public async Task <IActionResult> Register([FromBody] AccountDTO dto) { if (!IsPopulated(dto?.email) || !IsPopulated(dto?.password)) { return(BadRequest()); } if (!EmailHelpers.Validate(dto.Username)) { return(BadRequest()); } if (!Boolean.Parse(_config["Tracktor:RegistrationEnabled"])) { return(BadRequest("@RegistrationDisabled")); } if (_config["Tracktor:RegistrationCode"] != dto.code) { return(BadRequest("@BadCode")); } var user = new ApplicationUser { UserName = dto.Username, Email = dto.Username }; var result = await _userManager.CreateAsync(user, dto.password); if (result.Succeeded) { user = await _userManager.FindByEmailAsync(dto.Username); await _userManager.AddToRoleAsync(user, "User"); await _signInManager.SignInAsync(user, isPersistent : true); _logger.LogInformation(3, $"User {dto.Username} created a new account with a password"); // create user in tracktor user.TUserID = await _client.CreateUserAsync(user.Id); user.TimeZone = dto.timezone; await _userManager.UpdateAsync(user); return(Ok(await CreateResponse(user))); } else if (result.Errors != null && result.Errors.Any(e => e.Code == "DuplicateUserName")) { return(BadRequest("@UsernameTaken")); } else { _logger.LogWarning($"Unable to register user {dto.Username}: {string.Join(", ", result.Errors.Select(e => e.Description))}"); } return(BadRequest("@UnableToRegister")); }
public async Task <IActionResult> ExternalLogin([FromBody] AccountDTO dto) { if (!IsPopulated(dto?.code) || !IsPopulated(dto?.provider)) { return(BadRequest()); } var appVerified = false; var emailVerified = false; switch (dto.provider) { case "Facebook": { try { var hc = new HttpClient(); var verifyUrl = _config["Facebook:VerifyUrl"]; var appId = _config["Facebook:AppId"]; var userUrl = _config["Facebook:UserUrl"]; if (string.IsNullOrWhiteSpace(verifyUrl) || string.IsNullOrWhiteSpace(userUrl)) { return(BadRequest("@ProviderNotEnabled")); } var appString = await hc.GetStringAsync(verifyUrl + dto.code); var userString = await hc.GetStringAsync(userUrl + dto.code); if (!string.IsNullOrWhiteSpace(appString) && !string.IsNullOrWhiteSpace(userString)) { var appResult = Newtonsoft.Json.JsonConvert.DeserializeObject(appString) as JObject; var userResult = Newtonsoft.Json.JsonConvert.DeserializeObject(userString) as JObject; if (userResult["email"] != null) { dto.email = userResult["email"].ToString(); emailVerified = true; } if (appResult["id"] != null && appResult["id"].ToString() == appId) { appVerified = true; } } } catch (Exception ex) { _logger.LogError($"Unable to log via {dto.provider}: {ex.Message}"); return(BadRequest("@UnableToLogin" + dto.provider)); } } break; default: return(BadRequest("@UnknownLoginProvider")); } if (string.IsNullOrWhiteSpace(dto.Username) || !emailVerified || !appVerified) { return(BadRequest("@UnableToLogin" + dto.provider)); } if (!EmailHelpers.Validate(dto.Username)) { return(BadRequest()); } // create user if necessary var user = await _userManager.FindByEmailAsync(dto.Username); if (user == null) { if (!Boolean.Parse(_config["Tracktor:RegistrationEnabled"])) { return(BadRequest("@RegistrationDisabled")); } user = new ApplicationUser { Email = dto.Username, UserName = dto.Username }; await _userManager.CreateAsync(user); await _userManager.AddToRoleAsync(user, "User"); } if (await _signInManager.CanSignInAsync(user)) { await _signInManager.SignInAsync(user, true); _logger.LogInformation(1, $"User {dto.Username} logged in from {Request.HttpContext.Connection.RemoteIpAddress} via Facebook"); return(Ok(await CreateResponse(user))); } else { _logger.LogWarning(2, $"Invalid login attempt for user {dto.Username} from {Request.HttpContext.Connection.RemoteIpAddress}."); return(BadRequest("@UnableToLogin" + dto.provider)); } }