예제 #1
0
        public HttpResponseMessage SSOLaunch([FromBody] SSORequestDTO request)
        {
            var response = new HttpResponseMessage();

            if (!ModelState.IsValid || request == null)
            {
                response.Content    = new StringContent("Invalid request payload.");
                response.StatusCode = HttpStatusCode.Unauthorized;
                return(response);
            }


            Guid ssoID;


            //check id is correct format
            try
            {
                ssoID = Guid.Parse(request.ssoUserId);
            }catch (Exception)
            {
                response.Content    = new StringContent("Invalid Guid format");
                response.StatusCode = HttpStatusCode.Conflict;
                return(response);
            }


            using (var db = new DataBaseContext())
            {
                try
                {
                    //Create manager
                    LoginManager lm = new LoginManager(db);

                    //Validate request and login user
                    string token = lm.SSOLogin(ssoID, request.email, request.timeStamp, request.signature);

                    if (token == null)
                    {
                        response.Content    = new StringContent("Token is null");
                        response.StatusCode = HttpStatusCode.Conflict;
                        return(response);
                    }

                    //Create Redirect response
                    //TODO: make sure our redirect is to our site
                    string redirectUrl = "https://checkitspyderz.net/#/ssologin?token=" + token;
                    response = Request.CreateResponse(HttpStatusCode.Moved);
                    response.Headers.Location = new Uri(redirectUrl);
                    return(response);
                }
                catch (InvalidRequestSignature e)
                {
                    //Send the unathorized response with message of exception
                    response.Content    = new StringContent(e.Message);
                    response.StatusCode = HttpStatusCode.Unauthorized;
                    return(response);
                }
            }
        }
예제 #2
0
        public HttpResponseMessage SSODelete([FromBody] SSORequestDTO request)
        {
            var response = new HttpResponseMessage();

            if (!ModelState.IsValid || request == null)
            {
                //TODO: log
                response.Content    = new StringContent("Invalid request payload.");
                response.StatusCode = HttpStatusCode.Unauthorized;
                return(response);
            }


            Guid ssoID;

            //check id is correct format
            try
            {
                ssoID = Guid.Parse(request.ssoUserId);
            }
            catch (Exception)
            {
                //TODO: Log
                response.Content    = new StringContent("Invalid Guid format");
                response.StatusCode = HttpStatusCode.Conflict;
                return(response);
            }

            using (var db = new DataBaseContext())
            {
                try
                {
                    //Remove user from database
                    UserManager userManager = new UserManager(db);
                    userManager.DeleteUserFromSSO(ssoID, request.email, request.timeStamp, request.signature);

                    //make response
                    response.StatusCode = HttpStatusCode.OK;
                    return(response);
                }
                catch (InvalidRequestSignature e)
                {
                    //TODO: log
                    response.Content    = new StringContent(e.Message);
                    response.StatusCode = HttpStatusCode.Unauthorized;
                    return(response);
                }
                catch (UserDoesNotExistException e)
                {
                    //TODO: log
                    response.Content    = new StringContent(e.Message);
                    response.StatusCode = HttpStatusCode.OK;
                    return(response);
                }
            }
        }