public LogInProMaUserResponse LogInProMaUser([FromBody] LogInProMaUserRequestObject requestObject) { string shaPassword = requestObject.skipHash ? requestObject.password : ProMaUser.ComputeSHA256(requestObject.password); // For the convenience of users, we want to return a message in the case where a user name exists, but the password is wrong // the slight security concerns relating to this is noted ProMaUser relevantUser = ProMaUserHandler.ThisCache.FirstOrDefault(x => x.UserName.ToLower() == requestObject.userName.ToLower()); if (relevantUser != null) { if (relevantUser.HashedPassword == shaPassword) { HttpContext.Session.SetInt32(USERIDSESSIONKEY, relevantUser.UserId); HttpContext.Session.SetString(USERPASSWORDSESSIONKEY, shaPassword); LogInProMaUserResponse response = new LogInProMaUserResponse(); response.User = relevantUser; response.PassBackPassword = shaPassword; return(response); } else { throw new InvalidLogInException(); } } else { throw new InvalidLogInException(); } }
public LogInProMaUserResponse GetLoggedInUser() { if (LoggedInUser == null) { return(null); } LogInProMaUserResponse response = new LogInProMaUserResponse(); response.User = LoggedInUser; response.PassBackPassword = LoggedInUser.HashedPassword; return(response); }