public HttpResponseMessage AdminRegistration(RegistrationRequest registrationRequest) { try { var respList = new List <string>(); if (!AuthUtils.IsEmailValid(registrationRequest.Email)) { respList.Add(registrationRequest.Email); return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_REG_INVALID_EMAIL, respList))); } var admin = _context.Admins.AsNoTracking().SingleOrDefault(a => a.Email == registrationRequest.Email); if (admin != null) { respList.Add(registrationRequest.Email); return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_REG_EXISTS_EMAIL, respList))); } var salt = AuthUtils.GenerateSalt(); var newUser = new Admin { Id = SequentialGuid.NewGuid().ToString(), Email = registrationRequest.Email, Salt = salt, SaltedAndHashedPassword = AuthUtils.Hash(registrationRequest.Password, salt) }; _context.Admins.Add(newUser); _context.SaveChanges(); respList.Add(newUser.Id); return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_CREATED, respList))); } catch (Exception ex) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_EXCEPTION, new List <string> { ex.ToString() }))); } }
public HttpResponseMessage Post(RegistrationRequest registrationRequest) { try { var respList = new List <string>(); if (!AuthUtils.IsEmailValid(registrationRequest.Email)) { respList.Add(registrationRequest.Email); return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_REG_INVALID_EMAIL, respList))); } if (registrationRequest.Password.Length < 8) { respList.Add(registrationRequest.Password); return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_REG_INVALID_PASSWORD, respList))); } var user = _context.Users.AsNoTracking().SingleOrDefault(a => a.Email == registrationRequest.Email); if (user != null) { respList.Add(registrationRequest.Email); return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_REG_EXISTS_EMAIL, respList))); } var salt = AuthUtils.GenerateSalt(); var confirmCode = AuthUtils.RandomNumString(6); var userId = SequentialGuid.NewGuid().ToString(); var newUser = new User { Id = userId, Email = registrationRequest.Email, Salt = salt, EmailSubCode = SequentialGuid.NewGuid().ToString(), SaltedAndHashedPassword = AuthUtils.Hash(registrationRequest.Password, salt), SaltedAndHashedEmail = AuthUtils.Hash(confirmCode, salt) }; _context.Users.Add(newUser); _context.SaveChanges(); AuthUtils.CreateAccount(_context, StandartLoginProvider.ProviderName, registrationRequest.Email, StandartLoginProvider.ProviderName + ":" + registrationRequest.Email, registrationRequest.Email, registrationRequest.FirstName); using (MailSender mailSender = new MailSender()) { var bem = new BaseEmailMessage { Code = ConstVals.Reg, ToUserId = newUser.Id, ToUserEmail = registrationRequest.Email, ToUserName = registrationRequest.FirstName, ConfirmCode = confirmCode }; mailSender.Create(_context, bem); } respList.Add(newUser.Id); return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_CREATED, respList))); } catch (Exception ex) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_EXCEPTION, new List <string> { ex.ToString() }))); } }
public HttpResponseMessage ChangePassword(ConfirmRequest resetRequest) { try { User user; if (!string.IsNullOrEmpty(resetRequest.UserId) || !string.IsNullOrEmpty(resetRequest.Email)) { if (resetRequest.Code == null) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> { "code" }))); } user = !string.IsNullOrEmpty(resetRequest.UserId) ? _context.Users.SingleOrDefault(x => x.Id == resetRequest.UserId) : _context.Users.SingleOrDefault(x => x.Email == resetRequest.Email); if (user == null) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_USER_NOTFOUND, new List <string> { resetRequest.UserId ?? resetRequest.Email }))); } var standartAccount = _context.Accounts.SingleOrDefault( x => x.Provider == StandartLoginProvider.ProviderName && x.UserId == user.Id); if (standartAccount == null) { var newstandartaccount = new Account { Id = SequentialGuid.NewGuid().ToString(), UserId = user.Id, AccountId = StandartLoginProvider.ProviderName + ":" + user.Email, Provider = StandartLoginProvider.ProviderName, ProviderId = user.Email }; _context.Accounts.Add(newstandartaccount); _context.SaveChanges(); } if (!user.ResetRequested) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_USER_RESET_NOT_REQUESTED, new List <string> { resetRequest.UserId ?? resetRequest.Email }))); } var incoming = AuthUtils.Hash(resetRequest.Code, user.Salt); if (!AuthUtils.SlowEquals(incoming, user.SaltedAndHashedCode)) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_USER_WRONG_CODE, new List <string> { resetRequest.UserId ?? resetRequest.Email, resetRequest.Code }))); } user.SaltedAndHashedCode = null; user.EmailConfirmed = true; user.ResetRequested = false; } else { // Check Current User var currentUser = User as ServiceUser; if (currentUser == null) { return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_UNAUTH))); } var account = AuthUtils.GetUserAccount(_context, currentUser); if (account == null) { return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_USER_NOTFOUND, new List <string> { currentUser.Id }))); } user = _context.Users.SingleOrDefault(x => x.Id == account.UserId); if (user == null) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_USER_NOTFOUND, new List <string> { account.UserId }))); } var standartAccount = _context.Accounts.SingleOrDefault( x => x.Provider == StandartLoginProvider.ProviderName && x.UserId == user.Id); if (standartAccount == null) { var newstandartaccount = new Account { Id = SequentialGuid.NewGuid().ToString(), UserId = user.Id, AccountId = StandartLoginProvider.ProviderName + ":" + user.Email, Provider = StandartLoginProvider.ProviderName, ProviderId = user.Email }; _context.Accounts.Add(newstandartaccount); _context.SaveChanges(); } if (string.IsNullOrWhiteSpace(resetRequest.CurrentPassword)) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> { "current password" }))); } if ( !AuthUtils.SlowEquals(AuthUtils.Hash(resetRequest.CurrentPassword, user.Salt), user.SaltedAndHashedPassword)) { return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_LOGIN_INVALID_PASS))); } } if (string.IsNullOrWhiteSpace(resetRequest.Password)) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_USER_REQUIRED, new List <string> { "password" }))); } if (resetRequest.Password.Length < 8) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_REG_INVALID_PASSWORD, new List <string> { resetRequest.Password }))); } var salt = AuthUtils.GenerateSalt(); user.Salt = salt; user.SaltedAndHashedPassword = AuthUtils.Hash(resetRequest.Password, salt); _context.SaveChanges(); return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_USER_RESETED, new List <string> { user.Id }))); } catch (Exception ex) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_EXCEPTION, new List <string> { ex.ToString() }))); } }
public HttpResponseMessage SetEmail(UserDTO userdata) { try { var respList = new List <string>(); if (string.IsNullOrWhiteSpace(userdata.Email)) { respList.Add("Email"); return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_USER_REQUIRED, respList))); } if (!AuthUtils.IsEmailValid(userdata.Email)) { respList.Add(userdata.Email); return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_REG_INVALID_EMAIL, respList))); } var usersame = _context.Users.AsNoTracking().SingleOrDefault(a => a.Email == userdata.Email); if (usersame != null) { respList.Add(userdata.Email); return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_REG_EXISTS_EMAIL, respList))); } // Check Current User var currentUser = User as ServiceUser; if (currentUser == null) { return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_UNAUTH))); } var account = AuthUtils.GetUserAccount(_context, currentUser); if (account == null) { respList.Add(currentUser.Id); return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_USER_NOTFOUND, respList))); } var user = _context.Users.SingleOrDefault(x => x.Id == account.UserId); var profile = _context.Profile.SingleOrDefault(x => x.Id == account.UserId); if (user == null || profile == null) { respList.Add(account.UserId); return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_USER_NOTFOUND, respList))); } if (!string.IsNullOrWhiteSpace(user.Email)) { respList.Add(user.Email); return(Request.CreateResponse(HttpStatusCode.Unauthorized, RespH.Create(RespH.SRV_USER_EXISTS, respList))); } var salt = AuthUtils.GenerateSalt(); var confirmCode = AuthUtils.RandomNumString(6); user.Email = userdata.Email; user.Salt = salt; user.SaltedAndHashedEmail = AuthUtils.Hash(confirmCode, salt); _context.MarkAsModified(user); _context.SaveChanges(); using (MailSender mailSender = new MailSender()) { var bem = new BaseEmailMessage { Code = ConstVals.Reg, ToUserId = user.Id, ToUserEmail = user.Email, ToUserName = profile.FirstName, ConfirmCode = confirmCode }; mailSender.Create(_context, bem); } respList.Add(user.Id); return(Request.CreateResponse(HttpStatusCode.OK, RespH.Create(RespH.SRV_UPDATED, respList))); } catch (Exception ex) { return(Request.CreateResponse(HttpStatusCode.BadRequest, RespH.Create(RespH.SRV_EXCEPTION, new List <string> { ex.ToString() }))); } }