예제 #1
0
        public void PostVerify()
        {
            A account = User.GetCurrentUserAccount(GetAccountsDbSet(_context));

            if (account != null)
            {
                string confirmationKey = CustomLoginProviderUtils.RandomString(32);
                account.ConfirmationHash = CustomLoginProviderUtils.Hash(confirmationKey, account.Salt);
                account.Verified         = false;
                _context.SaveChanges();
                _emailService.SendEmail("Account confirmation", CreateConfirmationLink(account.Sid, confirmationKey), account);
            }
        }
예제 #2
0
        public IHttpActionResult Login(CustomLoginRequest loginRequest)
        {
            A account = GetAccountsDbSet(_context).GetUserAccount(loginRequest.UserId, "Federation");

            if (account != null)
            {
                byte[] incoming = CustomLoginProviderUtils.Hash(loginRequest.Password, account.Salt);
                if (CustomLoginProviderUtils.SlowEquals(incoming, account.Hash))
                {
                    var accessToken = GetAuthenticationTokenForUser(account.Sid);
                    account.RefreshToken = CustomLoginProviderUtils.GenerateRefreshToken();
                    _context.SaveChanges();
                    return(Ok(new CustomLoginResult()
                    {
                        UserId = account.Sid,
                        MobileServiceAuthenticationToken = accessToken.RawData,
                        RefreshToken = account.RefreshToken
                    }));
                }
            }
            return(BadRequest("Invalid name or password."));
        }
예제 #3
0
        /// <summary>
        /// Posts the specified registration request.
        /// </summary>
        /// <param name="registrationRequest">The registration request.</param>
        /// <returns></returns>
        public RegistrationResult Post(RegistrationRequest registrationRequest)
        {
            DbSet<A> accounts = GetAccountsDbSet(_context);
            A account = accounts.GetUserAccount(registrationRequest.UserId, "Federation");

            if (account != null)
            {
                return RegistrationResult.AlreadyRegistered;
            }
            else
            {
                byte[] salt = CustomLoginProviderUtils.GenerateSalt();
                A newAccount = new A
                {
                    Sid = registrationRequest.UserId,
                    Provider = "Federation",
                    Salt = salt,
                    Hash = CustomLoginProviderUtils.Hash(registrationRequest.Password, salt)
                };
                accounts.Add(newAccount);
                _context.SaveChanges();
                return RegistrationResult.Registered;
            }
        }
예제 #4
0
        public HttpResponseMessage GetVerify(string userId, string key)
        {
            string result  = null;
            A      account = GetAccountsDbSet(_context).GetUserAccount(userId, "Federation");

            if (account != null)
            {
                if (account.Verified)
                {
                    result = "Account is already verified.";
                }
                else
                {
                    var hash = CustomLoginProviderUtils.Hash(key, account.Salt);
                    if (CustomLoginProviderUtils.SlowEquals(hash, account.ConfirmationHash))
                    {
                        account.Verified = true;
                        _context.SaveChanges();
                        result = "Account was successfuly verified.";
                    }
                    else
                    {
                        result = "Wrong verification key.";
                    }
                }
            }
            else
            {
                result = "Account was not found.";
            }
            var response = Request.CreateResponse(HttpStatusCode.OK);

            response.Content = new StringContent($"<html><body>{result}</body></html>");
            response.Content.Headers.ContentType = new MediaTypeHeaderValue("text/html");
            return(response);
        }