public async Task <ResponseModelBase> ChangeEmail([FromBody] ChangeEmailRequestModel model)
{
if (!ModelState.IsValid)
{
return(ErrorModel.Of("invalid_request"));
}
UserModel usr;
if (await ldb.ValidateAccount(model.EmailAddress, model.Password))
{
return(ErrorModel.Of("username_or_password_incorrect"));
}
//retrieve the user
usr = await ldb.FindByEmailAddress(model.EmailAddress);
if (usr == null)
{
return(ErrorModel.Of("user_not_found"));
}
//make sure that the email address isn't in use
var other = await ldb.FindByEmailAddress(model.NewEmailAddress);
if (other != null)
{
return(ErrorModel.Of("email_address_in_use"));
}
usr.EmailAddress = model.NewEmailAddress;
usr.UniqueConfirmationCode = Guid.NewGuid();
usr.EmailConfirmationSent = DateTime.Now;
usr.IsEmailConfirmed = false;
Task.WaitAll(
ldb.UpdateUser(usr),
Backend.EmailSender.SendEmail(usr, Backend.EmailSender.RegistrationTemplate)
);
return(Models.OkModel.Of("email_address_changed"));
}
public async Task <ResponseModelBase> ChangePassword([FromBody] ChangePasswordRequestModel model)
{
if (!ModelState.IsValid)
{
return(ErrorModel.Of("invalid_request"));
}
if (!await ldb.ValidateAccount(model.EmailAddress, model.OldPassword))
{
return(ErrorModel.Of("username_or_password_incorrect"));
}
if (model.NewPassword.Length < 8)
{
return(ErrorModel.Of("password_too_short"));
}
//Change their password
var user = await ldb.FindByEmailAddress(model.EmailAddress);
if (user == null)
{
return(ErrorModel.Of("user_not_found"));
}
user.PasswordHashes = await Task.Run(() => PasswordHasher.GenerateHashPermutations(model.NewPassword));
//Clear all sessions
ldb.DBContext.Sessions.RemoveRange(user.ActiveSessions);
user.ActiveSessions.Clear();
//And login tokens
ldb.DBContext.ServerTokens.RemoveRange(user.ActiveServerTokens);
user.ActiveServerTokens.Clear();
//Update
await ldb.UpdateUser(user);
return(OkModel.Of("password_changed"));
}
public async Task <ResponseModelBase> ChangeForgottenPassword([FromBody] ForgotPasswordDoChangeRequestModel model)
{
if (!ModelState.IsValid)
{
return(ErrorModel.Of("invalid_request"));
}
if (model.NewPassword.Length < 8)
{
return(ErrorModel.Of("password_too_short"));
}
//Change their password
var user = await ldb.FindByUniqueId(model.UserId);
//validate user
if (user == null)
{
return(ErrorModel.Of("user_not_found"));
}
//and code
if (user.UniqueConfirmationCode != model.ConfirmationCode)
{
return(ErrorModel.Of("email_confirmation_code_incorrect"));
}
user.PasswordHashes = await Task.Run(() => PasswordHasher.GenerateHashPermutations(model.NewPassword));
user.UniqueConfirmationCode = Guid.NewGuid();
//Clear all sessions
ldb.DBContext.Sessions.RemoveRange(user.ActiveSessions);
user.ActiveSessions.Clear();
//And login tokens
ldb.DBContext.ServerTokens.RemoveRange(user.ActiveServerTokens);
user.ActiveServerTokens.Clear();
//And save
await ldb.UpdateUser(user);
return(Models.OkModel.Of("password_changed"));
}
public async Task <ResponseModelBase <UserServerTokenResponseModel> > CreateServerToken([FromBody] AuthenticatedRequestModel model)
{
if (!ModelState.IsValid)
{
return(ErrorModel.Of <UserServerTokenResponseModel>(null, "invalid_request"));
}
var session = await ldb.GetSessionFromKey(model.SessionKey);
if (session == null)
{
return(ErrorModel.Of <UserServerTokenResponseModel>(null, "not_logged_in")); //Auth failed
}
var token = new UserServerTokenModel();
token.ExpiryDate = DateTime.UtcNow + TimeSpan.FromMinutes(2);
token.ServerToken = Guid.NewGuid().ToString("N");
session.Owner.AddToken(token);
await ldb.UpdateUser(session.Owner);
return(OkModel.Of(new UserServerTokenResponseModel(token)));
}
public async Task <ResponseModelBase> RedeemProduct([FromBody] RedeemProductRequestModel model)
{
if (!ModelState.IsValid)
{
return(ErrorModel.Of("invalid_request"));
}
var user = await ldb.FindBySessionKey(model.SessionKey);
if (user == null)
{
return(ErrorModel.Of("not_logged_in"));
}
var tableStorageString = Startup.Configuration["Data:TableStorageConnectionString"];
//update
var account = CloudStorageAccount.Parse(tableStorageString);
var client = account.CreateCloudTableClient();
var table = client.GetTableReference("ZSBProductKeys");
var partitionKey = model.ProductKey.Substring(0, 4);
var key = model.ProductKey.ToUpper().Replace("-", "");
var result = await table.ExecuteAsync(
TableOperation.Retrieve <ProductKeyStorageModel>(partitionKey, key));
if (result.HttpStatusCode != 200) //error
{
return(Models.ErrorModel.Of("product_key_not_found"));
}
//Do stuff (update the db)
var obj = (ProductKeyStorageModel)result.Result;
if (obj.HasBeenRedeemed)
{
return(ErrorModel.Of("product_key_already_redeemed"));
}
obj.HasBeenRedeemed = true;
obj.RedemptionDate = DateTime.UtcNow;
obj.RedeemerAccountId = user.UniqueId;
obj.RedeemerAccountEmailAddress = user.EmailAddress;
//and update the user
user.OwnedProducts.Add(new UserOwnedProductModel
{
EditionId = obj.EditionId,
ProductId = obj.ProductId,
ProductKey = obj.Key,
RedemptionDate = DateTime.UtcNow
});
await table.ExecuteAsync(TableOperation.Merge(obj));
await ldb.UpdateUser(user);
await Backend.EmailSender.SendEmail(user, Backend.EmailSender.ProductKeyRedeemedTemplate,
new Dictionary <string, string>()
{
{ "-displayName-", obj.DisplayName },
{ "-productName-", obj.ProductName },
{ "-productId-", obj.ProductId.ToString() },
{ "-editionName-", obj.EditionName },
{ "-editionId-", obj.EditionId.ToString() },
{ "-productKey-", obj.Key },
{ "-downloadUrl-", (await Backend.ProductDatabase.GetProduct(obj.ProductId, obj.EditionId)).Product.DownloadUrl },
{ "-redemptionDate-", DateTime.UtcNow.ToString("G") }
});
return(OkModel.Of("product_key_redeemed"));
}
