public IActionResult Login([FromBody] InputLoginInfo loginInfo) { return(DbOperation(c => { if (loginInfo == null) { throw new NoDataException(); } Audit.Information(this, "Users.Login1: {Email}", loginInfo.Email); var user = ValidateUser(c, loginInfo); if (user == null) { throw new LoginException(loginInfo.Email); } LoginResult result = GetLoginResultForUser(c, null, user); if (loginInfo.DeviceToken != null && loginInfo.DeviceToken != "") { CheckUserDevice(c, null, user, loginInfo.DeviceToken, loginInfo.DeviceName); } Audit.Information(this, "Users.Login2: Success {Email} '{Name}' ({Id})", user.Email, user.Name, user.Id); return result; })); }
private User ValidateUser(IDbConnection c, InputLoginInfo loginInfo) { var user = GetUserForEmail(c, loginInfo.Email); if (user == null) { return(null); } // the email matches, now check password var salt = Convert.FromBase64String(user.Salt); var hashedPassword = AuthTokenManager.HashPassword(loginInfo.Password, salt); if (!hashedPassword.Equals(user.Password)) { return(null); } return(user); // May require email confirmation to allow login. }
public IActionResult LoginWithPin([FromBody] InputLoginInfo loginInfo) { return(DbTransaction((c, t) => { if (loginInfo == null) { throw new NoDataException(); } Audit.Information(this, "Users.LoginWithPin1 {0}", loginInfo.Email); var dbUser = GetUserForEmail(c, loginInfo.Email); if (dbUser.Password != null && dbUser.Password != "") { throw new Exception("Error.NeedPin"); } if (!ValidatePin(c, dbUser, loginInfo.EnrollPin)) { throw new LoginException(loginInfo.Email); } LoginResult result = GetLoginResultForUser(c, t, dbUser); dbUser.EmailConfirmed = true; c.Update(dbUser, t); if (loginInfo.DeviceToken != null && loginInfo.DeviceToken != "") { CheckUserDevice(c, t, dbUser, loginInfo.DeviceToken, loginInfo.DeviceName); } Audit.Information(this, "Users.LoginWithPin2: Success {Email} '{Name}' ({Id})", dbUser.Email, dbUser.Name, dbUser.Id); return result; })); }
public IActionResult BasicLogin([FromBody] InputLoginInfo login) { try { if (login == null) { throw new NoDataException(); } Audit.Information(this, "Users.BasicLogin {0}", login.Email); // Locate the email in the directory var orgForUser = GetOrgNameForEmail(login.Email); if (orgForUser == null) { throw new Exception("Error.NonExistent"); } var orgDbConfig = OrganizationManager.GetDbConfigForOrgName(orgForUser); var orgConn = GetConn(orgDbConfig); var orgConfig = OrganizationManager.GetConfigForOrgName(orgForUser); // Have to return the org domain return(DbOperation(c => { var result = new BasicLoginResult { EndPoints = new EndPoints { Api = orgConfig.ApiUrl, PrStatic = orgConfig.PrivateStaticBaseUrl, Uploads = orgConfig.UploadsBaseUrl }, Action = (int)BasicLoginResultType.PasswordRequired }; var userFromglobal = GetGlobalUserForEmail(login.Email); var users = c.Query <User>(@"SELECT * FROM users WHERE email iLIKE @email;", new { email = login.Email }); var count = users.Count(); if (count == 0) { return result; // Not found, but we are not telling. } //if (count > 1) throw new Exception("Error.DuplicateEmail"); // This is an internal error, we should proceed. var user = users.First(); result.IdUser = user.Id; // This columns should not be in org>users anymore they should be in global>users user.Email = userFromglobal.Email; user.Password = userFromglobal.Password; user.Salt = userFromglobal.Salt; user.EmailConfirmed = userFromglobal.EmailConfirmed; if (user.Password == null || user.Password == "") { result.Action = (int)BasicLoginResultType.NoPasswordSet; } else { result.Action = (int)BasicLoginResultType.PasswordRequired; } return result; }, orgConn)); } catch (Exception ex) { return(Error(ex.Message)); } }