// POST api/CustomLogin
public HttpResponseMessage Post(LoginRequest loginRequest)
{
// TODO: Comment out for Azure Table storage.
MobileServiceContext context = new MobileServiceContext();
Account account = context.Accounts
.Where(a => a.Username == loginRequest.username).SingleOrDefault();
//// TODO: Uncomment to use Azure Table storage.
//// Create a query for a specific username.
//TableQuery<Account> query = new TableQuery<Account>().Where(
// TableQuery.GenerateFilterCondition("Username", QueryComparisons.Equal,
// loginRequest.username));
//// Execute the query to retrieve the account.
//Account account = accountTable.ExecuteQuery(query).SingleOrDefault();
if (account != null)
{
if (!account.IsConfirmed)
{
return this.Request.CreateResponse(HttpStatusCode.BadRequest,
"You must first confim your account registration.");
}
byte[] incoming = CustomLoginProviderUtils
.hash(loginRequest.password, account.Salt);
if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword))
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, loginRequest.username));
LoginResult loginResult = new CustomLoginProvider(handler)
.CreateLoginResult(claimsIdentity, Services.Settings.MasterKey);
var customLoginResult = new CustomLoginResult()
{
UserId = loginResult.User.UserId,
MobileServiceAuthenticationToken = loginResult.AuthenticationToken
};
return this.Request.CreateResponse(HttpStatusCode.OK, customLoginResult);
}
}
return this.Request.CreateResponse(HttpStatusCode.Unauthorized,
"Invalid username or password");
}
// POST api/CustomRegistration
public HttpResponseMessage Post(RegistrationRequest registrationRequest)
{
if (!Regex.IsMatch(registrationRequest.username, "^[a-zA-Z0-9]{4,}$"))
{
return this.Request.CreateResponse(HttpStatusCode.BadRequest,
"Invalid username (at least 4 chars, alphanumeric only)");
}
else if (registrationRequest.password.Length < 8)
{
return this.Request.CreateResponse(HttpStatusCode.BadRequest,
"Invalid password (at least 8 chars required)");
}
else if (!registrationRequest.email.Contains("@"))
{
return this.Request.CreateResponse(HttpStatusCode.BadRequest,
"Please supply a valid email address");
}
// TODO: Comment out for Azure Table storage.
// SQL Database version using Entity Framework for data access.
MobileServiceContext context = new MobileServiceContext();
Account account = context.Accounts.Where(a => a.Username == registrationRequest.username).SingleOrDefault();
//// TODO: Azure Table storage version.
//// Create a query for a specific username.
//TableQuery<Account> query = new TableQuery<Account>().Where(
// TableQuery.GenerateFilterCondition("Username", QueryComparisons.Equal,
// registrationRequest.username));
//// Execute the query to retrieve the account.
//Account account = accountTable.ExecuteQuery(query).FirstOrDefault();
// If there's already a confirmed account, return an error response.
if (account != null)
{
return this.Request.CreateResponse(HttpStatusCode.BadRequest,
"That username already exists.");
}
else
{
byte[] salt = CustomLoginProviderUtils.generateSalt();
Account newAccount = new Account
{
//// TODO: Uncomment the below for Azure Table storage.
//PartitionKey = "partition",
//RowKey = Guid.NewGuid().ToString(),
//// TODO: Comment-out for Azure Table storage.
Id = Guid.NewGuid().ToString(),
Username = registrationRequest.username,
Salt = salt,
SaltedAndHashedPassword =
CustomLoginProviderUtils.hash(registrationRequest.password, salt),
IsConfirmed = true, // this should be false until confirmed.
Email = registrationRequest.email,
FriendlyName = registrationRequest.friendlyName
};
// TODO: Comment out for Azure Table storage.
context.Accounts.Add(newAccount);
context.SaveChanges();
//// TODO: Azure Table storage version.
//// Insert the new account into the table.
//accountTable.Execute(TableOperation.Insert(newAccount));
// This is where you would kick-off the independent verification process,
// such as sending an email using SendGrid integration (http://aka.ms/busjrt).
// https://github.com/sendgrid/sendgrid-csharp
// Return the success response.
return this.Request.CreateResponse(HttpStatusCode.Created);
}
}