public bool AddAuthToken(AuthTokenVM authTokenVM)
{
//todo delete old tokens/expired
var authToken = MapMVM.AuthTokenVMToAuthToken(authTokenVM);
_uow.SecurityRepository.AddAuthToken(authToken);
return true;
}
public static AuthToken AuthTokenVMToAuthToken(AuthTokenVM authTokenVM)
{
var authToken = new AuthToken()
{
Expiration = authTokenVM.Expiration,
Token = authTokenVM.Token,
ApiUser = authTokenVM.ApiUser
};
return authToken;
}
public HttpResponseMessage Post([FromBody]TokenRequestModel model)
{
try
{
var user = _service.GetApiUser(model.ApiKey);
if (user != null)
{
var secret = user.Secret;
// Simplistic implementation DO NOT USE
var key = Convert.FromBase64String(secret);
var provider = new System.Security.Cryptography.HMACSHA256(key);
// Compute Hash from API Key (NOT SECURE)
var hash = provider.ComputeHash(Encoding.UTF8.GetBytes(user.AppId));
var signature = Convert.ToBase64String(hash);
if (signature == model.Signature)
{
var rawTokenInfo = string.Concat(user.AppId + DateTime.UtcNow.ToString("d"));
var rawTokenByte = Encoding.UTF8.GetBytes(rawTokenInfo);
var token = provider.ComputeHash(rawTokenByte);
var authToken = new AuthTokenVM()
{
Token = Convert.ToBase64String(token),
Expiration = DateTime.UtcNow.AddDays(7),
ApiUser = user
};
if (_service.AddAuthToken(authToken))
{
return Request.CreateResponse(HttpStatusCode.Created, authToken);
}
}
}
}
catch (Exception ex)
{
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex);
}
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
