public virtual void Authenticate(string email, string password)
{
User = _userRepository.Get(email);
if (User == null)
throw new UnauthorizedException("Invalid User.");
User.ValidateAccess(password);
_unitOfWork.Commit();
}
public CreditCard(User user, Guid instantBuyKey, CreditCardBrand creditCardBrand, string lastFourDigits, int expMonth, int expYear)
: this()
{
User = user;
InstantBuyKey = instantBuyKey;
Brand = creditCardBrand;
LastFourDigits = lastFourDigits;
ExpMonth = expMonth;
ExpYear = expYear;
}
public Order(User customer, Event @event, int quantity)
: this()
{
if (customer == null)
throw new ArgumentNullException("customer");
if (customer == null)
throw new ArgumentNullException("customer");
if (quantity < 1)
throw new InvalidOperationException("Quantity should be should be greater than zero.");
Customer = customer;
Event = @event;
Price = @event.Price;
Quantity = quantity;
}
public virtual void ValidateAccess(string securityToken, string resource, string action, string method)
{
var isPublic = _publicResources.Contains(resource + (string.IsNullOrEmpty(action) ? "" : "." + action) + "." + method.ToLower()) || method == "OPTIONS";
if (isPublic)
return;
if (securityToken == null)
throw new ArgumentException("SecurityToken cannot be empty.");
Hashtable sessionData;
try
{
sessionData = DecryptSecurityToken(securityToken);
}
catch (FormatException)
{
throw new UnauthorizedException("Invalid SecurityToken.");
}
if ((DateTime)sessionData["Expires"] < DateTime.Now.ToUniversalTime())
throw new UnauthorizedException("Session expired.");
User = _userRepository.Get((int)sessionData["UserId"]);
if (User == null)
throw new UnauthorizedException("User not found.");
}
