public ActionResult Login(LoginViewModel vm)
{
var customerService = _uow.GetRepository<Customer>();
var tokenService = _uow.GetRepository<ApiToken>();
var success = WebSecurity.Login(vm.EmailAddress, vm.Password);
var user = new Customer();
if (!success) return Json(user);
var userId = WebSecurity.GetUserId(vm.EmailAddress);
user = customerService.GetById(userId);
var token = new ApiToken
{
Key = HashSecurity.GenerateAppSecret(),
UserId = user.Id,
Created = DateTime.Now,
ValidUntil = DateTime.Now.AddDays(30),
ExplicitExpirationDate = null
};
tokenService.InsertOrUpdate(token);
_uow.SaveChanges();
return Json(new {user, token});
}
public ActionResult ValidateToken(string token)
{
var tokenService = _uow.GetRepository<ApiToken>();
var customerService = _uow.GetRepository<Customer>();
var user = new Customer();
var foundToken = tokenService.Query()
.FirstOrDefault(t => t.Key == token);
var isValid = foundToken != null &&
!foundToken.ExplicitExpirationDate.HasValue &&
foundToken.ValidUntil > DateTime.Now;
if (isValid)
{
user = customerService.GetById(foundToken.UserId);
}
return Json(new { isValid, user, token = foundToken });
}
