public LoginModule( IReadOnlyRepository readOnlyRepository, IUserSessionFactory userSessionFactory, IPasswordEncryptor passwordEncryptor) { Post["/login/facebook"] = r => { var loginInfo = this.Bind<FacebookLoginRequest>(); try { var user = readOnlyRepository.First<User>(x => x.FacebookId == loginInfo.FacebookId); //if (!user.Verified) return new Response().WithStatusCode(HttpStatusCode.Forbidden); UserSession userSession = userSessionFactory.Create(user); return new SuccessfulLoginResponse<Guid>(userSession.Id, userSession.Expires); } catch (ItemNotFoundException<User> ex) { return new Response().WithStatusCode(HttpStatusCode.Unauthorized); } }; Post["/login"] = r => { var loginInfo = this.Bind<BasicLoginRequest>(); if (loginInfo.Email == null) throw new UserInputPropertyMissingException("Email"); if (loginInfo.Password == null) throw new UserInputPropertyMissingException("Password"); EncryptedPassword encryptedPassword = passwordEncryptor.Encrypt(loginInfo.Password); try { var user = readOnlyRepository.First<User>( x => x.Email == loginInfo.Email && x.EncryptedPassword == encryptedPassword.Password); //if (!user.Activated) throw new ForbiddenRequestException(); UserSession userSession = userSessionFactory.Create(user); return new SuccessfulLoginResponse<Guid>(userSession.Id, userSession.Expires); } catch (ItemNotFoundException<User>) { throw new UnauthorizedAccessException(); } }; Post["/logout"] = r => { var loginInfo = this.Bind<FacebookLoginRequest>(); try { var session = readOnlyRepository.First<UserSession>(x => x.User.FacebookId == loginInfo.FacebookId); userSessionFactory.Delete(session.Id); return new Response().WithStatusCode(HttpStatusCode.OK); } catch (ItemNotFoundException<UserSession> ex) { return new Response().WithStatusCode(HttpStatusCode.Unauthorized); } }; }