// deauthenticates the user given by the input session
public void Deauthenticate(ref UserSession session)
{
// gets the sessions authenticated id (possibly null)
var authenticatedId = session?.Identity().AuthenticatedId;
if (authenticatedId == null) return;
// deauthenticates the current user
var userId = new UserIdentity(authenticatedId.GetValueOrDefault(), "");
session = new UserSession(userId, false);
}
// authenticates and provides a user with a corresponding session
public UserSession Authenticate(string email, string password)
{
// get users from the database matching the email
var access = new UserAccess();
var users = access.FindUser(email);
// return null if no users match the email
if (users.Count == 0) return null;
// check the password
var user = users.First();
var userId = new UserIdentity(user.Id, password);
return (user.Password == password) ? new UserSession(userId, true) : null;
}
// this constructor should only be called by an authenticating class
public UserSession(UserIdentity userId, bool authenticated)
{
_session = Tuple.Create(userId, authenticated);
}