public Payload<WebUser> Login(string username, string email, string password)
{
// create payload
var payload = new Payload<WebUser>();
// todo: check security
// Validate
var rules = new ValidationRules();
rules.ValidateLoginEvent(username, email, password);
// assign errors from validation (if applicable)
payload.AssignValidationErrors(rules.Errors);
// check if valid
if (rules.IsValid)
{
// hash password
var securityUtility = new SecurityUtilities();
var hashedPassword = securityUtility.HashSomething(password);
// get user based on email/username and hashed password
WebUser user = null;
using (var queries = new WebUserQueries())
{
user = queries.GetByLogin(username, email);
}
// check if user is found (empty)
if (user != null)
{
// compare passwords to verify login
if (hashedPassword == user.HashedPassword)
{
// valid, so assign payload
payload.Data = user;
// log activity
AuditUtilities.Log(user, ActivityEventItem.Login,
string.Format(Resources.AuditEntries.Login, username));
}
else
{
// password mismatch error
payload.Errors.Add("00404", Resources.Errors.ERR00404);
// log activity
AuditUtilities.Log(null, ActivityEventItem.LoginFailed,
string.Format(Resources.AuditEntries.LoginFailed, username, Resources.Errors.ERR00404));
}
}
else
{
// throw error on not found user
payload.Errors.Add("00405", Resources.Errors.ERR00405);
// log activity
AuditUtilities.Log(null, ActivityEventItem.LoginFailed,
string.Format(Resources.AuditEntries.LoginFailed, username, Resources.Errors.ERR00405));
}
}
// todo: next steps in workflow
// return payload
return payload;
}
