public UserAccessDTO CheckUser(string UserName, string PassWord, string connectionString) { UserAccessDTO userDTO = new UserAccessDTO(); try { string Query = "select * from tblmstusers where upper(username)='" + ManageQuote(UserName.ToUpper().Trim()) + "' and statusid=1"; using (NpgsqlDataReader dr = NPGSqlHelper.ExecuteReader(connectionString, CommandType.Text, Query)) { while (dr.Read()) { userDTO.pUserID = Convert.ToInt64(dr["userid"]); userDTO.pUserName = dr["username"].ToString(); userDTO.pContactRefID = dr["contactrefid"].ToString(); userDTO.pRoleid = Convert.ToInt64(dr["roleid"]); userDTO.pSaltKey = dr["saltkey"].ToString(); userDTO.pPassword = dr["password"].ToString(); userDTO.pOtpAuthentication = Convert.ToBoolean(dr["otp_authentication"]); userDTO.pMobile = dr["mobileno"].ToString(); userDTO.pEmail = dr["email"].ToString(); } } } catch (Exception ex) { throw ex; } return(userDTO); }
public async Task <int> SaveUserAccess(UserAccessDTO userAccess, bool isUpdate = false) { using (var cardtrendentities = new pdb_ccmsContext(_connectionString)) { var parameters = new object[] { Common.Helpers.Common.GetIssueNo(), userAccess.AccessInd, userAccess.Sts, userAccess.UserId, userAccess.Name, userAccess.ContactNo, userAccess.EmailAddr, userAccess.Title, userAccess.DeptId, userAccess.PrivilegeCd, userAccess.CreateBy, userAccess.Password, userAccess.ChangePassInd, isUpdate ? "U" : "N" }; var paramNameList = new[] { "@IssNo", "@AccessInd", "@Sts", "@UserId", "@Name", "@ContactNo", "@EmailAddr", "@Title", "@DeptId", "@PrivilegeCd", "@CreatedBy", "@Pw", "@ChangePassInd", "@Flag" }; var paramCollection = BuildParameterListWithRrn(parameters, paramNameList); var result = await cardtrendentities.Database.ExecuteSqlCommandAsync(BuildSqlCommandWithRrn("WebUserAccessMaint", paramCollection), paramCollection.ToArray()); var resultCode = paramCollection.Where(x => x.ParameterName == "@RETURN_VALUE").FirstOrDefault().Value; return(Convert.ToInt32(resultCode)); } }
public bool InsertUserAccess(string empId, string accessPointId, string accesslevel) { try { AccessLevel level = AccessLevel.None; if (accesslevel.ToLower().Contains("access") || accesslevel.ToLower().Contains("allow")) { level = AccessLevel.Access; } else if (accesslevel.ToLower().Contains("manage")) { level = AccessLevel.Manage; } else if (accesslevel.ToLower().Contains("monitor")) { level = AccessLevel.Monitor; } UserAccessDTO dto = new UserAccessDTO { AccessLevelId = (int)level, AccessPointId = int.Parse(accessPointId), EmployeeId = int.Parse(empId) }; return(AccessPointDataService.InsertAccessPointPermission(dto) > 0); } catch (Exception ex) { return(false); } }
public int InsertAccessPointPermission(UserAccessDTO accessDetails) { const string command = @"INSERT INTO UserPermissions (EmployeeId, AccessPointId, AccessTypeId) VALUES(@empId, @accessId, @accessTypeId)"; var effectedRows = 0; try { using (var conn = SqlHelper.GetConnection()) { SqlCommand cmd = CommandFactory.CreateSimpleTextCommand(conn, command); SqlParameter unParam = cmd.Parameters.AddWithValue("@empId", accessDetails.EmployeeId); SqlParameter psParam = cmd.Parameters.AddWithValue("@accessId", accessDetails.AccessPointId); SqlParameter atParam = cmd.Parameters.AddWithValue("@accessTypeId", accessDetails.AccessLevelId); effectedRows = cmd.ExecuteNonQuery(); } } catch (Exception ex) { //log later } return(effectedRows); }
/// <summary> /// Gets a list of Claims that the user has /// </summary> /// <param name="obj"> /// - UserName(string) /// </param> /// <returns> /// - List<Claim> via UserAcccessDTO /// </returns> public ResponseDTO <List <Claim> > GetUserClaims(UserAccessDTO obj) { var foundUser = (from account in db.Credentials where account.UserName == obj.UserName select account).FirstOrDefault(); ResponseDTO <List <Claim> > response = new ResponseDTO <List <Claim> >(); if (foundUser == null) { response.IsSuccessful = false; response.Messages = new List <string> { "User Not Found." }; return(response); } else { // Should return all the userClaims that match UserID var foundUserClaims = (from userClaims in db.UserClaims where userClaims.UserID == foundUser.UserID select userClaims); response.Data = QueryToClaims(foundUserClaims); response.IsSuccessful = true; return(response); } }
public IActionResult Authenticate([FromBody] UserAccessDTO userParam) { var user = _userService.Authenticate(userParam.pUserName, userParam.pPassword, Con); if (user == null) { return(Unauthorized()); } return(Ok(user)); }
public IActionResult VerifyOtp([FromBody] UserAccessDTO userParam) { var user = _userService.VerifyOTP(userParam, Con); if (user == null) { return(Unauthorized()); } return(Ok(user)); }
public void RemoveUserClaimTest() { // This test should remove all claims for chackins UserId=5 // Find ClaimID by Comparing them and returning ID UserAccessDTO username = new UserAccessDTO { UserName = "******", }; ResponseDTO <Boolean> found = uac.RemoveUserClaims(username); Assert.True(found.IsSuccessful); }
public async Task <List <UserAccessDTO> > GetAllUsersView(string connectionString) { lstUserAccessDTO = new List <UserAccessDTO>(); await Task.Run(() => { try { // string Query = "select x.userid,coalesce(x.employeename,x.username) as employeename,coalesce(x.designation,'') as designation,coalesce(x.roleid,0) as roleid,coalesce(x.contactrefid,'') as contactrefid,x.username,x.usertype,x.statusid,y.statusname from tblmstusers x left join tblmststatus y on x.statusid=y.statusid order by x.userid;"; string Query = "select m.*,coalesce(n.count,0) as count from (select x.userid,coalesce(x.employeename,x.username) as employeename,coalesce(x.designation,'') as designation,coalesce(x.roleid,0) as roleid,coalesce(x.contactrefid,'') as contactrefid,x.username,x.usertype,x.statusid,y.statusname from tblmstusers x left join tblmststatus y on x.statusid=y.statusid order by x.userid) m left join(select coalesce(userid,0) as userid,count(*) as count from tblmstrolefunctions group by userid) n on m.userid=n.userid where upper(m.employeename) not in('ADMIN');"; using (NpgsqlDataReader dr = NPGSqlHelper.ExecuteReader(connectionString, CommandType.Text, Query)) { while (dr.Read()) { UserAccessDTO UserAccessDTO = new UserAccessDTO(); UserAccessDTO.pUserID = Convert.ToInt64(dr["userid"]); UserAccessDTO.pEmployeeName = dr["employeename"].ToString(); UserAccessDTO.pUserName = dr["username"].ToString(); UserAccessDTO.pRoleName = dr["designation"].ToString(); UserAccessDTO.pRoleid = Convert.ToInt64(dr["roleid"]); UserAccessDTO.pRoleFunctionsCOunt = Convert.ToInt32(dr["count"]); if (UserAccessDTO.pRoleid != 0 && UserAccessDTO.pRoleFunctionsCOunt == 0) { UserAccessDTO.PUserorDesignation = "Designation"; } else { UserAccessDTO.PUserorDesignation = "User"; } UserAccessDTO.pUserType = dr["usertype"].ToString(); UserAccessDTO.pstatusid = Convert.ToInt32(dr["statusid"]); if (dr["statusname"].ToString() == "Active") { UserAccessDTO.pActiveorInactive = true; } if (dr["statusname"].ToString() == "In-Active") { UserAccessDTO.pActiveorInactive = false; } UserAccessDTO.pStatus = dr["statusname"].ToString(); lstUserAccessDTO.Add(UserAccessDTO); } } } catch (Exception ex) { throw ex; } }); return(lstUserAccessDTO); }
/// <summary> /// Adds a claim to the user /// </summary> /// <param name="obj"> /// - UserName /// - ClaimID /// </param> /// <returns> /// - TRUE: Succeeds to add UserClaim /// - FALSE: Fails to add UserClaim /// </returns> public ResponseDTO <Boolean> AddUserClaims(UserAccessDTO obj) { // Find user based off Username var foundUser = (from account in db.Credentials where account.UserName == obj.UserName select account).FirstOrDefault(); // Creating Response ResponseDTO <Boolean> response = new ResponseDTO <bool>(); if (foundUser == null) { response.IsSuccessful = false; response.Data = false; return(response); } else { using (var dbTransaction = db.Database.BeginTransaction()) { try { for (int i = 0; i < obj.UserClaims.Count; i++) { UserClaims newUserClaim = new UserClaims() { ClaimType = obj.UserClaims[i].Type, ClaimValue = obj.UserClaims[i].Value, UserID = foundUser.UserID }; db.UserClaims.Add(newUserClaim); db.SaveChanges(); } dbTransaction.Commit(); response.IsSuccessful = true; response.Data = true; return(response); } catch (Exception) { dbTransaction.Rollback(); response.IsSuccessful = false; response.Data = false; response.Messages = new List <string> { "Error occured while adding Claims." }; return(response); } } } }
public IActionResult checkUserLogin(string UserName, string Password) { UserAccessDTO user = new UserAccessDTO(); try { user = objUserAccess.CheckUser(UserName, Password, Con); } catch (Exception ex) { throw new FinstaAppException(ex.ToString()); } return(Ok(user)); }
/// <summary> /// get all claims from db /// </summary> /// <returns>all claims</returns> private List <Claim> GetClaims(string username) { // user access dto that stores username, will be passed into gateway UserAccessDTO userAccessDTO = new UserAccessDTO() { UserName = username }; // gets all user's claims List <Claim> allClaims = new UserAccessControlGateway().GetUserClaims(userAccessDTO).Data; // returns just view page claims return(allClaims); }
/// <summary> /// Removes a Claim from a person /// </summary> /// <param name="obj"> /// - UserName /// - ClaimID /// </param> /// <returns> /// - TRUE: Succeeds to add Claim /// - FALSE: Fails to add Claim /// </returns> public ResponseDTO <Boolean> RemoveUserClaims(UserAccessDTO obj) { var foundUser = (from account in db.Credentials where account.UserName == obj.UserName select account).FirstOrDefault(); ResponseDTO <Boolean> response = new ResponseDTO <bool>(); if (foundUser == null) { response.IsSuccessful = false; response.Messages = new List <string> { "User Not Found." }; return(response); } else { using (var dbTransaction = db.Database.BeginTransaction()) { try { // Finds the User's Claims var foundUserClaims = (from userClaims in db.UserClaims where userClaims.UserID == foundUser.UserID select userClaims); // Deletes each UserClaim from user foreach (var userClaim in foundUserClaims) { db.UserClaims.Remove(userClaim); } db.SaveChanges(); dbTransaction.Commit(); // Returns Response response.IsSuccessful = true; return(response); } catch (Exception) { // Failure happened dbTransaction.Rollback(); response.IsSuccessful = false; response.Messages = new List <string> { "Error Removing Claims." }; return(response); } } } }
public void GetUserClaims() { UserAccessDTO userName = new UserAccessDTO { UserName = "******" }; ResponseDTO <List <Claim> > found = uac.GetUserClaims(userName); List <Claim> expectedClaims = new List <Claim> { new Claim("AmayClaimType1", "AmayClaimValue1"), new Claim("AmayClaimType2", "AmayClaimValue2"), }; Assert.Equal(expectedClaims, found.Data); }
public void AddUserClaimTest() { // By default rblue only has ClaimType and ClaimValue3, ClaimType and ClaimValue1 UserAccessDTO userName = new UserAccessDTO { UserName = "******", UserClaims = new List <Claim>() { new Claim("NewClaimType", "NewClaimValue") } }; ResponseDTO <Boolean> found = uac.AddUserClaims(userName); Assert.True(found.IsSuccessful); }
public IActionResult SaveUserAccess(UserAccessDTO UserAccessDTO) { bool isSaved = false; try { string Password = objUserAccess.GetDeafultPassword(Con); UserAccessDTO.pPassword = _passwordHasher.HashPassword(Password); isSaved = objUserAccess.SaveUserAccess(UserAccessDTO, Con); } catch (Exception ex) { throw new FinstaAppException(ex.ToString()); } return(Ok(isSaved)); }
public UserAccessDTO VerifyOTP(UserAccessDTO userParam, string Con) { ValidateDTO objValidateOTP = new ValidateDTO(); var user = objUserAccess.CheckUser(userParam.pUserName, userParam.pPassword, Con); objValidateOTP.pUserId = user.pUserID; objValidateOTP.pMobile = user.pMobile; objValidateOTP.pOtp = userParam.pOtp; var verifyOTP = objUserAccess.ValidateOTP(objValidateOTP, Con); // return null if user not found if (user == null && user.pPassword.Length > 0 || !_passwordHasher.PasswordMatches(userParam.pPassword, user.pPassword)) { return(null); } if (verifyOTP.status) { user.pStatus = Convert.ToString(verifyOTP.status); user.pMessage = verifyOTP.message; // authentication successful so generate jwt token var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, user.pRoleid.ToString()) }), Expires = DateTime.UtcNow.AddMinutes(180), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); user.pToken = tokenHandler.WriteToken(token); // remove password before returning user.pPassword = null; } else { user.pMessage = verifyOTP.message; user.pStatus = Convert.ToString(verifyOTP.status); } return(user); }
public bool SaveUserAccess(UserAccessDTO UserAccessDTO, string connectionString) { StringBuilder sbinsert = new StringBuilder(); bool IsSaved = false; try { con = new NpgsqlConnection(connectionString); if (con.State != ConnectionState.Open) { con.Open(); } trans = con.BeginTransaction(); if (string.IsNullOrEmpty(UserAccessDTO.pRoleid.ToString())) { UserAccessDTO.pRoleid = 0; } sbinsert.Append("INSERT INTO tblmstusers(username,password, statusid,usertype,designation,createdby,createddate,saltkey,roleid,contactrefid,employeename )VALUES ('" + ManageQuote(UserAccessDTO.pUserName.Trim()) + "','" + UserAccessDTO.pPassword + "'," + Convert.ToInt32(Status.Active) + ",'" + ManageQuote(UserAccessDTO.pUserType) + "','" + ManageQuote(UserAccessDTO.pRoleName) + "'," + UserAccessDTO.pCreatedby + ",current_timestamp,'" + UserAccessDTO.pSaltKey + "',coalesce(" + UserAccessDTO.pRoleid + ",0),'" + ManageQuote(UserAccessDTO.pContactRefID) + "','" + ManageQuote(UserAccessDTO.pEmployeeName) + "');"); if (Convert.ToString(sbinsert) != string.Empty) { NPGSqlHelper.ExecuteNonQuery(trans, CommandType.Text, sbinsert.ToString()); } trans.Commit(); IsSaved = true; } catch (Exception ex) { trans.Rollback(); throw ex; } finally { if (con.State == ConnectionState.Open) { con.Dispose(); con.Close(); con.ClearPool(); trans.Dispose(); } } return(IsSaved); }
public UserAccessDTO GetUserAccessById(int selectedUserId) { UserAccessDTO userAccessDTO = (from p in dbContext.TblUser join q in dbContext.TblUserAccess on p.UserId equals q.UserId where p.IsDeleted == false select new UserAccessDTO() { UserId = p.UserId, UserName = q.UserName, Password = q.Password, FirstName = p.FirstName, MiddleName = p.MiddleName, LastName = p.LastName, // FullName = p.FirstName + " " + p.MiddleName + " " + p.LastName }).FirstOrDefault(); return(userAccessDTO); }
/// <summary> /// get view claims from db /// </summary> /// <returns>view page claims</returns> private List <Claim> GetViewClaims(string username) { // list a view claims List <Claim> listViewClaims = new List <Claim>(); // user access dto that stores username, will be passed into gateway UserAccessDTO userAccessDTO = new UserAccessDTO() { UserName = username }; // gets all user's claims List <Claim> allClaims = new UserAccessControlGateway().GetUserClaims(userAccessDTO).Data; // Gets all view claims from list listViewClaims = allClaims.FindAll(claim => claim.Type == "VIEW_PAGE"); // returns just view page claims return(listViewClaims); }
public async Task <IActionResult> GrantAccess([FromBody] UserAccessDTO userAccessDto) { try { var command = new GrantAccessCommand(userAccessDto.UserId, userAccessDto.GateId); await mediator.Send(command); return(Ok(new { message = "Access granted to user" })); } catch (MissingInformationProvidedException) { return(BadRequest(new { message = "Please provide user and gate information properly" })); } catch (GateDoesNotExistException) { return(NotFound(new { message = "no such gate" })); } catch (UserDoesNotExistException) { return(NotFound(new { message = "no such user" })); } }
public void ClearForm() { cmbUser.Enabled = true; txtFirstName.Enabled = true; txtMiddleName.Enabled = true; txtLastName.Enabled = true; txtUserName.Enabled = true; txtPassword.Enabled = true; txtFirstName.Clear(); txtMiddleName.Clear(); txtLastName.Clear(); txtUserName.Clear(); txtPassword.Clear(); btnAdd.Show(); btnSave.Hide(); //fill uswer combobox lstUsers = _userService.GetUsersAccess(); UserAccessDTO item = new UserAccessDTO(); item.UserId = 0; item.FullName = "---Select User--"; lstUsers.Add(item); cmbUser.DataSource = lstUsers; // _assessmentService.GetHonors(); cmbUser.ValueMember = "UserId"; cmbUser.DisplayMember = "FullName"; cmbUser.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDown; cmbUser.AutoCompleteMode = AutoCompleteMode.SuggestAppend; cmbUser.AutoCompleteSource = AutoCompleteSource.ListItems; cmbUser.SelectedValue = 0; }
public async Task <IActionResult> UnlockGate([FromBody] UserAccessDTO userAccessDto) { try { var command = new UnlockGateCommand(userAccessDto.UserId, userAccessDto.GateId); var result = await mediator.Send(command); if (result.IsSuccess) { return(Ok(new { message = "Access granted :)" })); } //since our operation is still a success with a negative result we return a HTTP_200 return(Ok(new { message = "You do not have the privileges to unlock this gate :(" })); } catch (MissingInformationProvidedException) { return(BadRequest("Please provide user and gate information properly")); } catch (UserDoesNotExistException) { return(NotFound(new { message = "no such user" })); } }
private void cmbUser_SelectionChangeCommitted(object sender, EventArgs e) { if (Convert.ToInt32(cmbUser.SelectedValue) != 0) { UserAccessDTO selectedUser = _userService.GetUserAccessById(Convert.ToInt32(cmbUser.SelectedValue)); //cmbUser. = false; txtFirstName.Text = selectedUser.FirstName; txtMiddleName.Text = selectedUser.MiddleName; txtLastName.Text = selectedUser.LastName; txtUserName.Text = selectedUser.UserName; txtFirstName.Enabled = true; txtMiddleName.Enabled = true; txtLastName.Enabled = true; txtUserName.Enabled = true; btnAdd.Hide(); btnSave.Show(); //do not fill password field. } else { } }
public async Task <int> SaveWebUserAccessMapping(UserAccessDTO userAccess) { using (var cardtrendentities = new pdb_ccmsContext(_connectionString)) { var parameters = new object[] { Common.Helpers.Common.GetIssueNo(), userAccess.UserId, userAccess.MapUserId, userAccess.Name, userAccess.ContactNo, userAccess.DeptId, userAccess.AccessInd, userAccess.EmailAddr, userAccess.Password }; var paramNameList = new[] { "@IssNo", "@UserId", "@MapUserId", "@ContactName", "@ContactNo", "@DeptId", "@AccessInd", "@EmailAddr", "@PwBlock" }; var paramCollection = BuildParameterListWithRrn(parameters, paramNameList); var result = await cardtrendentities.Database.ExecuteSqlCommandAsync(BuildSqlCommandWithRrn("WebUserAccessMapping", paramCollection), paramCollection.ToArray()); var resultCode = paramCollection.Where(x => x.ParameterName == "@RETURN_VALUE").FirstOrDefault().Value; return(Convert.ToInt32(resultCode)); } }
/// <summary> /// Provide User access as per UserType i.e. Admin, Ecoupon or Normal /// </summary> /// <param name="UserType">User type of the user</param> /// <returns> As per logged in user his access rights also provided </returns> public static UserAccessDTO GetUserAccess(string UserType) { UserAccessDTO UserAccessDTO = new UserAccessDTO(); string xmlFilePath = ConfigurationManager.AppSettings["xmlFilePath"].ToString(); //AppDomain.CurrentDomain.BaseDirectory + @"Content\UserAccesss.xml"; XDocument doc = XDocument.Load(xmlFilePath); IEnumerable <XElement> roleItem = from role in doc.Descendants("Role") where role.Attribute("Type").Value.ToLower().Equals(UserType.ToLower()) select role; var accessList = new List <XElement>(); accessList = roleItem.ToList(); foreach (XElement list in accessList) { if (list.Element("Groups").Attribute("IsAccess") != null) { UserAccessDTO.Groups = Convert.ToBoolean((string)list.Element("Groups").Attribute("IsAccess")); } if (list.Element("Contacts").Attribute("IsAccess") != null) { UserAccessDTO.Contacts = Convert.ToBoolean((string)list.Element("Contacts").Attribute("IsAccess")); } if (list.Element("ImportContacts").Attribute("IsAccess") != null) { UserAccessDTO.ImportContacts = Convert.ToBoolean((string)list.Element("ImportContacts").Attribute("IsAccess")); } if (list.Element("Templates").Attribute("IsAccess") != null) { UserAccessDTO.Templates = Convert.ToBoolean((string)list.Element("Templates").Attribute("IsAccess")); } if (list.Element("Users").Attribute("IsAccess") != null) { UserAccessDTO.Users = Convert.ToBoolean((string)list.Element("Users").Attribute("IsAccess")); } if (list.Element("Locations").Attribute("IsAccess") != null) { UserAccessDTO.Locations = Convert.ToBoolean((string)list.Element("Locations").Attribute("IsAccess")); } if (list.Element("Campaigns").Attribute("IsAccess") != null) { UserAccessDTO.Campaigns = Convert.ToBoolean((string)list.Element("Campaigns").Attribute("IsAccess")); } if (list.Element("CreditRequests").Attribute("IsAccess") != null) { UserAccessDTO.CreditRequests = Convert.ToBoolean((string)list.Element("CreditRequests").Attribute("IsAccess")); } if (list.Element("Coupons").Attribute("IsAccess") != null) { UserAccessDTO.Coupons = Convert.ToBoolean((string)list.Element("Coupons").Attribute("IsAccess")); } if (list.Element("Settings").Attribute("IsAccess") != null) { UserAccessDTO.Settings = Convert.ToBoolean((string)list.Element("Settings").Attribute("IsAccess")); } if (list.Element("Redeems").Attribute("IsAccess") != null) { UserAccessDTO.Redeems = Convert.ToBoolean((string)list.Element("Redeems").Attribute("IsAccess")); } if (list.Element("SenderCode").Attribute("IsAccess") != null) { UserAccessDTO.SenderCode = Convert.ToBoolean((string)list.Element("SenderCode").Attribute("IsAccess")); } } return(UserAccessDTO); }