public HttpResponseMessage RegisterUser(UserDto value)
{
BloggingSystemContext context = null;
try
{
context = new BloggingSystemContext();
this.ValidateUserIdentifier(
value.Username,
"Username",
MinUsernameLength,
MaxUsernameLength,
ValidUsernameCharacters);
this.ValidateUserIdentifier(
value.DisplayName,
"Display name",
MinDisplayNameLength,
MaxDisplayNameLength,
ValidDisplayNameCharacters);
this.ValidateAuthCode(value.AuthCode);
var user = context.Users.FirstOrDefault(
u => u.Username == value.Username ||
u.DisplayName == value.DisplayName);
if (user != null)
{
throw new InvalidOperationException("User already exists.");
}
user = new User()
{
Username = value.Username,
DisplayName = value.DisplayName,
AuthCode = value.AuthCode
};
context.Users.Add(user);
context.SaveChanges();
user.SessionKey = this.GenerateSessionKey(user.Id);
context.SaveChanges();
var loggedUserDto = new LoggedUserDto()
{
DisplayName = user.DisplayName,
SessionKey = user.SessionKey
};
var response = Request.CreateResponse(HttpStatusCode.Created, loggedUserDto);
return response;
}
catch (Exception ex)
{
var errorResponse = Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message);
throw new HttpResponseException(errorResponse);
}
finally
{
if (context != null)
{
context.Dispose();
}
}
}
public HttpResponseMessage LoginUser(UserDto value)
{
BloggingSystemContext context = null;
try
{
context = new BloggingSystemContext();
this.ValidateUserIdentifier(
value.Username,
"Username",
MinUsernameLength,
MaxUsernameLength,
ValidUsernameCharacters);
this.ValidateAuthCode(value.AuthCode);
var user = context.Users.FirstOrDefault(
u => u.Username == value.Username &&
u.AuthCode == value.AuthCode);
if (user == null)
{
throw new InvalidOperationException("Invalid username or password.");
}
if (user.SessionKey == null || user.SessionKey.Length != SessionKeyLength)
{
user.SessionKey = this.GenerateSessionKey(user.Id);
context.SaveChanges();
}
var loggedUserDto = new LoggedUserDto()
{
DisplayName = user.DisplayName,
SessionKey = user.SessionKey
};
var response = Request.CreateResponse(HttpStatusCode.Accepted, loggedUserDto);
return response;
}
catch (Exception ex)
{
var errorResponse = Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message);
throw new HttpResponseException(errorResponse);
}
finally
{
if (context != null)
{
context.Dispose();
}
}
}
public void TestLogoutUser_SessionKeyIsNull_ShouldReturnOK()
{
var loggedUser = new LoggedUserDto
{
DisplayName = "Peter Petroff",
SessionKey = null
};
var headers = new Dictionary<string, string>();
headers["X-SessionKey"] = loggedUser.SessionKey;
var logoutResult = httpServer.Put("api/users/logout", headers);
Assert.AreEqual(HttpStatusCode.BadRequest, logoutResult.StatusCode);
}
