public object Post(LoginRequest request)
{
try
{
if (request.IsNotValid())
return new HttpResult {StatusCode = BadRequest};
var app = Db.FirstOrDefaultById<Application>(request.ClientId);
if (app == null || app.RedirectUri != request.RedirectUri)
return new HttpResult {StatusCode = BadRequest};
var user = Db.FirstOrDefaultById<User>(request.Login);
if (user == null)
return new HttpResult {StatusCode = BadRequest};
var enc = Encoding.UTF8;
string hashString;
using (var sha1 = SHA1.Create())
{
var hash = sha1.ComputeHash(enc.GetBytes(request.Password + user.Salt));
hashString = string.Join("", hash.Select(x => x.ToString("x")));
}
if (user.PasswordHash != hashString)
return new HttpResult {StatusCode = BadRequest};
var code = new OAuthCode {ClientId = app.ClientId, UserLogin = user.Login, Code = Guid.NewGuid()};
Db.Save(code);
return new HttpResult
{
StatusCode = Redirect,
Headers =
{
{
HttpHeaders.Location,
new UriBuilder(app.RedirectUri)
{
Query = $"code={code.Code}{(request.State == null ? "" : $"&state={request.State}")}"
}
.Uri.AbsoluteUri
}
}
};
}