/// <summary> /// Entry point for business logic related to logging in PartialAccounts and Accounts /// </summary> /// <param name="loginDto"></param> /// <returns></returns> public HttpResponseMessage Login(SsoLoginRequestDTO loginDto) { // Partial Account will be null or Account will be null. var partialAccount = _partialAccountLogic.GetPartialAccount(loginDto.Username); var account = _accountLogic.GetSingle(loginDto.Username); // Validate if (partialAccount == null && account == null) { return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); } if (partialAccount != null && account != null) { return(new HttpResponseMessage(HttpStatusCode.InternalServerError)); } if (partialAccount != null) { return(PartialAccountLoginHelper(loginDto, partialAccount)); } if (account != null) { return(AccountLoginHelper(loginDto, account)); } return(new HttpResponseMessage(HttpStatusCode.InternalServerError)); }
public SsoLoginRequestDTO Fetch(AccountCredentialDTO credentials) { var loginDto = new SsoLoginRequestDTO { Username = credentials.Username, Password = credentials.Password, RoleType = _partialAccountLogic.GetPartialAccount(credentials.Username).AccountType }; return(loginDto); }
/// <summary> /// Business Logic to complete registration for PartialAccounts /// </summary> /// <param name="registrationForm"></param> /// <returns></returns> public HttpResponseMessage FinishRegistration(RegistrationDTO registrationForm) { // Fetch: Check if user already exists var userModel = _userProfileLogic.GetSingle(registrationForm.Email); var partialAccountModel = _partialAccountLogic.GetPartialAccount(registrationForm.Username); var partialAccountSaltModel = _partialAccountSaltLogic.GetSingle(registrationForm.Username); if (userModel != null) { return(new HttpResponseMessage { ReasonPhrase = "User already exists.", Content = new StringContent("User already exists"), StatusCode = HttpStatusCode.Conflict }); } if (partialAccountModel == null) { return(new HttpResponseMessage { ReasonPhrase = "Partial account does not exist", Content = new StringContent("Partial account does not exist"), StatusCode = HttpStatusCode.BadRequest }); } if (partialAccountSaltModel == null) { return(new HttpResponseMessage { ReasonPhrase = "Salt does not exist", Content = new StringContent("Salt does not exist"), StatusCode = HttpStatusCode.InternalServerError }); } // Create: Temporary Objects List <ZipLocation> zipLocations = new List <ZipLocation> { CreateZipLocationHelper(registrationForm.Address, registrationForm.City, registrationForm.State, registrationForm.ZipCode.ToString()) //new ZipLocation //{ // ZipCode = registrationForm.ZipCode.ToString(), // Address = registrationForm.Address, // City = registrationForm.City, // State = registrationForm.State //} }; // Create Salts var aSalt1 = HashService.Instance.CreateSaltKey(); var aSalt2 = HashService.Instance.CreateSaltKey(); var aSalt3 = HashService.Instance.CreateSaltKey(); var hashedAnswer1 = HashService.Instance.HashPasswordWithSalt(aSalt1, registrationForm.SecurityQuestions[0].Answer, true); var hashedAnswer2 = HashService.Instance.HashPasswordWithSalt(aSalt2, registrationForm.SecurityQuestions[1].Answer, true); var hashedAnswer3 = HashService.Instance.HashPasswordWithSalt(aSalt3, registrationForm.SecurityQuestions[2].Answer, true); // Temporary Collections List <SecurityQuestionAccount> securityAnswers = new List <SecurityQuestionAccount> { new SecurityQuestionAccount { Answer = hashedAnswer1, SecurityQuestionID = registrationForm.SecurityQuestions[0].Question, Username = registrationForm.Username }, new SecurityQuestionAccount { Answer = hashedAnswer2, SecurityQuestionID = registrationForm.SecurityQuestions[1].Question, Username = registrationForm.Username }, new SecurityQuestionAccount { Answer = hashedAnswer3, SecurityQuestionID = registrationForm.SecurityQuestions[2].Question, Username = registrationForm.Username } }; List <SaltSecurityAnswer> saltSecurityAnswers = new List <SaltSecurityAnswer> { new SaltSecurityAnswer { SaltValue = aSalt1, UserName = registrationForm.Username, SecurityQuestionID = registrationForm.SecurityQuestions[0].Question }, new SaltSecurityAnswer { SaltValue = aSalt2, UserName = registrationForm.Username, SecurityQuestionID = registrationForm.SecurityQuestions[1].Question }, new SaltSecurityAnswer { SaltValue = aSalt3, UserName = registrationForm.Username, SecurityQuestionID = registrationForm.SecurityQuestions[2].Question }, }; List <AccountType> accountTypes = new List <AccountType> { new AccountType() { PermissionName = ClaimValues.Scholar, Username = registrationForm.Username }, new AccountType() { PermissionName = ClaimValues.CanEditInformation, Username = registrationForm.Username }, new AccountType() { PermissionName = ClaimValues.CanViewArticle, Username = registrationForm.Username }, new AccountType() { PermissionName = ClaimValues.CanEnterRaffle, Username = registrationForm.Username }, new AccountType() { PermissionName = ClaimValues.CanShareLinkedIn, Username = registrationForm.Username } }; Account account = new Account() { UserName = partialAccountModel.UserName, Email = registrationForm.Email, Password = partialAccountModel.Password, Points = 0, AccountStatus = true, SuspensionTime = DateTime.UtcNow, FirstTimeUser = true, SecurityAnswers = securityAnswers, AccountTags = new List <InterestTag>(), SaltSecurityAnswers = saltSecurityAnswers, AccountTypes = accountTypes }; UserProfile user = new UserProfile() { Email = registrationForm.Email, FirstName = registrationForm.FirstName, LastName = registrationForm.LastName, ZipLocations = zipLocations, Account = account }; Salt salt = new Salt() { PasswordSalt = partialAccountSaltModel.PasswordSalt, UserName = registrationForm.Username, }; try { // Enter the user, which then chains all of the navigation properties // into one transaction. _userProfileLogic.Create(user); // Enter the salt (it is not chained with the other tables). _saltLogic.Create(salt); // Delete old Partial Account _partialAccountLogic.Delete(partialAccountModel); // TODO: @Scott Might need a hot fix here for tokens in partial registration. var token = JwtManager.Instance.GenerateToken(accountTypes); return(new HttpResponseMessage { StatusCode = HttpStatusCode.OK, Content = new StringContent(token) }); } catch (Exception ex) { return(new HttpResponseMessage { ReasonPhrase = ex.Message, StatusCode = HttpStatusCode.InternalServerError }); } }