now;
var url = Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("DefaultApi", new { controller = "ResetPassword", Token = user.ForgotPasswordToken });
EmailProviderUtil.SendPasswordResetEmail(user, url);
return(this.Request.CreateResponse(HttpStatusCode.OK));
}
return(this.Request.CreateResponse(HttpStatusCode.NotFound, "User not found"));
}
public HttpResponseMessage Get(string StudentId, string Resend)
{
helpsDbContext context = new helpsDbContext();
// Find the User with the token which was emailed to them
User user = context.Users.Where(a => a.StudentId == StudentId).SingleOrDefault();
if (user != null)
{
if (user.Confirmed)
{
return(this.Request.CreateResponse(HttpStatusCode.InternalServerError, "Email already confirmed"));
}
var url = Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("DefaultApi", new { controller = "ConfirmEmail", Token = user.ConfirmToken });
EmailProviderUtil.SendConfirmationEmail(user, url);
//Return success
return(this.Request.CreateResponse(HttpStatusCode.OK, "Email confirmation sent"));
}
return(this.Request.CreateResponse(HttpStatusCode.NotFound, "User not found"));
}
