public IHttpActionResult DeleteConversation(int conversationId)
{
//The authentication part start from here
//Create security context from the token
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
//Validate the token
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());
}
//Create authorization manager from security context to check claims
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());
}
else
{
UserManager um = new UserManager();
//Find auth user Id from auth username
_authUserId = um.FindByUserName(securityContext.UserName).Id;
try
{
//string updatedToken = sm.RefreshSession(securityContext.Token);
//Delete conversation using conversationId
var conversation = _messengerManager.DeleteConversation(conversationId);
return(Ok(new { conversation = conversation } /*new { SITtoken = updatedToken}*/));
}
catch (DbUpdateException ex)
{
return(Content(HttpStatusCode.NotFound, "conversation does not exist to be delete"));
}
}
}
public IHttpActionResult DeleteFriend(int friendId)
{
//The authentication part start from here
//Create security context from the token
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());
}
//Create authorization manager from security context to check claims
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());
}
else
{
UserManager um = new UserManager();
// Get authUserId from auth username
_authUserId = um.FindByUserName(securityContext.UserName).Id;
try
{
//string updatedToken = sm.RefreshSession(securityContext.Token);
// Try to remove a user from the friendlist
_messengerManager.RemoveUserFromFriendList(_authUserId, friendId);
return(Ok(/*new { SITtoken = updatedToken }*/));
}
catch (DbUpdateException ex)
{
return(Content(HttpStatusCode.InternalServerError, "There is a error removing user from friend list" /*SITtoken = updatedToken*/));
}
}
}
public HttpResponseMessage GetUserInfoWithId(int id)
{
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
// TODO get this from table in database.
List <string> requiredClaims = new List <string>()
{
"CanReadOwnStudentAccount"
};
if (securityContext.UserId != id ||
!authorizationManager.CheckClaims(requiredClaims))
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
else
{
UserManager um = new UserManager();
UserDTO userDTO = um.GetUserInfo(id);
var student = um.FindStudentById(id);
if (student is null)
{
userDTO.SchoolId = 0;
}
else
{
userDTO.SchoolId = student.SchoolDepartment.SchoolId;
}
string updatedToken = sm.RefreshSession(securityContext.Token);
return(Request.CreateResponse(
HttpStatusCode.OK, new { User = userDTO, SITtoken = updatedToken }
));
}
}
public IHttpActionResult GetUserProfile([FromUri] int accountId)
{
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());
}
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
// TODO get this from table in database.
List <string> requiredClaims = new List <string>()
{
"CanReadAStudentPublicInformation"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());
}
else
{
try
{
UserManager userManager = new UserManager();
string updatedToken = sm.RefreshSession(securityContext.Token);
var results = userManager.GetUserProfile(accountId);
return(Ok(new { User = results, SITtoken = updatedToken }));
}
catch (Exception x) when(x is ArgumentException)
{
return(Content(HttpStatusCode.BadRequest, x.Message));
}
catch (Exception x)
{
return(Content(HttpStatusCode.InternalServerError, x.Message));
}
}
}
public IHttpActionResult GetPublicUserInfoWithId(int id)
{
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());
}
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
// TODO get this from table in database.
List <string> requiredClaims = new List <string>()
{
"CanReadAStudentPublicInformation"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());
}
else
{
UserManager um = new UserManager();
UserDTO userDTO = um.GetUserInfo(id);
var publicUserInfo = new
{
Id = userDTO.Id,
UserName = userDTO.UserName,
FirstName = userDTO.FirstName,
LastName = userDTO.LastName,
Exp = userDTO.Exp
};
string updatedToken = sm.RefreshSession(securityContext.Token);
return(Ok(
new { User = publicUserInfo, SITtoken = updatedToken }
));
}
}
public IHttpActionResult GetUserIdWithUsername(string username)
{
UserManager umManager = new UserManager();
//The authentication part start from here
//Create security context from the token
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());;
}
//Create authorization manager from security context to check claims
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());;
}
else
{
var user = umManager.FindByUserName(username);
if (user != null)
{
return(Ok(user.Id));
}
else
{
return(NotFound());
}
}
}
public IHttpActionResult GetAuthUserIdAndUsername()
{
//The authentication part start from here
//Create security context from the token
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());;
}
//Create authorization manager from security context to check claims
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());;
}
else
{
UserManager um = new UserManager();
Account user = um.FindByUserName(securityContext.UserName);
_authUserId = user.Id;
var authUsername = user.UserName;
//string updatedToken = sm.RefreshSession(securityContext.Token);
return(Ok(new { authUserId = _authUserId, authUsername = authUsername /*SITtoken = updatedToken*/ }));
}
}
public IHttpActionResult GetFriendList()
{
//The authentication part start from here
//Create security context from the token
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());;
}
//Validate the token
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());;
}
//Create authorization manager from security context to check claims
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
// TODO get this from table in database.
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());;
}
else
{
UserManager um = new UserManager();
// Get authUserId from auth username
_authUserId = um.FindByUserName(securityContext.UserName).Id;
// Get all friends in the friendlist
var friendList = _messengerManager.GetAllFriendRelationships(_authUserId);
if (friendList != null)
{
// From here is creating list of friend to return to the UI for render
List <FriendRelationshipDTO> friendListDTO = new List <FriendRelationshipDTO>();
foreach (FriendRelationship friend in friendList)
{
friendListDTO.Add(new FriendRelationshipDTO
{
FriendId = friend.FriendId,
FriendUsername = um.FindUserById(friend.FriendId).UserName
});
}
//string updatedToken = sm.RefreshSession(securityContext.Token);
return(Ok(new { friendList = friendListDTO, /*SITtoken = updatedToken */ }));
}
else
{
return(Content(HttpStatusCode.NotFound, "User does not have any friend"));
}
}
}
public IHttpActionResult AddFriendContactList(string addedUsername)
{
//The authentication part start from here
//Create security context from the token
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());;
}
//Validate the token
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());;
}
//Create authorization manager from security context to check claims
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
// TODO get this from table in database.
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());;
}
else
{
UserManager um = new UserManager();
// Get authUserId from auth username
_authUserId = um.FindByUserName(securityContext.UserName).Id;
FriendRelationship friendRelationship = null;
try
{
// Try to add friend
friendRelationship = _messengerManager.AddUserFriendList(_authUserId, addedUsername);
}
catch (Exception ex)
{
if (ex is MessageReceiverNotFoundException)
{
return(Content(HttpStatusCode.NotFound, "User with the username does not exist to be added"));
}
else if (ex is DuplicatedFriendException)
{
return(Content(HttpStatusCode.Conflict, "User with the username is already in friend list "));
}
else if (ex is DbUpdateException)
{
return(Content(HttpStatusCode.InternalServerError, "There is a error when saving friend relationship to database"));
}
}
// Create FriendRelationship DTO to return to the front end to render the friendlist
var friendRelationshipDTO = new FriendRelationshipDTO
{
FriendId = friendRelationship.FriendId,
FriendUsername = um.FindUserById(friendRelationship.FriendId).UserName
};
return(Ok(new { friend = friendRelationshipDTO } /*new { SITtoken = updatedToken }*/));
}
//string updatedToken = sm.RefreshSession(securityContext.Token);
}
//[ActionName("SendMessageExistingConversation")]
public IHttpActionResult SendMessageWithNewConversation([FromBody] NewConversationMessageDTO newConversationMessageDTO)
{
//The authentication part start from here
//Create security context from the token
UserManager um = new UserManager();
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(Request.Headers);
if (securityContext == null)
{
return(Unauthorized());;
}
//Validate the token
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());;
}
//Create authorization manager from security context to check claims
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
// TODO get this from table in database.
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());;
}
else
{
// Find auth user id from auth user name
_authUserId = um.FindByUserName(securityContext.UserName).Id;
var authUsername = securityContext.UserName;
// Find contact user name
var contactUser = um.FindByUserName(newConversationMessageDTO.ContactUsername);
Message returnMessage;
if (contactUser != null && contactUser.Id != _authUserId)
{
// Map the message to store in database
var message = new Message
{
MessageContent = newConversationMessageDTO.MessageContent,
OutgoingMessage = true,
CreatedDate = DateTime.Now
};
// Save message to database
try
{
returnMessage = _messengerManager.SaveMessageToDatabase(message, _authUserId, contactUser.Id);
}
catch (DbUpdateException ex)
{
return(Content(HttpStatusCode.InternalServerError, "There is an error when saving message to database"));
}
// Set up SignalR Hub to broadcast the FetchMessage command in receiver
var myHub = GlobalHost.ConnectionManager.GetHubContext <MessengerHub>();
// Get the message receiver's connection ID to broadcast FetchMessage command to
// Lookup by contactId
var connectionIDList = _messengerManager.GetConnectionIdWithUserId(contactUser.Id);
if (connectionIDList != null)
{
// When message is saved to database, it will be saved to both auth user's conversation and receiver's conversation
//Get the conversation id of the conversation that just receive the new message from auth user.
//This conversation is the one belongs to receiver/.
int conversationIdToFetchMessage = _messengerManager.GetConversationBetweenUsers(contactUser.Id, _authUserId).Id;
//Then broadcast that conversation id to the recever only using connection Id
//Then the receiver will know the which conversation that has new message ,and fetch the message
foreach (ChatConnectionMapping cM in connectionIDList)
{
var result = myHub.Clients.Client(cM.ConnectionId).FetchMessages(conversationIdToFetchMessage);
}
// string updatedToken = sm.RefreshSession(securityContext.Token);
}
var StoredMessageDTO = new StoredMessageDTO
{
ConversationId = returnMessage.ConversationId,
OutgoingMessage = true,
SenderUsername = authUsername,
MessageContent = returnMessage.MessageContent,
CreatedDate = returnMessage.CreatedDate,
};
return(Ok(new { message = StoredMessageDTO } /*new { SITtoken = updatedToken }*/));
}
else if (contactUser == null)
{
return(Content(HttpStatusCode.NotFound, "Receiver does not exist to receive message"));
}
else if (contactUser.Id == _authUserId)
{
return(Content(HttpStatusCode.Conflict, "You cannot send message to yourself"));
}
return(Content(HttpStatusCode.InternalServerError, "There is an error"));
}
}
public IHttpActionResult GetAllConversation()
{
//The authentication part start from here
//Create security context from the token
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
//Validate the token
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());
}
//Create authorization manager from security context
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());
}
else
{
UserManager um = new UserManager();
//Get auth User Id from auth username
_authUserId = um.FindByUserName(securityContext.UserName).Id;
//Return all conversations of Auth User
var conversationList = _messengerManager.GetAllConversations(_authUserId);
//From here, create conversation transfer objects to send to front end
if (conversationList != null)
{
var conversationDTOList = new List <ConversationDTO>();
foreach (Conversation c in conversationList)
{
var contactUsername = um.FindUserById(c.ContactUserId).UserName;
conversationDTOList.Add(new ConversationDTO
{
Id = c.Id,
ContactUsername = contactUsername,
HasNewMessage = c.HasNewMessage,
CreatedDate = c.ModifiedDate.ToString("MMMM dd yyyy hh:mm:ss")
});
}
return(Ok(new { conversations = conversationDTOList, /*SITtoken = updatedToken*/ }));
}
return(Content(HttpStatusCode.NotFound, "User does not have any conversation"));
//string updatedToken = sm.RefreshSession(securityContext.Token);
}
}
public IHttpActionResult GetRecentMessageWithUser(int conversationId2)
{
//The authentication part start from here
//Create security context from the token
UserManager um = new UserManager();
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
//Validate the token
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());
}
//Create authorization manager from security context to check claims
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());
}
else
{
var authUsername = securityContext.UserName;
//Get conversation between auth user and contact user
var conversation = _messengerManager.GetConversationFromId(conversationId2);
if (conversation != null)
{
//Get contact user name
var contactUsername = conversation.ContactUsername;
//Return the most recent message from the conversation
var recentMessage = _messengerManager.GetRecentMessageBetweenUser(conversationId2);
var senderUsername = "";
if (recentMessage != null)
{
//If true , the message is sent from auth user
//Set the display username in front end to auth username
if (recentMessage.OutgoingMessage == true)
{
senderUsername = authUsername;
}
//If false , set the display user name in front end to contactUsername
else
{
senderUsername = contactUsername;
}
//Create messageDTO for transger
var StoredMessageDTO = new StoredMessageDTO
{
Id = recentMessage.Id,
ConversationId = conversationId2,
SenderUsername = senderUsername,
MessageContent = recentMessage.MessageContent,
CreatedDate = recentMessage.CreatedDate
};
//return the message
return(Ok(new { message = StoredMessageDTO }));
}
}
return(Content(HttpStatusCode.NotFound, "No message in conversation"));
}
}
public IHttpActionResult GetMessageInConversation(int conversationId)
{
//The authentication part start from here
//Create security context from the token
UserManager um = new UserManager();
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
//Validate the token
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());
}
//Create authorization manager from security context to check claims
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
List <string> requiredClaims = new List <string>()
{
"CanSendMessage"
};
//Create authorization manager from security context to check claims
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());
}
else
{
var authUsername = securityContext.UserName;
// Get conversation from conversation Id
var conversation = _messengerManager.GetConversationFromId(conversationId);
// Get contact username in the conversation
var contactUsername = _messengerManager.GetContactUsernameFromConversation(conversationId);
//Temporary username used to decide which username to display in the message
var temPUsername = "";
//Get all messages in the conversation
var messageList = _messengerManager.GetMessageInConversation(conversationId);
if (messageList != null)
{
// Create list of messageDTO for transfer
List <StoredMessageDTO> messageDTOList = new List <StoredMessageDTO>();
foreach (Message m in messageList)
{
// If true the message is come from the authenticated user
if (m.OutgoingMessage == true)
{
// Set temporary username to auth username
temPUsername = securityContext.UserName;
}
else
{
//Otherwise, set the temp username to contactname
temPUsername = contactUsername;
}
//Add StoreMessageDTO to messageDTO List
//Stored Message DTO is sent from back end
// is used to differenate between the MessageDTO sent from the front end
messageDTOList.Add(new StoredMessageDTO
{
Id = m.Id,
SenderUsername = temPUsername,
MessageContent = m.MessageContent,
OutgoingMessage = m.OutgoingMessage,
CreatedDate = m.CreatedDate
});
}
return(Ok(new { messages = messageDTOList, contactUsername = contactUsername /*SITtoken = updatedToken*/ }));
}
return(Content(HttpStatusCode.NotFound, "No message in conversation"));
}
}
public IHttpActionResult Post(RegistrationData registrationData)
{
SecurityContext securityContext = SecurityContextBuilder.CreateSecurityContext(
Request.Headers
);
if (securityContext == null)
{
return(Unauthorized());
}
SessionManager sm = new SessionManager();
if (!sm.ValidateSession(securityContext.Token))
{
return(Unauthorized());
}
AuthorizationManager authorizationManager = new AuthorizationManager(
securityContext
);
// TODO get this from table in database.
List <string> requiredClaims = new List <string>()
{
"CanRegister"
};
if (!authorizationManager.CheckClaims(requiredClaims))
{
return(Unauthorized());
}
else
{
UserManager um = new UserManager();
Account user = um.FindByUserName(securityContext.UserName);
if (user == null)
{
return(NotFound());
}
user.FirstName = registrationData.FirstName;
user.MiddleName = registrationData.MiddleName;
user.LastName = registrationData.LastName;
// User is a student
if (registrationData.SchoolId > 0)
{
using (var _db = new DatabaseContext())
{
ISchoolRegistrationService srs = new SchoolRegistrationService(_db);
var school = srs.FindSchool(registrationData.SchoolId);
var domainIndex = user.UserName.IndexOf('@');
if (school.EmailDomain.Equals(user.UserName.Substring(domainIndex + 1)))
{
var schoolDepartment = srs.FindSchoolDepartment(registrationData.SchoolId, registrationData.DepartmentId);
Student student = new Student(user.Id, schoolDepartment.Id);
var selectedCourses = srs.GetSchoolTeacherCourses(registrationData.selectedCourseIds);
student.Courses = selectedCourses;
user.Students.Add(student);
}
else
{
return(BadRequest("User's Email Does Not Match School's Email Domain"));
}
}
}
// TODO test this.
user.DateOfBirth = registrationData.DateOfBirth;
um.UpdateUserAccount(user);
if (registrationData.SchoolId > 0)
{
um.SetCategory(user.Id, "Student");
}
else
{
um.SetCategory(user.Id, "NonStudent");
}
um.RemoveClaimAction(user.Id, "CanRegister");
um.AutomaticClaimAssigning(user);
string updatedToken = sm.RefreshSessionUpdatedPayload(
securityContext.Token,
securityContext.UserId
);
Dictionary <string, string> responseContent = new Dictionary <string, string>()
{
{ "SITtoken", updatedToken }
};
return(Ok(responseContent));
}
}