public RemoteAuthModule(IPenguinUploadContext serverContext)
{
ServerContext = serverContext;
Post("/register", async args =>
{
var req = this.Bind <RegistrationRequest>();
try
{
if (!ServerContext.Configuration.RegisterEnabled)
{
return(Response.AsText("Account registration has been disabled by the administrator.")
.WithStatusCode(HttpStatusCode.Unauthorized));
}
// Validate parameters!
// Valdiate username length, charset
if (req.Username.Length < 4)
{
throw new SecurityException("Username must be at least 4 characters.");
}
// Validate phone number
// Validate password
if (req.Password.Length < 8)
{
throw new SecurityException("Password must be at least 8 characters.");
}
if (req.Username.Length > 24)
{
throw new SecurityException("Username may not exceed 24 characters.");
}
if (req.Password.Length > 128)
{
throw new SecurityException("Password may not exceed 128 characters.");
}
// Check invite key if enabled
if (!string.IsNullOrWhiteSpace(ServerContext.Configuration.InviteKey))
{
if (req.InviteKey != ServerContext.Configuration.InviteKey)
{
throw new SecurityException("The invite key is not recognized.");
}
}
// Validate registration
var webUserManager = new WebUserManager(ServerContext);
var newUser = await webUserManager.RegisterUserAsync(req);
// Return user details
return(Response.AsJsonNet(new RemoteAuthResponse
{
User = newUser,
ApiKey = newUser.ApiKey
}));
}
catch (NullReferenceException)
{
// A parameter was not provided
return(HttpStatusCode.BadRequest);
}
catch (SecurityException secEx)
{
// Registration blocked for security reasons
return(Response.AsText(secEx.Message)
.WithStatusCode(HttpStatusCode.Unauthorized));
}
});
Post("/login", async args =>
{
var req = this.Bind <LoginRequest>();
var webUserManager = new WebUserManager(ServerContext);
var selectedUser = await webUserManager.FindUserByUsernameAsync(req.Username);
if (selectedUser == null)
{
return(HttpStatusCode.Unauthorized);
}
try
{
// Validate password
if (selectedUser.Enabled && await webUserManager.CheckPasswordAsync(req.Password, selectedUser))
{
// Return user details
return(Response.AsJsonNet(new RemoteAuthResponse
{
User = selectedUser,
ApiKey = selectedUser.ApiKey
}));
}
return(HttpStatusCode.Unauthorized);
}
catch (NullReferenceException)
{
// A parameter was not provided
return(HttpStatusCode.BadRequest);
}
catch (SecurityException secEx)
{
// Blocked for security reasons
return(Response.AsText(secEx.Message)
.WithStatusCode(HttpStatusCode.Unauthorized));
}
});
Post("/reauth", async args =>
{
var req = this.Bind <ReauthRequest>();
var webUserManager = new WebUserManager(ServerContext);
var selectedUser = await webUserManager.FindUserByUsernameAsync(req.Username);
if (selectedUser == null)
{
return(HttpStatusCode.Unauthorized);
}
try
{
// Validate key
if (selectedUser.Enabled && selectedUser.ApiKey == req.ApiKey)
{
// Return user details
return(Response.AsJsonNet(new RemoteAuthResponse
{
User = selectedUser,
ApiKey = selectedUser.ApiKey
}));
}
return(HttpStatusCode.Unauthorized);
}
catch (NullReferenceException)
{
// A parameter was not provided
return(HttpStatusCode.BadRequest);
}
catch (SecurityException secEx)
{
// Blocked for security reasons
return(Response.AsText(secEx.Message)
.WithStatusCode(HttpStatusCode.Unauthorized));
}
});
Patch("/changepassword", async args =>
{
var req = this.Bind <ChangePasswordRequest>();
var webUserManager = new WebUserManager(ServerContext);
var selectedUser = await webUserManager.FindUserByUsernameAsync(req.Username);
try
{
// Validate password
if (req.NewPassword.Length < 8)
{
throw new SecurityException("Password must be at least 8 characters.");
}
if (req.NewPassword.Length > 128)
{
throw new SecurityException("Password may not exceed 128 characters.");
}
if (selectedUser.Enabled && await webUserManager.CheckPasswordAsync(req.OldPassword, selectedUser))
{
// Update password
await webUserManager.ChangeUserPasswordAsync(selectedUser, req.NewPassword);
return(HttpStatusCode.OK);
}
return(HttpStatusCode.Unauthorized);
}
catch (NullReferenceException)
{
// A parameter was not provided
return(new Response().WithStatusCode(HttpStatusCode.BadRequest));
}
catch (SecurityException secEx)
{
// Registration blocked for security reasons
return(Response.AsText(secEx.Message)
.WithStatusCode(HttpStatusCode.Unauthorized));
}
});
}
public RemoteAuthModule()
{
Post("/register", async args =>
{
var req = this.Bind <RegistrationRequest>();
try
{
// Validate parameters!
// Valdiate username length, charset
if (req.Username.Length < 4)
{
throw new SecurityException("Username must be at least 4 characters.");
}
// Validate phone number
// Validate password
if (req.Password.Length < 8)
{
throw new SecurityException("Password must be at least 8 characters.");
}
if (req.PhoneNumber != null && !StringUtils.IsPhoneNumber(req.PhoneNumber))
{
throw new SecurityException("Phone number was of invalid format.");
}
// Validate registration
var newUser = await WebUserManager.RegisterUserAsync(req);
// Return user details
return(Response.AsJsonNet(new RemoteAuthResponse
{
User = newUser,
ApiKey = newUser.ApiKey,
}));
}
catch (ArgumentNullException)
{
// A parameter was not provided
return(new Response().WithStatusCode(HttpStatusCode.BadRequest));
}
catch (NullReferenceException)
{
// A parameter was not provided
return(new Response().WithStatusCode(HttpStatusCode.BadRequest));
}
catch (SecurityException secEx)
{
// Registration blocked for security reasons
return(Response.AsText(secEx.Message)
.WithStatusCode(HttpStatusCode.Unauthorized));
}
});
Post("/login", async args =>
{
var req = this.Bind <LoginRequest>();
var selectedUser = await WebUserManager.FindUserByUsernameAsync(req.Username);
try
{
// Validate password
if (await WebUserManager.CheckPasswordAsync(req.Password, selectedUser))
{
// Return user details
return(Response.AsJsonNet(new RemoteAuthResponse
{
User = selectedUser,
ApiKey = selectedUser.ApiKey,
}));
}
else
{
return(new Response().WithStatusCode(HttpStatusCode.Unauthorized));
}
}
catch (ArgumentNullException)
{
// A parameter was not provided
return(new Response().WithStatusCode(HttpStatusCode.BadRequest));
}
catch (NullReferenceException)
{
// A parameter was not provided
return(new Response().WithStatusCode(HttpStatusCode.BadRequest));
}
catch (SecurityException secEx)
{
// Registration blocked for security reasons
return(Response.AsText(secEx.Message)
.WithStatusCode(HttpStatusCode.Unauthorized));
}
});
}