public IHttpActionResult PutRole(int id, Role role)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != role.Id)
            {
                return(BadRequest());
            }

            db.Entry(role).State = EntityState.Modified;

            try
            {
                db.SaveChanges();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!RoleExists(id))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(StatusCode(HttpStatusCode.NoContent));
        }
        public IHttpActionResult PutPaRequest(int id, PaRequest paRequest)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != paRequest.Id)
            {
                return(BadRequest());
            }

            // paRequest.CompletedTimeStamp = DateTime.Now;
            db.Entry(paRequest).State = EntityState.Modified;

            try
            {
                db.SaveChanges();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!PaRequestExists(id))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(StatusCode(HttpStatusCode.NoContent));
        }
Beispiel #3
0
        public IHttpActionResult PutUser(int id, User user, HttpRequestMessage request)
        {
            var headers = request.Headers;

            if (headers.Contains("token"))
            {
                var userToken = headers.GetValues("token").First();
                Tuple <bool, string> validationResult = JwtTokenHelper.ValidateToken(userToken);
                if (validationResult.Item1)
                {
                    // Check to see if the refreshId's match.  If they do not, then it means something (i.e. invalid password)
                    //   has caused the issued token to become invalidated.  If so, then we need to send a message back to
                    //   the calling client.

                    long refreshId = 0;
                    if (long.TryParse(JwtTokenHelper.GetTokenPayloadValue(userToken, "refreshId"), out refreshId))
                    {
                        if (db.UserLogins.FirstOrDefault(p => p.RefreshId == refreshId) == null)
                        {
                            return(Content(HttpStatusCode.Unauthorized,
                                           "Token failed refresh check, User account disabled/locked-out"));
                        }
                    }

                    if (!ModelState.IsValid)
                    {
                        return(BadRequest(ModelState));
                    }

                    if (id != user.Id)
                    {
                        return(BadRequest());
                    }

                    User updUser = db.Users.Find(id);

                    db.Entry(updUser).CurrentValues.SetValues(user);

                    try
                    {
                        db.SaveChanges();
                    }
                    catch (DbUpdateConcurrencyException)
                    {
                        if (!UserExists(id))
                        {
                            return(NotFound());
                        }

                        throw;
                    }

                    return(Ok(user));
                }
                return(BadRequest(validationResult.Item2));
            }

            return(BadRequest("Token invalid or not present"));
        }
        public IHttpActionResult PutPaRequestNote(int id, PaRequestNote paRequestNote)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != paRequestNote.Id)
            {
                return(BadRequest());
            }
            var headers = Request.Headers;

            if (headers.Contains("token"))
            {
                var userToken = headers.GetValues("token").First();

                string userName = JwtTokenHelper.GetTokenPayloadValue(userToken, "unique_name");
                string userRole = JwtTokenHelper.GetTokenPayloadValue(userToken, "role");

                if (userRole != "Administrator") //Need to check that the userName is the same as the created by
                {
                    if (userName != paRequestNote.CreatedBy)
                    {
                        return(BadRequest("Editing user is not an Administrator or did not create the original note."));
                    }
                }
                // paRequest.CompletedTimeStamp = DateTime.Now;
                paRequestNote.LastModified   = DateTime.Now;
                paRequestNote.LastModifiedBy = userName;

                db.Entry(paRequestNote).State = EntityState.Modified;

                try
                {
                    db.SaveChanges();
                }
                catch (DbUpdateConcurrencyException)
                {
                    if (!PaRequestNoteExists(id))
                    {
                        return(NotFound());
                    }
                    else
                    {
                        throw;
                    }
                }
            }

            return(StatusCode(HttpStatusCode.NoContent));
        }
        public IHttpActionResult Put(int id, LookupType lookupType)
        {
            if (_log.IsDebugEnabled)
            {
                _log.DebugFormat(Resource.LogDebugModeMessage);
            }

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != lookupType.Id)
            {
                return(BadRequest());
            }

            try
            {
                db.Entry(lookupType).State = EntityState.Modified;

                try
                {
                    db.SaveChanges();
                }
                catch (DbUpdateConcurrencyException dbError)
                {
                    if (!LookupTypeExists(id))
                    {
                        return(NotFound());
                    }
                    else
                    {
                        _log.Error(string.Format(Resource.DBConcurrencyError_Pre, "Put:LookupTypesController"), dbError);
                        return(InternalServerError(dbError));
                    }
                }

                return(StatusCode(HttpStatusCode.NoContent));
            }
            catch (Exception e)
            {
                _log.Error(string.Format(Resource.GeneralError_Pre, "Put:LookupTypesController"), e);
                return(InternalServerError(e));
            }
        }
        public IHttpActionResult PutInsuranceCompany(int id, InsuranceCompany insuranceCompany)
        {
            if (_log.IsDebugEnabled)
            {
                _log.DebugFormat(Resource.LogDebugModeMessage);
            }

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != insuranceCompany.Id)
            {
                return(BadRequest());
            }

            try
            {
                db.Entry(insuranceCompany).State = EntityState.Modified;

                try
                {
                    db.SaveChanges();
                }
                catch (DbUpdateConcurrencyException)
                {
                    if (!InsuranceCompanyExists(id))
                    {
                        return(NotFound());
                    }

                    throw;
                }

                return(StatusCode(HttpStatusCode.NoContent));
            }
            catch (Exception e)
            {
                _log.Error(string.Format(Resource.GeneralError_Pre, "PutInsuranceCompany"), e);
                throw;
            }
        }
        public IHttpActionResult PutFileUploadLog(int id, FileUploadLog fileUploadLog)
        {
            if (_log.IsDebugEnabled)
            {
                _log.DebugFormat(Resource.LogDebugModeMessage);
            }

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != fileUploadLog.Id)
            {
                return(BadRequest());
            }

            db.Entry(fileUploadLog).State = EntityState.Modified;

            try
            {
                db.SaveChanges();
            }
            catch (DbUpdateConcurrencyException dbException)
            {
                _log.Error(string.Format(Resource.DBConcurrencyError_Pre, "PutFileUploadLog"), dbException);
                if (!FileUploadLogExists(id))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(StatusCode(HttpStatusCode.NoContent));
        }
        public List <string> Import(HttpFileCollection files, string saveFolder, string user, string hostIP)
        {
            LMSDataDBContext db   = new LMSDataDBContext();
            ILog             _log = log4net.LogManager.GetLogger(
                System.Reflection.MethodBase.GetCurrentMethod().DeclaringType
                );
            var filePath = string.Empty;
            var docfiles = new List <string>();

            foreach (string file in files)
            {
                var postedFile = files[file];
                if (!System.IO.Directory.Exists(HttpContext.Current.Server.MapPath("~/" + saveFolder + "/")))
                {
                    System.IO.Directory.CreateDirectory(
                        HttpContext.Current.Server.MapPath("~/" + saveFolder + "/"));
                }

                if (postedFile != null)
                {
                    filePath =
                        HttpContext.Current.Server.MapPath("~/" + saveFolder + "/" + postedFile.FileName);
                    var errRows       = 0;
                    var successRows   = 0;
                    var totalRowCount = 0;
                    var fileUploadId  = 0;
                    //var filePath = saveFolder + postedFile.FileName;
                    postedFile.SaveAs(filePath);

                    FileUploadLog fileUploadLogRecord = db.FileUploadLogs.Create();

                    fileUploadLogRecord.Id              = 0;
                    fileUploadLogRecord.Created         = DateTime.Now;
                    fileUploadLogRecord.CreatedBy       = user;
                    fileUploadLogRecord.FileName        = postedFile.FileName;
                    fileUploadLogRecord.ModuleId        = 2;
                    fileUploadLogRecord.RecordCount     = totalRowCount;
                    fileUploadLogRecord.SuccessCount    = successRows;
                    fileUploadLogRecord.FailureCount    = errRows;
                    fileUploadLogRecord.SourceIpAddress = hostIP;
                    fileUploadLogRecord.Uploaded        = DateTime.Now;

                    db.FileUploadLogs.Add(fileUploadLogRecord);
                    db.SaveChanges();

                    fileUploadId = fileUploadLogRecord.Id;
                    fileUploadLogRecord.BatchName =
                        fileUploadLogRecord.Created.ToString("yyyyMMdd") + fileUploadId;

                    db.SaveChanges();
                    // Process the file.
                    using (var stream = File.Open(filePath, FileMode.Open, FileAccess.Read))
                    {
                        // Auto-detect format, supports:
                        //  - Binary Excel files (2.0-2003 format; *.xls)
                        //  - OpenXml Excel files (2007 format; *.xlsx)
                        using (var reader = ExcelReaderFactory.CreateReader(stream))
                        {
                            // Need to hold the Submitted date and the Insurance Code.
                            // If the following row is blank for either, then assume the one before.
                            var curSubmitDate    = string.Empty;
                            var curInsuranceCode = string.Empty;
                            var excelSet         = reader.AsDataSet();
                            totalRowCount = excelSet.Tables[0].Rows.Count - 1;
                            bool firstRow = true;
                            foreach (DataRow dr in excelSet.Tables[0].Rows)
                            {
                                var insuranceCompanyCode = dr[_INSURANCE_IDX].ToString().Trim() == string.Empty
                                    ? curInsuranceCode
                                    : dr[_INSURANCE_IDX].ToString();
                                curInsuranceCode = insuranceCompanyCode;
                                if (firstRow)
                                {
                                    firstRow = false;
                                    continue;
                                }

                                PaRequest newRequest = db.PaRequests.Create();

                                newRequest.Id      = 0;
                                newRequest.Created = DateTime.Now;

                                InsuranceCompany insCompany = db.InsuranceCompanies.SingleOrDefault(p =>
                                                                                                    p.CompanyCode == insuranceCompanyCode);
                                if (insCompany == null) //If it doesn't exist, then add it by default.
                                {
                                    var newInsCompany = db.InsuranceCompanies.Create();
                                    newInsCompany.Id          = 0;
                                    newInsCompany.CompanyCode = dr[_INSURANCE_IDX].ToString();
                                    newInsCompany.CompanyName =
                                        (newInsCompany.CompanyCode.Trim() == string.Empty)
                                            ? "Unknown"
                                            : newInsCompany.CompanyCode;
                                    newInsCompany.Archived       = false;
                                    newInsCompany.CreatedBy      = user;
                                    newInsCompany.Created        = DateTime.Now;
                                    newInsCompany.LastModified   = DateTime.Now;
                                    newInsCompany.LastModifiedBy = user;

                                    db.InsuranceCompanies.Add(newInsCompany);
                                    try
                                    {
                                        db.SaveChanges();
                                        insCompany = newInsCompany;
                                    }
                                    catch (Exception e)
                                    {
                                        _log.Error(
                                            "An error occurred when trying to add new Insurance Company.", e);
                                        insCompany = null;
                                        errRows++;
                                    }
                                }

                                if (insCompany == null)
                                {
                                    continue;
                                }
                                {
                                    newRequest.InsuranceCompany_Id = insCompany.Id;
                                    newRequest.CreatedBy           = user;
                                    newRequest.LastModifiedBy      = user;
                                    newRequest.LastModified        = DateTime.Now;
                                    var submitDate = dr[_SUBMIT_DATE_IDX].ToString().Trim() == string.Empty
                                        ? curSubmitDate
                                        : dr[_SUBMIT_DATE_IDX].ToString();
                                    curSubmitDate           = submitDate;
                                    newRequest.Submitted    = DateTime.Parse(submitDate);
                                    newRequest.Archived     = false;
                                    newRequest.DoctorName   = dr[_DOCTOR_IDX].ToString();
                                    newRequest.PatientName  = dr[_PATIENT_IDX].ToString();
                                    newRequest.DrugName     = dr[_DRUG_NAME_IDX].ToString();
                                    newRequest.Note         = dr[_NOTES_IDX].ToString();
                                    newRequest.Completed    = false;
                                    newRequest.Status       = 2; //  Default value of 'Pending'
                                    newRequest.AssignedToId = 1;
                                    // newRequest.CompletedTimeStamp = DateTime.Parse("1/1/1900");
                                    newRequest.FileUploadLogId = fileUploadId;
                                    // Need to check for Duplicates.  This is based on the Patient Name, Prescription Name and Doctor Name.
                                    var foundRequest = db.PaRequests.Any(p =>
                                                                         p.Submitted == newRequest.Submitted &&
                                                                         p.PatientName == newRequest.PatientName &&
                                                                         p.DoctorName == newRequest.DoctorName &&
                                                                         p.DrugName == newRequest.DrugName);

                                    if (foundRequest)
                                    {
                                        errRows++;
                                        continue;
                                    }

                                    db.PaRequests.Add(newRequest);

                                    try
                                    {
                                        db.SaveChanges();
                                        successRows++;
                                    }
                                    catch (Exception e)
                                    {
                                        _log.Error("An Error occurred during Excel Import of PA Requests", e);
                                        errRows++;
                                    }
                                }
                            }

                            // The result of each spreadsheet is in result.Tables
                        }
                    }

                    fileUploadLogRecord.RecordCount  = totalRowCount;
                    fileUploadLogRecord.SuccessCount = successRows;
                    fileUploadLogRecord.FailureCount = errRows;
                }

                db.SaveChanges(); //Save to pickup the File Upload Log Record changes.
                // Delete the temp file.
            }

            // Need to delete working file.
            File.Delete(filePath);
            return(docfiles);
            //result = Request.CreateResponse(HttpStatusCode.Created, docfiles);
        }
        // POST: api/Security
        public IHttpActionResult Post(HttpRequestMessage request, [FromBody] string value)
        {
            var headers       = request.Headers;
            var returnMessage = string.Empty;

            //Check the request object to see if they passed a userId
            if (headers.Contains("userid"))
            {
                try
                {
                    var login = headers.GetValues("userid").First();
                    if (headers.Contains("password"))
                    {
                        var passwordTry = headers.GetValues("password").First();

                        try
                        {
                            var userDetails = db.Users.Where(p => p.UserName == login && p.Archived == false)
                                              .Include(i => i.Role)
                                              .FirstOrDefault();
                            if (userDetails == null || userDetails.Archived)
                            {
                                return(Unauthorized());
                            }
                            {
                                var userAccount = db.UserLogins.FirstOrDefault(p => p.Login == login);
                                if (userAccount != null && !UserIsLockedOut(userAccount))
                                {
                                    if (LMSDataService.SecurityHelper.Sha256Hash(passwordTry).ToUpper() ==
                                        userAccount.PasswordHash.ToUpper()) //  Success!
                                    {
                                        SecurityController securityController = new SecurityController();
                                        var token = securityController.RefreshToken(userAccount, userDetails);
                                        return(Ok(token));
                                    }
                                }

                                if (userAccount != null)
                                {
                                    returnMessage = "Token failed refresh check, User account disabled/locked-out";
                                    userAccount.AccessFailedCount = userAccount.AccessFailedCount + 1;
                                    if (userAccount.AccessFailedCount >= 5)
                                    {
                                        userAccount.LockoutEnabled = true;
                                        userAccount.RefreshId      = 0;
                                        userAccount.LockoutEnd     = DateTime.Now.AddMinutes(15);
                                    }

                                    userAccount.LastModifiedBy  = "SECURITY";
                                    userAccount.LastModified    = DateTime.Now;
                                    db.Entry(userAccount).State = EntityState.Modified;
                                }

                                try
                                {
                                    db.SaveChanges();
                                }
                                catch (Exception e)
                                {
                                    Console.WriteLine(e);
                                    throw;
                                }

                                return(Content(HttpStatusCode.Unauthorized, returnMessage));
                            }
                        }
                        catch (Exception e)
                        {
                            _log.Error("An error occurred while adding Users.", e);
                            return(InternalServerError(e));
                        }
                    }
                }
                catch (Exception e)
                {
                    _log.Error(e.Message);
                }
            }

            return(BadRequest("Header values not found."));
        }
Beispiel #10
0
        // POST: api/UserLoginCreation
        public IHttpActionResult Post(HttpRequestMessage request, UserLoginCreation userLogin)
        {
            var headers        = request.Headers;
            var requestingUser = string.Empty;

            if (headers.Contains("token"))
            {
                try
                {
                    var userToken = headers.GetValues("token").First();
                    Tuple <bool, string> validationResult = JwtTokenHelper.ValidateToken(userToken);
                    if (validationResult.Item1)
                    {
                        // Check to see if the refreshId's match.  If they do not, then it means something (i.e. invalid password)
                        //   has caused the issued token to become invalidated.  If so, then we need to send a message back to
                        //   the calling client.

                        long refreshId = 0;
                        if (long.TryParse(JwtTokenHelper.GetTokenPayloadValue(userToken, "refreshId"), out refreshId))
                        {
                            if (db.UserLogins.FirstOrDefault(p => p.RefreshId == refreshId) == null)
                            {
                                return(Content(HttpStatusCode.Unauthorized,
                                               "Token failed refresh check, User account disabled/locked-out"));
                            }
                        }

                        requestingUser = JwtTokenHelper.GetTokenPayloadValue(userToken, "unique_name");
                        if (!ModelState.IsValid)
                        {
                            return(BadRequest(ModelState));
                        }

                        UserLogin newUserLogin = db.UserLogins.Create();

                        newUserLogin.Id = userLogin.Id;
                        newUserLogin.AccessFailedCount = 0;
                        newUserLogin.Created           = DateTime.Now;
                        newUserLogin.CreatedBy         = requestingUser;
                        newUserLogin.LastModifiedBy    = requestingUser;
                        newUserLogin.LastModified      = DateTime.Now;
                        newUserLogin.LockoutEnabled    = false;
                        newUserLogin.LockoutEnd        = DateTime.Parse("1/1/1900");
                        newUserLogin.Login             = userLogin.Login;
                        newUserLogin.IsAdmin           = userLogin.IsAdmin;
                        newUserLogin.RefreshId         = 0;
                        newUserLogin.PasswordHash      = LMSDataService.SecurityHelper.Sha256Hash(userLogin.Password);

                        db.UserLogins.Add(newUserLogin);
                        db.SaveChanges();

                        return(CreatedAtRoute("DefaultApi", new { id = newUserLogin.Id }, newUserLogin));
                    }
                }
                catch (Exception e)
                {
                    _log.Error(string.Format(Resource.GeneralError_Pre, "UserLoginCreation:Post"), e);
                }
            }

            return(BadRequest("Token invalid or not present"));
        }