public IHttpActionResult Login(CustomLoginRequest loginRequest)
{
A account = GetAccountsDbSet(_context).GetUserAccount(loginRequest.UserId, "Federation");
if (account != null)
{
byte[] incoming = CustomLoginProviderUtils.Hash(loginRequest.Password, account.Salt);
if (CustomLoginProviderUtils.SlowEquals(incoming, account.Hash))
{
var accessToken = GetAuthenticationTokenForUser(account.Sid);
account.RefreshToken = CustomLoginProviderUtils.GenerateRefreshToken();
_context.SaveChanges();
return(Ok(new CustomLoginResult()
{
UserId = account.Sid,
MobileServiceAuthenticationToken = accessToken.RawData,
RefreshToken = account.RefreshToken
}));
}
}
return(BadRequest("Invalid name or password."));
}
public HttpResponseMessage GetVerify(string userId, string key)
{
string result = null;
A account = GetAccountsDbSet(_context).GetUserAccount(userId, "Federation");
if (account != null)
{
if (account.Verified)
{
result = "Account is already verified.";
}
else
{
var hash = CustomLoginProviderUtils.Hash(key, account.Salt);
if (CustomLoginProviderUtils.SlowEquals(hash, account.ConfirmationHash))
{
account.Verified = true;
_context.SaveChanges();
result = "Account was successfuly verified.";
}
else
{
result = "Wrong verification key.";
}
}
}
else
{
result = "Account was not found.";
}
var response = Request.CreateResponse(HttpStatusCode.OK);
response.Content = new StringContent($"<html><body>{result}</body></html>");
response.Content.Headers.ContentType = new MediaTypeHeaderValue("text/html");
return(response);
}