public void PostVerify() { A account = User.GetCurrentUserAccount(GetAccountsDbSet(_context)); if (account != null) { string confirmationKey = CustomLoginProviderUtils.RandomString(32); account.ConfirmationHash = CustomLoginProviderUtils.Hash(confirmationKey, account.Salt); account.Verified = false; _context.SaveChanges(); _emailService.SendEmail("Account confirmation", CreateConfirmationLink(account.Sid, confirmationKey), account); } }
public IHttpActionResult Login(CustomLoginRequest loginRequest) { A account = GetAccountsDbSet(_context).GetUserAccount(loginRequest.UserId, "Federation"); if (account != null) { byte[] incoming = CustomLoginProviderUtils.Hash(loginRequest.Password, account.Salt); if (CustomLoginProviderUtils.SlowEquals(incoming, account.Hash)) { var accessToken = GetAuthenticationTokenForUser(account.Sid); account.RefreshToken = CustomLoginProviderUtils.GenerateRefreshToken(); _context.SaveChanges(); return(Ok(new CustomLoginResult() { UserId = account.Sid, MobileServiceAuthenticationToken = accessToken.RawData, RefreshToken = account.RefreshToken })); } } return(BadRequest("Invalid name or password.")); }
/// <summary> /// Posts the specified registration request. /// </summary> /// <param name="registrationRequest">The registration request.</param> /// <returns></returns> public RegistrationResult Post(RegistrationRequest registrationRequest) { DbSet<A> accounts = GetAccountsDbSet(_context); A account = accounts.GetUserAccount(registrationRequest.UserId, "Federation"); if (account != null) { return RegistrationResult.AlreadyRegistered; } else { byte[] salt = CustomLoginProviderUtils.GenerateSalt(); A newAccount = new A { Sid = registrationRequest.UserId, Provider = "Federation", Salt = salt, Hash = CustomLoginProviderUtils.Hash(registrationRequest.Password, salt) }; accounts.Add(newAccount); _context.SaveChanges(); return RegistrationResult.Registered; } }
public HttpResponseMessage GetVerify(string userId, string key) { string result = null; A account = GetAccountsDbSet(_context).GetUserAccount(userId, "Federation"); if (account != null) { if (account.Verified) { result = "Account is already verified."; } else { var hash = CustomLoginProviderUtils.Hash(key, account.Salt); if (CustomLoginProviderUtils.SlowEquals(hash, account.ConfirmationHash)) { account.Verified = true; _context.SaveChanges(); result = "Account was successfuly verified."; } else { result = "Wrong verification key."; } } } else { result = "Account was not found."; } var response = Request.CreateResponse(HttpStatusCode.OK); response.Content = new StringContent($"<html><body>{result}</body></html>"); response.Content.Headers.ContentType = new MediaTypeHeaderValue("text/html"); return(response); }