public async Task <IResponseEnvelope <UserToken> > SearchByTokenAsync(string token) { //Recover user by token var userToken = await userTokenRepository.SearchByTokenAsync(token); // Verify if the token is valid if (userToken == null || !userToken.IsValid) { return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.UNAUTHORIZED_USER))); } // Get all tokens from the current user var userTokens = await userTokenRepository.SearchTokensByLoginAsync(userToken.Email); // Get the last token from the current user var lastUserToken = userTokens.OrderByDescending(e => e.CreateDate).FirstOrDefault(); if (lastUserToken == null || lastUserToken.Token != token) { return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.UNAUTHORIZED_USER))); } if (DateTime.Now.Subtract(lastUserToken.ModifyDate).TotalMinutes > 3) { return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.INVALID_TOKEN))); } lastUserToken.ModifyDate = DateTime.Now; await userTokenRepository.UpdateTokenAsync(lastUserToken); return(ResponseEnvelope.CreateResponseEnvelope(userToken)); }
public async Task <IResponseEnvelope <UserToken> > AuthenticateAsync(string login, string senha) { if (login == null || senha == null) { return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.MISSING_FIELDS))); } var userCredentials = await userTokenRepository.SearchAsync(login); if (userCredentials == null || userCredentials.Password != securityHelper.SHA256(senha)) { return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.INVALID_LOGIN))); } var userToken = new UserToken { CreateDate = DateTime.Now, ModifyDate = DateTime.Now, IsValid = true, UserId = userCredentials.Id, Token = securityHelper.GenerateUniqueToken(), Email = userCredentials.Email }; await userTokenRepository.DeleteByEmailAsync(login); await userTokenRepository.InsertToken(userToken); return(ResponseEnvelope.CreateResponseEnvelope(userToken)); }
public override void OnException(HttpActionExecutedContext actionExecutedContext) { var exception = actionExecutedContext.Exception; var message = string.Format(ValidationMessages.GENERIC_ERROR, exception.ToString()); var response = ResponseEnvelope .CreateErrorResponseEnvelope(ValidationMessageHelper .Create(message)); actionExecutedContext.Response = actionExecutedContext.Request.CreateResponse(System.Net.HttpStatusCode.InternalServerError, response); }
void IssueHttpAuthorizationChallenge(HttpActionContext actionContext, string msg, int?code) { var host = actionContext.Request.RequestUri.DnsSafeHost; //var message = ValidationMessages.UNAUTHORIZED_USER; var message = msg; ValidationMessage vmsg = new ValidationMessage(msg, code); var response = ResponseEnvelope .CreateErrorResponseEnvelope(vmsg); actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, response); actionContext.Response.Headers.Add("WWW-Authenticate", string.Format("secret realm=\"{0}\"", host)); }
public async Task <IResponseEnvelope> InvalidateToken(string token) { var userToken = await userTokenRepository.SearchByTokenAsync(token); if (userToken == null || !userToken.IsValid) { return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.INVALID_TOKEN))); } userToken.IsValid = false; userToken.ModifyDate = DateTime.Now; await userTokenRepository.UpdateTokenAsync(userToken); return(ResponseEnvelope.CreateResponseEnvelope()); }
public async Task <IResponseEnvelope> InsertAsync(User user) { //Verify if already exists var u = await userRepository.SearchByEmailAsync(user.Email); if (u != null) { return(ResponseEnvelope.CreateErrorResponseEnvelope(ValidationMessageHelper.Create(ValidationMessages.EMAIL_EXISTS))); } if (!IsUserFieldsValid(user)) { return(ResponseEnvelope.CreateErrorResponseEnvelope(ValidationMessageHelper.Create(ValidationMessages.INVALID_FIELDS))); } ; if (!IsUserFieldsFilled(user)) { return(ResponseEnvelope.CreateErrorResponseEnvelope(ValidationMessageHelper.Create(ValidationMessages.MISSING_FIELDS))); } user.Password = securityHelper.SHA256(user.Password); await userRepository.InsertAsync(user); return(ResponseEnvelope.CreateResponseEnvelope()); }