public HttpResponseMessage Post(LoginRequest loginRequest)
{
var user = _context.Users.AsNoTracking().SingleOrDefault(a => a.Email == loginRequest.email);
if (user != null)
{
if (user.Blocked)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_USER_BLOCKED)));
}
var incoming = AuthUtils.Hash(loginRequest.password, user.Salt);
if (user.SaltedAndHashedPassword != null)
{
if (AuthUtils.SlowEquals(incoming, user.SaltedAndHashedPassword))
{
var claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.email));
var loginResult = new StandartLoginProvider(Handler).CreateLoginResult(claimsIdentity,
Services.Settings.MasterKey);
return(Request.CreateResponse(HttpStatusCode.OK, loginResult));
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_LOGIN_INVALID_PASS)));
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_LOGIN_INVALID_PASS)));
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_LOGIN_INVALID_EMAIL)));
}
public HttpResponseMessage Confirm(ConfirmRequest confirmRequest)
{
try
{
if (confirmRequest.Code == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> {
"code"
})));
}
var user = !string.IsNullOrEmpty(confirmRequest.UserId)
? _context.Users.SingleOrDefault(x => x.Id == confirmRequest.UserId)
: _context.Users.SingleOrDefault(x => x.Email == confirmRequest.Email);
if (user == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_NOTFOUND,
new List <string> {
confirmRequest.UserId ?? confirmRequest.Email
})));
}
if (user.EmailConfirmed)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_CONFIRMED, new List <string> {
confirmRequest.UserId
})));
}
var incoming = AuthUtils.Hash(confirmRequest.Code, user.Salt);
if (AuthUtils.SlowEquals(incoming, user.SaltedAndHashedEmail))
{
user.EmailConfirmed = true;
user.SaltedAndHashedEmail = null;
_context.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK,
RespH.Create(RespH.SRV_USER_CONFIRMED, new List <string> {
user.Id
})));
}
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_WRONG_CODE,
new List <string> {
confirmRequest.UserId ?? confirmRequest.Code
})));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
public HttpResponseMessage ResetPassword(ConfirmRequest resetRequest)
{
try
{
var user = !string.IsNullOrEmpty(resetRequest.UserId)
? _context.Users.SingleOrDefault(x => x.Id == resetRequest.UserId)
: _context.Users.SingleOrDefault(x => x.Email == resetRequest.Email);
if (user == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_NOTFOUND,
new List <string> {
resetRequest.UserId ?? resetRequest.Email
})));
}
var confirmCode = AuthUtils.RandomNumString(8);
user.SaltedAndHashedCode = AuthUtils.Hash(confirmCode, user.Salt);
user.ResetRequested = true;
_context.SaveChanges();
var profile = _context.Profile.AsNoTracking().SingleOrDefault(x => x.Id == user.Id);
using (MailSender mailSender = new MailSender())
{
var bem = new BaseEmailMessage
{
Code = ConstVals.Restore,
ToUserId = user.Id,
ToUserName = profile.FirstName,
ToUserEmail = user.Email,
ConfirmCode = confirmCode
};
mailSender.Create(_context, bem);
}
return(Request.CreateResponse(HttpStatusCode.OK,
RespH.Create(RespH.SRV_USER_RESET_REQUESTED, new List <string> {
user.Id
})));
}
catch (Exception ex)
{
Debug.WriteLine(ex);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
public HttpResponseMessage AdminRegistration(RegistrationRequest registrationRequest)
{
try
{
var respList = new List <string>();
if (!AuthUtils.IsEmailValid(registrationRequest.Email))
{
respList.Add(registrationRequest.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_EMAIL, respList)));
}
var admin = _context.Admins.AsNoTracking().SingleOrDefault(a => a.Email == registrationRequest.Email);
if (admin != null)
{
respList.Add(registrationRequest.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_EXISTS_EMAIL, respList)));
}
var salt = AuthUtils.GenerateSalt();
var newUser = new Admin
{
Id = SequentialGuid.NewGuid().ToString(),
Email = registrationRequest.Email,
Salt = salt,
SaltedAndHashedPassword = AuthUtils.Hash(registrationRequest.Password, salt)
};
_context.Admins.Add(newUser);
_context.SaveChanges();
respList.Add(newUser.Id);
return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_CREATED, respList)));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
public HttpResponseMessage ReqeustCode()
{
try
{
var respList = new List <string>();
ResponseDTO resp;
// Check Current User
var currentUser = User as ServiceUser;
if (currentUser == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_UNAUTH)));
}
var account = AuthUtils.GetUserAccount(_context, currentUser);
if (account == null)
{
respList.Add(currentUser.Id);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, respList)));
}
var user = _context.Users.SingleOrDefault(x => x.Id == account.UserId);
if (user == null)
{
respList.Add(account.UserId);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, respList)));
}
var profile = _context.Profile.AsNoTracking().SingleOrDefault(x => x.Id == account.UserId);
resp = CheckHelper.IsNull(profile.Phone, "Phone", RespH.SRV_USER_REQUIRED);
if (resp != null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, resp));
}
if (user.PhoneStatus == ConstVals.PConf)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_PHONE_CONFIRMED, new List <string> {
user.PhoneStatus
})));
}
if (user.PhoneCodeRequestedAt.HasValue && user.PhoneStatus == ConstVals.PPending)
{
if (user.PhoneCodeRequestedAt.Value.AddMinutes(3) > DateTime.Now)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_PHONE_CONFIRM_REQUESTED,
new List <string> {
user.PhoneCodeRequestedAt.ToString()
})));
}
}
var confirmCode = AuthUtils.RandomNumString(4);
user.SaltedAndHashedSmsCode = AuthUtils.Hash(confirmCode, user.Salt);
user.PhoneCodeRequestedAt = DateTime.Now;
user.PhoneStatus = ConstVals.PPending;
_context.MarkAsModified(user);
_context.SaveChanges();
var regArt = _context.Article.SingleOrDefault(x => x.Name == ConstVals.Reg && x.Type == ConstVals.Sms);
string smstext;
if (regArt != null)
{
smstext = confirmCode + " " + regArt.Text;
}
else
{
smstext = confirmCode;
}
using (SmsSender sender = new SmsSender())
{
sender.Send(profile.Phone, smstext);
}
return(Request.CreateResponse(HttpStatusCode.OK,
RespH.Create(RespH.SRV_DONE, new List <string> {
user.PhoneStatus
})));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.InnerException.ToString()
})));
}
}
public HttpResponseMessage ConfirmCode(ConfirmRequest confirmRequest)
{
try
{
var respList = new List <string>();
// Check Current User
var currentUser = User as ServiceUser;
if (currentUser == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_UNAUTH)));
}
var account = AuthUtils.GetUserAccount(_context, currentUser);
if (account == null)
{
respList.Add(currentUser.Id);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, respList)));
}
var user = _context.Users.SingleOrDefault(x => x.Id == account.UserId);
if (user == null)
{
respList.Add(account.UserId);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, respList)));
}
if (user.PhoneStatus == ConstVals.PConf)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_PHONE_CONFIRMED, new List <string> {
user.Id
})));
}
if (confirmRequest.Code == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> {
"code"
})));
}
var incoming = AuthUtils.Hash(confirmRequest.Code, user.Salt);
if (!AuthUtils.SlowEquals(incoming, user.SaltedAndHashedSmsCode))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_WRONG_CODE,
new List <string> {
user.Id, confirmRequest.Code
})));
}
user.SaltedAndHashedSmsCode = null;
user.PhoneStatus = ConstVals.PConf;
user.PhoneCodeRequestedAt = null;
_context.MarkAsModified(user);
_context.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK,
RespH.Create(RespH.SRV_USER_PHONE_CONFIRMED, new List <string> {
user.PhoneStatus
})));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.InnerException.ToString()
})));
}
}
public HttpResponseMessage Post(RegistrationRequest registrationRequest)
{
try
{
var respList = new List <string>();
if (!AuthUtils.IsEmailValid(registrationRequest.Email))
{
respList.Add(registrationRequest.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_EMAIL, respList)));
}
if (registrationRequest.Password.Length < 8)
{
respList.Add(registrationRequest.Password);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_PASSWORD, respList)));
}
var user = _context.Users.AsNoTracking().SingleOrDefault(a => a.Email == registrationRequest.Email);
if (user != null)
{
respList.Add(registrationRequest.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_EXISTS_EMAIL, respList)));
}
var salt = AuthUtils.GenerateSalt();
var confirmCode = AuthUtils.RandomNumString(6);
var userId = SequentialGuid.NewGuid().ToString();
var newUser = new User
{
Id = userId,
Email = registrationRequest.Email,
Salt = salt,
EmailSubCode = SequentialGuid.NewGuid().ToString(),
SaltedAndHashedPassword = AuthUtils.Hash(registrationRequest.Password, salt),
SaltedAndHashedEmail = AuthUtils.Hash(confirmCode, salt)
};
_context.Users.Add(newUser);
_context.SaveChanges();
AuthUtils.CreateAccount(_context, StandartLoginProvider.ProviderName, registrationRequest.Email,
StandartLoginProvider.ProviderName + ":" + registrationRequest.Email,
registrationRequest.Email, registrationRequest.FirstName);
using (MailSender mailSender = new MailSender())
{
var bem = new BaseEmailMessage
{
Code = ConstVals.Reg,
ToUserId = newUser.Id,
ToUserEmail = registrationRequest.Email,
ToUserName = registrationRequest.FirstName,
ConfirmCode = confirmCode
};
mailSender.Create(_context, bem);
}
respList.Add(newUser.Id);
return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_CREATED, respList)));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
public HttpResponseMessage ChangePassword(ConfirmRequest resetRequest)
{
try
{
User user;
if (!string.IsNullOrEmpty(resetRequest.UserId) || !string.IsNullOrEmpty(resetRequest.Email))
{
if (resetRequest.Code == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> {
"code"
})));
}
user = !string.IsNullOrEmpty(resetRequest.UserId)
? _context.Users.SingleOrDefault(x => x.Id == resetRequest.UserId)
: _context.Users.SingleOrDefault(x => x.Email == resetRequest.Email);
if (user == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_NOTFOUND,
new List <string> {
resetRequest.UserId ?? resetRequest.Email
})));
}
var standartAccount =
_context.Accounts.SingleOrDefault(
x => x.Provider == StandartLoginProvider.ProviderName && x.UserId == user.Id);
if (standartAccount == null)
{
var newstandartaccount = new Account
{
Id = SequentialGuid.NewGuid().ToString(),
UserId = user.Id,
AccountId = StandartLoginProvider.ProviderName + ":" + user.Email,
Provider = StandartLoginProvider.ProviderName,
ProviderId = user.Email
};
_context.Accounts.Add(newstandartaccount);
_context.SaveChanges();
}
if (!user.ResetRequested)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_RESET_NOT_REQUESTED,
new List <string> {
resetRequest.UserId ?? resetRequest.Email
})));
}
var incoming = AuthUtils.Hash(resetRequest.Code, user.Salt);
if (!AuthUtils.SlowEquals(incoming, user.SaltedAndHashedCode))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_WRONG_CODE,
new List <string> {
resetRequest.UserId ?? resetRequest.Email, resetRequest.Code
})));
}
user.SaltedAndHashedCode = null;
user.EmailConfirmed = true;
user.ResetRequested = false;
}
else
{
// Check Current User
var currentUser = User as ServiceUser;
if (currentUser == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_UNAUTH)));
}
var account = AuthUtils.GetUserAccount(_context, currentUser);
if (account == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, new List <string> {
currentUser.Id
})));
}
user =
_context.Users.SingleOrDefault(x => x.Id == account.UserId);
if (user == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_NOTFOUND,
new List <string> {
account.UserId
})));
}
var standartAccount =
_context.Accounts.SingleOrDefault(
x => x.Provider == StandartLoginProvider.ProviderName && x.UserId == user.Id);
if (standartAccount == null)
{
var newstandartaccount = new Account
{
Id = SequentialGuid.NewGuid().ToString(),
UserId = user.Id,
AccountId = StandartLoginProvider.ProviderName + ":" + user.Email,
Provider = StandartLoginProvider.ProviderName,
ProviderId = user.Email
};
_context.Accounts.Add(newstandartaccount);
_context.SaveChanges();
}
if (string.IsNullOrWhiteSpace(resetRequest.CurrentPassword))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> {
"current password"
})));
}
if (
!AuthUtils.SlowEquals(AuthUtils.Hash(resetRequest.CurrentPassword, user.Salt),
user.SaltedAndHashedPassword))
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_LOGIN_INVALID_PASS)));
}
}
if (string.IsNullOrWhiteSpace(resetRequest.Password))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> {
"password"
})));
}
if (resetRequest.Password.Length < 8)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_PASSWORD, new List <string> {
resetRequest.Password
})));
}
var salt = AuthUtils.GenerateSalt();
user.Salt = salt;
user.SaltedAndHashedPassword = AuthUtils.Hash(resetRequest.Password, salt);
_context.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK,
RespH.Create(RespH.SRV_USER_RESETED, new List <string> {
user.Id
})));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
public HttpResponseMessage SetEmail(UserDTO userdata)
{
try
{
var respList = new List <string>();
if (string.IsNullOrWhiteSpace(userdata.Email))
{
respList.Add("Email");
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_USER_REQUIRED, respList)));
}
if (!AuthUtils.IsEmailValid(userdata.Email))
{
respList.Add(userdata.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_INVALID_EMAIL, respList)));
}
var usersame = _context.Users.AsNoTracking().SingleOrDefault(a => a.Email == userdata.Email);
if (usersame != null)
{
respList.Add(userdata.Email);
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_REG_EXISTS_EMAIL, respList)));
}
// Check Current User
var currentUser = User as ServiceUser;
if (currentUser == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_UNAUTH)));
}
var account = AuthUtils.GetUserAccount(_context, currentUser);
if (account == null)
{
respList.Add(currentUser.Id);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, respList)));
}
var user = _context.Users.SingleOrDefault(x => x.Id == account.UserId);
var profile = _context.Profile.SingleOrDefault(x => x.Id == account.UserId);
if (user == null || profile == null)
{
respList.Add(account.UserId);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_NOTFOUND, respList)));
}
if (!string.IsNullOrWhiteSpace(user.Email))
{
respList.Add(user.Email);
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
RespH.Create(RespH.SRV_USER_EXISTS, respList)));
}
var salt = AuthUtils.GenerateSalt();
var confirmCode = AuthUtils.RandomNumString(6);
user.Email = userdata.Email;
user.Salt = salt;
user.SaltedAndHashedEmail = AuthUtils.Hash(confirmCode, salt);
_context.MarkAsModified(user);
_context.SaveChanges();
using (MailSender mailSender = new MailSender())
{
var bem = new BaseEmailMessage
{
Code = ConstVals.Reg,
ToUserId = user.Id,
ToUserEmail = user.Email,
ToUserName = profile.FirstName,
ConfirmCode = confirmCode
};
mailSender.Create(_context, bem);
}
respList.Add(user.Id);
return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_UPDATED, respList)));
}
catch (Exception ex)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
RespH.Create(RespH.SRV_EXCEPTION, new List <string> {
ex.ToString()
})));
}
}
