Exemplo n.º 1
0
        public async Task <IResponseEnvelope <UserToken> > SearchByTokenAsync(string token)
        {
            //Recover user by token
            var userToken = await userTokenRepository.SearchByTokenAsync(token);

            // Verify if the token is valid
            if (userToken == null || !userToken.IsValid)
            {
                return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.UNAUTHORIZED_USER)));
            }
            // Get all tokens from the current user
            var userTokens = await userTokenRepository.SearchTokensByLoginAsync(userToken.Email);

            // Get the last token from the current user
            var lastUserToken = userTokens.OrderByDescending(e => e.CreateDate).FirstOrDefault();

            if (lastUserToken == null ||
                lastUserToken.Token != token)
            {
                return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.UNAUTHORIZED_USER)));
            }

            if (DateTime.Now.Subtract(lastUserToken.ModifyDate).TotalMinutes > 3)
            {
                return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.INVALID_TOKEN)));
            }

            lastUserToken.ModifyDate = DateTime.Now;
            await userTokenRepository.UpdateTokenAsync(lastUserToken);

            return(ResponseEnvelope.CreateResponseEnvelope(userToken));
        }
Exemplo n.º 2
0
        public async Task <IResponseEnvelope <UserToken> > AuthenticateAsync(string login, string senha)
        {
            if (login == null || senha == null)
            {
                return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.MISSING_FIELDS)));
            }
            var userCredentials = await userTokenRepository.SearchAsync(login);

            if (userCredentials == null || userCredentials.Password != securityHelper.SHA256(senha))
            {
                return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.INVALID_LOGIN)));
            }

            var userToken = new UserToken
            {
                CreateDate = DateTime.Now,
                ModifyDate = DateTime.Now,
                IsValid    = true,
                UserId     = userCredentials.Id,
                Token      = securityHelper.GenerateUniqueToken(),
                Email      = userCredentials.Email
            };

            await userTokenRepository.DeleteByEmailAsync(login);

            await userTokenRepository.InsertToken(userToken);

            return(ResponseEnvelope.CreateResponseEnvelope(userToken));
        }
Exemplo n.º 3
0
        public override void OnException(HttpActionExecutedContext actionExecutedContext)
        {
            var exception = actionExecutedContext.Exception;

            var message = string.Format(ValidationMessages.GENERIC_ERROR, exception.ToString());

            var response = ResponseEnvelope
                           .CreateErrorResponseEnvelope(ValidationMessageHelper
                                                        .Create(message));

            actionExecutedContext.Response = actionExecutedContext.Request.CreateResponse(System.Net.HttpStatusCode.InternalServerError, response);
        }
Exemplo n.º 4
0
        void IssueHttpAuthorizationChallenge(HttpActionContext actionContext, string msg, int?code)
        {
            var host = actionContext.Request.RequestUri.DnsSafeHost;

            //var message = ValidationMessages.UNAUTHORIZED_USER;
            var message = msg;

            ValidationMessage vmsg = new ValidationMessage(msg, code);

            var response = ResponseEnvelope
                           .CreateErrorResponseEnvelope(vmsg);

            actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, response);

            actionContext.Response.Headers.Add("WWW-Authenticate", string.Format("secret realm=\"{0}\"", host));
        }
Exemplo n.º 5
0
        public async Task <IResponseEnvelope> InvalidateToken(string token)
        {
            var userToken = await userTokenRepository.SearchByTokenAsync(token);

            if (userToken == null || !userToken.IsValid)
            {
                return(ResponseEnvelope.CreateErrorResponseEnvelope <UserToken>(ValidationMessageHelper.CreateErrorMessage(ValidationMessages.INVALID_TOKEN)));
            }

            userToken.IsValid    = false;
            userToken.ModifyDate = DateTime.Now;

            await userTokenRepository.UpdateTokenAsync(userToken);

            return(ResponseEnvelope.CreateResponseEnvelope());
        }
        public async Task <IResponseEnvelope> InsertAsync(User user)
        {
            //Verify if already exists
            var u = await userRepository.SearchByEmailAsync(user.Email);

            if (u != null)
            {
                return(ResponseEnvelope.CreateErrorResponseEnvelope(ValidationMessageHelper.Create(ValidationMessages.EMAIL_EXISTS)));
            }
            if (!IsUserFieldsValid(user))
            {
                return(ResponseEnvelope.CreateErrorResponseEnvelope(ValidationMessageHelper.Create(ValidationMessages.INVALID_FIELDS)));
            }
            ;
            if (!IsUserFieldsFilled(user))
            {
                return(ResponseEnvelope.CreateErrorResponseEnvelope(ValidationMessageHelper.Create(ValidationMessages.MISSING_FIELDS)));
            }
            user.Password = securityHelper.SHA256(user.Password);
            await userRepository.InsertAsync(user);

            return(ResponseEnvelope.CreateResponseEnvelope());
        }