Exemplo n.º 1
0
        public Payload<WebUser> Login(string username, string email, string password)
        {
            // create payload
            var payload = new Payload<WebUser>();

            // todo: check security

            // Validate
            var rules = new ValidationRules();
            rules.ValidateLoginEvent(username, email, password);

            // assign errors from validation (if applicable)
            payload.AssignValidationErrors(rules.Errors);

            // check if valid
            if (rules.IsValid)
            {
                // hash password
                var securityUtility = new SecurityUtilities();
                var hashedPassword = securityUtility.HashSomething(password);

                // get user based on email/username and hashed password
                WebUser user = null;
                using (var queries = new WebUserQueries())
                {
                    user = queries.GetByLogin(username, email);
                }

                // check if user is found (empty)
                if (user != null)
                {
                    // compare passwords to verify login
                    if (hashedPassword == user.HashedPassword)
                    {
                        // valid, so assign payload
                        payload.Data = user;

                        // log activity
                        AuditUtilities.Log(user, ActivityEventItem.Login,
                            string.Format(Resources.AuditEntries.Login, username));
                    }
                    else
                    {
                        // password mismatch error
                        payload.Errors.Add("00404", Resources.Errors.ERR00404);

                        // log activity
                        AuditUtilities.Log(null, ActivityEventItem.LoginFailed,
                            string.Format(Resources.AuditEntries.LoginFailed, username, Resources.Errors.ERR00404));
                    }
                }
                else
                {
                    // throw error on not found user
                    payload.Errors.Add("00405", Resources.Errors.ERR00405);

                    // log activity
                    AuditUtilities.Log(null, ActivityEventItem.LoginFailed,
                        string.Format(Resources.AuditEntries.LoginFailed, username, Resources.Errors.ERR00405));
                }
            }

            // todo: next steps in workflow

            // return payload
            return payload;
        }
Exemplo n.º 2
0
        public Payload<WebUser> Save(WebUser obj)
        {
            // create payload
            var payload = new Payload<WebUser>();

            // todo: check security

            // Prep obj
            bool isNewUser = (obj.Guid == null || obj.Guid == Guid.Empty);
            business.SetDefaults(ref obj);

            // hash password
            var securityUtility = new SecurityUtilities();
            obj.HashedPassword = securityUtility.HashSomething(obj.Password);

            // validate
            var rules = new ValidationRules();
            rules.Validate(obj);

            // assign errors from validation (if applicable)
            payload.AssignValidationErrors(rules.Errors);

            // check if valid
            if (rules.IsValid)
            {
                // if existing user, check the properties that have changed prior to update
                var changedProperties = new StringBuilder();
                bool isChangedPassword = false;
                if (!isNewUser)
                {
                    var originalUser = Get(obj.Guid).Data;
                    CheckChangedProperties(originalUser, obj, ref changedProperties);
                    isChangedPassword = CheckChangedPassword(originalUser, obj);
                }

                // save to db
                using (var queries = new WebUserQueries())
                {
                    queries.Save(ref obj);
                }

                // assign primary data
                payload.Data = obj;

                // log activity
                if (isNewUser)
                {
                    // new user
                    AuditUtilities.Log(obj, ActivityEventItem.Enroll,
                        string.Format(Resources.AuditEntries.Enroll, obj.Username));
                }
                else
                {
                    // updated user
                    AuditUtilities.Log(obj, ActivityEventItem.ProfileUpdated,
                        string.Format(Resources.AuditEntries.ProfileUpdated, obj.Username, changedProperties));

                    // update if password was changed
                    if (isChangedPassword)
                    {
                        AuditUtilities.Log(obj, ActivityEventItem.PasswordChanged,
                            string.Format(Resources.AuditEntries.PasswordChanged, obj.Username));
                    }
                }
            }

            // todo: next steps in workflow

            // return payload
            return payload;
        }