public async Task <IHttpActionResult> ValidateNewEmail(NoncePairDto nonceDto)
{
if (ModelState.IsValid)
{
var sessionInDb = await
db.Sessions.SingleOrDefaultAsync(QueryHelper.GetSessionObjectValidationQuery(nonceDto.Session));
if (sessionInDb != null)
{
var user = sessionInDb.User;
var result = user.ValidateNewEmail(nonceDto.Nonce);
await db.SaveChangesAsync();
if (result)
{
return(Ok());
}
else
{
return(NotFound()); //Wrong Nonce
}
}
return(Unauthorized());
}
return(BadRequest());
}
public async Task <IHttpActionResult> Validate(NoncePairDto noncePair)
{
if (ModelState.IsValid)
{
var session = await
db.Sessions.SingleOrDefaultAsync(
QueryHelper.GetSessionObjectValidationQuery(noncePair.Session));
if (session != null)
{
var validator = db.UserPhoneNumberValidators.Where(v => v.UserId == session.User.Id).OrderByDescending(v => v.CreatedAt)
.First();
if (validator.SecurityToken == HasherHelper.sha256_hash(noncePair.Nonce.ToString()))
{
validator.IsValidated = true;
validator.ValidatedAt = DateTime.Now;
return(Ok());
}
return(NotFound()); //Wrong Nonce
}
return(Unauthorized());
}
return(BadRequest());
}
public async Task <IHttpActionResult> Active(NoncePairDto pendingSession)
{
if (ModelState.IsValid)
{
var session =
await db
.Sessions
.Where(QueryHelper.GetPendingSessionQuery(pendingSession))
.SingleOrDefaultAsync();
if (session == null)
{
return(NotFound()); //Wrong Nonce Entered
}
session.User.State = UserState.ACTIVE;
session.User.UpdatedAt = DateTime.Now;
session.ActivationMoment = DateTime.Now;
session.State = SessionState.ACTIVE;
//We add the registered phone number to user's validated phone number.
if (session.User.PhoneNumber != null)
{
var newValidator = new UserPhoneNumberValidator()
{
UserId = session.User.Id,
TargetNumber = session.User.PhoneNumber,
SecurityToken = HasherHelper.sha256_hash(pendingSession.Nonce.ToString()),
IsValidated = true,
CreatedAt = DateTime.Now,
ValidatedAt = DateTime.Now
};
db.UserPhoneNumberValidators.Add(newValidator);
}
await db.SaveChangesAsync();
SessionInfoObject sessionInfo = new SessionInfoObject()
{
SessionKey = session.SessionKey,
SessionId = session.Id
};
return(Ok(sessionInfo));
}
return(BadRequest());
}
public static Expression <System.Func <Session, bool> > GetPendingSessionQuery(NoncePairDto pendingSession)
{
return(s => s.Id == pendingSession.Session.SessionId &&
s.SessionKey == pendingSession.Session.SessionKey &&
s.Nonce == pendingSession.Nonce &&
s.State == SessionState.PENDING);
}
