public Response Execute(NancyContext context, IResponseFormatter response)
{
if (!configurationStore.GetIsEnabled())
{
return(responseCreator.AsStatusCode(HttpStatusCode.BadRequest));
}
var model = modelBinder.Bind <LoginCommand>(context);
var attemptedUsername = model.Username;
var requestUserHostAddress = context.Request.UserHostAddress;
var action = loginTracker.BeforeAttempt(attemptedUsername, requestUserHostAddress);
if (action == InvalidLoginAction.Ban)
{
return(responseCreator.BadRequest("You have had too many failed login attempts in a short period of time. Please try again later."));
}
var userResult = credentialValidator.ValidateCredentials(attemptedUsername, model.Password);
if (!userResult.Succeeded)
{
loginTracker.RecordFailure(attemptedUsername, requestUserHostAddress);
if (action == InvalidLoginAction.Slow)
{
sleep.For(1000);
}
return(responseCreator.BadRequest(userResult.FailureReason));
}
var user = userResult.User;
if (user == null || !user.IsActive || user.IsService)
{
loginTracker.RecordFailure(attemptedUsername, requestUserHostAddress);
if (action == InvalidLoginAction.Slow)
{
sleep.For(1000);
}
return(responseCreator.BadRequest("Invalid username or password."));
}
loginTracker.RecordSucess(attemptedUsername, requestUserHostAddress);
var cookie = issuer.CreateAuthCookie(context, user.IdentificationToken, model.RememberMe);
return(responseCreator.AsOctopusJson(response, userMapper.MapToResource(user))
.WithCookie(cookie)
.WithStatusCode(HttpStatusCode.OK)
.WithHeader("Expires", DateTime.UtcNow.AddYears(1).ToString("R", DateTimeFormatInfo.InvariantInfo)));
}
