/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public object Post(AuthenticateUser request)
{
// No response needed. Will throw an exception on failure.
var result = AuthenticateUser(request).Result;
return(result);
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public object Post(AuthenticateUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
return(Post(new AuthenticateUserByName
{
Username = user.Name,
Password = request.Password
}));
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public void Post(AuthenticateUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
var success = _userManager.AuthenticateUser(user, request.Password).Result;
if (!success)
{
// Unauthorized
throw new UnauthorizedAccessException("Invalid user or password entered.");
}
}
private async Task <AuthenticationResult> AuthenticateUser(AuthenticateUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
var auth = AuthorizationRequestFilterAttribute.GetAuthorization(Request);
// Login in the old way if the header is missing
if (string.IsNullOrEmpty(auth.Client) ||
string.IsNullOrEmpty(auth.Device) ||
string.IsNullOrEmpty(auth.DeviceId) ||
string.IsNullOrEmpty(auth.Version))
{
var success = await _userManager.AuthenticateUser(user, request.Password).ConfigureAwait(false);
if (!success)
{
// Unauthorized
throw new UnauthorizedAccessException("Invalid user or password entered.");
}
return(new AuthenticationResult
{
User = _dtoService.GetUserDto(user)
});
}
var session = await _sessionMananger.AuthenticateNewSession(user, request.Password, auth.Client, auth.Version,
auth.DeviceId, auth.Device, Request.RemoteIp).ConfigureAwait(false);
var result = new AuthenticationResult
{
User = _dtoService.GetUserDto(user),
SessionInfo = _sessionMananger.GetSessionInfoDto(session)
};
return(result);
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public object Post(AuthenticateUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
if (!string.IsNullOrEmpty(request.Password) && string.IsNullOrEmpty(request.Pw))
{
throw new MethodNotAllowedException("Hashed-only passwords are not valid for this API.");
}
return(Post(new AuthenticateUserByName
{
Username = user.Name,
Password = null, // This should always be null
Pw = request.Pw
}));
}
private async Task <AuthenticationResult> AuthenticateUser(AuthenticateUser request)
{
var user = _userManager.GetUserById(request.Id);
if (user == null)
{
throw new ResourceNotFoundException("User not found");
}
var success = await _userManager.AuthenticateUser(user, request.Password).ConfigureAwait(false);
if (!success)
{
// Unauthorized
throw new UnauthorizedAccessException("Invalid user or password entered.");
}
var result = new AuthenticationResult
{
User = await new UserDtoBuilder(Logger).GetUserDto(user).ConfigureAwait(false)
};
return(result);
}
/// <summary>
/// Posts the specified request.
/// </summary>
/// <param name="request">The request.</param>
public void Post(AuthenticateUser request)
{
// No response needed. Will throw an exception on failure.
var result = AuthenticateUser(request).Result;
}
