Пример #1
0
        public HttpResponseMessage Post(LoginRequest pLoginRequest)
        {
            TalkerContext talkerContext = new TalkerContext();
            User          user          = talkerContext.Users.Where(a => a.mName == pLoginRequest.mUserName).SingleOrDefault();

            if (user != null)
            {
                byte[] incomingPd = PasswordUtility.hash(pLoginRequest.mPassword, user.mSalt);
                if (PasswordUtility.slowEquals(incomingPd, user.mSaltedAndHashedPd))
                {
                    ClaimsIdentity claimsId = new ClaimsIdentity();
                    claimsId.AddClaim(new Claim(ClaimTypes.NameIdentifier, pLoginRequest.mUserName));
                    LoginResult loginResult = new CustomLoginProvider(handler).CreateLoginResult(claimsId, Services.Settings.MasterKey);
                    return(this.Request.CreateResponse(HttpStatusCode.OK, loginResult));
                }
            }

            return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid Username or Password"));
        }
Пример #2
0
        //Shuran: Notice that a pop-out window will still appear in this case to input username and password, just click cancel.
        //POST api/LoginRequest
        public HttpResponseMessage Post(RegisterRequest pRegisterRequest)
        {
            //Check if the Username is valid
            if (!Regex.IsMatch(pRegisterRequest.mUserName, "^[a-zA-Z0-9]{4,}$"))
            {
                return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Username"));
            }
            //Check if the Password is valid
            else if (pRegisterRequest.mPassword.Length < 8)
            {
                return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Password"));
            }
            //Check if the user exists already
            TalkerContext context = new TalkerContext();
            User          user    = context.Users.Where(a => a.mName == pRegisterRequest.mUserName).SingleOrDefault();

            if (user != null)
            {
                return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "User already exists"));
            }
            //Register the user
            else
            {
                byte[] salt = PasswordUtility.generateSalt();

                User newUser = new User
                {
                    Id    = Guid.NewGuid().ToString(),
                    mName = pRegisterRequest.mUserName,
                    mSalt = salt,
                    mSaltedAndHashedPd = PasswordUtility.hash(pRegisterRequest.mPassword, salt),
                    mUserType          = pRegisterRequest.mUserType
                };

                context.Users.Add(newUser);
                context.SaveChanges();
                //Return the success code
                return(this.Request.CreateResponse(HttpStatusCode.Created));
            }
        }