public Payload<WebUser> Login(string username, string email, string password)
{
// create payload
var payload = new Payload<WebUser>();
// todo: check security
// Validate
var rules = new ValidationRules();
rules.ValidateLoginEvent(username, email, password);
// assign errors from validation (if applicable)
payload.AssignValidationErrors(rules.Errors);
// check if valid
if (rules.IsValid)
{
// hash password
var securityUtility = new SecurityUtilities();
var hashedPassword = securityUtility.HashSomething(password);
// get user based on email/username and hashed password
WebUser user = null;
using (var queries = new WebUserQueries())
{
user = queries.GetByLogin(username, email);
}
// check if user is found (empty)
if (user != null)
{
// compare passwords to verify login
if (hashedPassword == user.HashedPassword)
{
// valid, so assign payload
payload.Data = user;
// log activity
AuditUtilities.Log(user, ActivityEventItem.Login,
string.Format(Resources.AuditEntries.Login, username));
}
else
{
// password mismatch error
payload.Errors.Add("00404", Resources.Errors.ERR00404);
// log activity
AuditUtilities.Log(null, ActivityEventItem.LoginFailed,
string.Format(Resources.AuditEntries.LoginFailed, username, Resources.Errors.ERR00404));
}
}
else
{
// throw error on not found user
payload.Errors.Add("00405", Resources.Errors.ERR00405);
// log activity
AuditUtilities.Log(null, ActivityEventItem.LoginFailed,
string.Format(Resources.AuditEntries.LoginFailed, username, Resources.Errors.ERR00405));
}
}
// todo: next steps in workflow
// return payload
return payload;
}
public Payload<WebUser> Save(WebUser obj)
{
// create payload
var payload = new Payload<WebUser>();
// todo: check security
// Prep obj
bool isNewUser = (obj.Guid == null || obj.Guid == Guid.Empty);
business.SetDefaults(ref obj);
// hash password
var securityUtility = new SecurityUtilities();
obj.HashedPassword = securityUtility.HashSomething(obj.Password);
// validate
var rules = new ValidationRules();
rules.Validate(obj);
// assign errors from validation (if applicable)
payload.AssignValidationErrors(rules.Errors);
// check if valid
if (rules.IsValid)
{
// if existing user, check the properties that have changed prior to update
var changedProperties = new StringBuilder();
bool isChangedPassword = false;
if (!isNewUser)
{
var originalUser = Get(obj.Guid).Data;
CheckChangedProperties(originalUser, obj, ref changedProperties);
isChangedPassword = CheckChangedPassword(originalUser, obj);
}
// save to db
using (var queries = new WebUserQueries())
{
queries.Save(ref obj);
}
// assign primary data
payload.Data = obj;
// log activity
if (isNewUser)
{
// new user
AuditUtilities.Log(obj, ActivityEventItem.Enroll,
string.Format(Resources.AuditEntries.Enroll, obj.Username));
}
else
{
// updated user
AuditUtilities.Log(obj, ActivityEventItem.ProfileUpdated,
string.Format(Resources.AuditEntries.ProfileUpdated, obj.Username, changedProperties));
// update if password was changed
if (isChangedPassword)
{
AuditUtilities.Log(obj, ActivityEventItem.PasswordChanged,
string.Format(Resources.AuditEntries.PasswordChanged, obj.Username));
}
}
}
// todo: next steps in workflow
// return payload
return payload;
}