// POST api/SignIn
public HttpResponseMessage Post(LoginRequest loginRequest)
{
helpsDbContext context = new helpsDbContext();
User account = context.Users
.Where(a => a.StudentId == loginRequest.StudentId).SingleOrDefault();
if (account != null)
{
byte[] incoming = LoginProviderUtil
.hash(loginRequest.Password, account.Salt);
if (!account.Confirmed)
{
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Email has not been confirmed"));
}
if (LoginProviderUtil.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.StudentId));
LoginResult loginResult = new helpsLoginProvider(handler).CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
var customLoginResult = new helpsLoginResult()
{
StudentId = account.StudentId,
FirstName = account.FirstName,
LastName = account.LastName,
Email = account.Email,
HasLoggedIn = account.HasLoggedIn,
AuthToken = loginResult.AuthenticationToken
};
return(this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult));
}
}
return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid username or password"));
}
// GET api/ForgotPassword
public HttpResponseMessage Post(ResetPasswordRequest request)
{
helpsDbContext context = new helpsDbContext();
// Find the User with the token which was emailed to them
User user = context.Users.Where(a => a.ForgotPasswordToken == request.ResetToken).SingleOrDefault();
if (user != null)
{
if (request.Password != request.ConfirmPassword)
{
request.Errors = "Passwords do not match";
return(ViewHelper.View("ResetPassword/Index", request));
}
else if (request.Password.Length < 8)
{
request.Errors = "Password must be minimum 8 characters";
return(ViewHelper.View("ResetPassword/Index", request));
}
byte[] salt = LoginProviderUtil.generateSalt();
user.Salt = salt;
user.SaltedAndHashedPassword = LoginProviderUtil.hash(request.Password, salt);
user.ForgotPasswordToken = Guid.NewGuid().ToString();
context.Entry(user).State = System.Data.Entity.EntityState.Modified;
context.SaveChanges();
return(ViewHelper.View("ResetPassword/Success"));
}
request.Errors = "An error occured";
return(ViewHelper.View("ResetPassword/Index", request));
}
// POST api/CustomRegistration
public HttpResponseMessage Post(RegistrationRequest registrationRequest)
{
if (!Regex.IsMatch(registrationRequest.StudentId, "^[0-9]{8}$"))
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Student Id"));
}
//else if (!Regex.IsMatch(registrationRequest.Email, "^[A-Za-z0-9._%+-]+@+(.*?.)?uts.edu.au$"))
//{
// return this.Request.CreateResponse(HttpStatusCode.BadRequest, "Email must be a UTS email address");
//}
else if (registrationRequest.Password.Length < 8)
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Password (at least 8 chars required)"));
}
helpsDbContext context = new helpsDbContext();
User account = context.Users.Where(a => a.StudentId == registrationRequest.StudentId).SingleOrDefault();
if (account != null)
{
return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "That user already exists, please log in."));
}
else
{
byte[] salt = LoginProviderUtil.generateSalt();
User newUser = new User
{
Id = Guid.NewGuid().ToString(),
FirstName = registrationRequest.FirstName,
LastName = registrationRequest.LastName,
StudentId = registrationRequest.StudentId,
Salt = salt,
Email = registrationRequest.StudentId + "@student.uts.edu.au",
Confirmed = false,
ConfirmToken = Guid.NewGuid().ToString(),
ForgotPasswordToken = Guid.NewGuid().ToString(),
ResetTokenSentAt = DateTime.Now,
SaltedAndHashedPassword = LoginProviderUtil.hash(registrationRequest.Password, salt)
};
var url = Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("DefaultApi", new { controller = "ConfirmEmail", Token = newUser.ConfirmToken });
EmailProviderUtil.SendConfirmationEmail(newUser, url);
context.Users.Add(newUser);
context.SaveChanges();
return(this.Request.CreateResponse(HttpStatusCode.Created));
}
}
