public async Task <User> Authenticate(string username, string password)
{
UserPostData postdata = new UserPostData
{
username = username,
password = password
};
try
{
var result = await _globalClient.PostRequest <User>("api/v3/authenticate", "credentials", postdata);
if (result.error == null)
{
return(result.Value);
}
else
{
throw new Exception(result?.error?.message);
}
}
catch (Exception ex)
{
throw ex;
}
}
private static void ValidateUsername(UserPostData daten)
{
if (!RegularExpressions.AlphanumericRegex.IsMatch(daten.Username))
{
throw new ArgumentException("Username must be alphanumeric.", nameof(UserPostData.Username));
}
}
private static void ValidatePassword(UserPostData daten)
{
if (daten.Password.ContainsIgnoreCase(daten.Username))
{
throw new ArgumentException("The password must not contain the account name of the user.", nameof(UserPostData.Password));
}
if (daten.Password.Length < 8)
{
throw new ArgumentException("The password is at least eight characters long.", nameof(UserPostData.Password));
}
if (!RegularExpressions.LatinUppercaseRegex.IsMatch(daten.Password))
{
throw new ArgumentException("The password must contain uppercase letters (A through Z).", nameof(UserPostData.Password));
}
if (!RegularExpressions.LatinLowercaseRegex.IsMatch(daten.Password))
{
throw new ArgumentException("The password must contain uppercase letters (a through z).", nameof(UserPostData.Password));
}
if (!RegularExpressions.Base10DigitRegex.IsMatch(daten.Password))
{
throw new ArgumentException("The password must contain digits (0 through 9).", nameof(UserPostData.Password));
}
if (!RegularExpressions.NonAlphanumericRegex.IsMatch(daten.Password))
{
throw new ArgumentException("The password must contain non-alphanumeric characters such as: exclamation point (!), dollar sign ($), number sign (#), or percent (%).", nameof(UserPostData.Password));
}
}
private static async Task <UserEntity> CreateUserProfile(UserPostData daten, DatabaseContext context)
{
UserEntity newUser = new UserEntity();
newUser.CopyPropertiesFrom(daten);
newUser.Nickname = newUser.Nickname ?? newUser.Username;
await context.ShakeUser.AddAsync(newUser);
return(newUser);
}
public ApiResult <User> Register(UserPostData item)
{
var Rs = new ApiResult <User>()
{
Data = new User()
};
try
{
DbProvider.SetCommandText2("Sp_User_Register_Serium", CommandType.StoredProcedure);
DbProvider.AddParameter("Email", item.Email, SqlDbType.NVarChar);
DbProvider.AddParameter("Password", item.Password, SqlDbType.NVarChar);
DbProvider.AddParameter("FirstName", item.FirstName, SqlDbType.NVarChar);
DbProvider.AddParameter("LastName", item.LastName, SqlDbType.NVarChar);
DbProvider.AddParameter("RoleId", item.RoleId, SqlDbType.Int);
DbProvider.AddParameter("CreatedUser", item.CreatedUser, SqlDbType.Int);
DbProvider.AddParameter("PhoneNumber", item.PhoneNumber, SqlDbType.NVarChar);
DbProvider.AddParameter("Address", item.Address, SqlDbType.NVarChar);
DbProvider.AddParameter("ProvinceCode", item.ProvinceCode, SqlDbType.Int);
DbProvider.AddParameter("DistrictCode", item.DistrictCode, SqlDbType.Int);
DbProvider.AddParameter("ErrCode", DBNull.Value, SqlDbType.Int, ParameterDirection.Output);
DbProvider.AddParameter("ReturnMsg", DBNull.Value, SqlDbType.NVarChar, 255, ParameterDirection.Output);
DbProvider.AddParameter("UserId", DBNull.Value, SqlDbType.Int, ParameterDirection.Output);
DbProvider.ExecuteNonQuery();
string errorCode = DbProvider.Command.Parameters["ErrCode"].Value.ToString();
try {
Rs.Data.Id = Int32.Parse(DbProvider.Command.Parameters["UserId"].Value.ToString());
}
catch (Exception)
{
Rs.Data.Id = 0;
}
if (!errorCode.Equals(Constants.SUCCESS))
{
Rs.Failed(new ErrorObject()
{
Code = DbProvider.Command.Parameters["ErrCode"].Value.ToString(),
Description = DbProvider.Command.Parameters["ReturnMsg"].Value.ToString()
});
}
}
catch (Exception ex)
{
Rs.Failed(new ErrorObject()
{
Code = Constants.ERR_EXCEPTION,
Description = ex.Message
});
}
return(Rs);
}
public ActionResult DeleteImages(UserPostData <List <SimpleImageVM> > postData)
{
if (postData.user == null || postData.data == null)
{
return(Json(true)); // TODO change this later
}
for (int i = 0; i < postData.data.Count; i++)
{
// delete images
}
return(Json(true));
}
public async Task <IActionResult> Post([FromBody] UserPostData daten)
{
ValidateUsername(daten);
ValidatePassword(daten);
string username = this.configuration["AdminUsername"];
string password = this.configuration["AdminPassword"];
await this.userService.Authenticate(username, password);
using (SqlConnection connection = this.userService.Connection)
{
DatabaseContext context = new DatabaseContext(connection);
await this.CheckIfInviteIsValid(context, daten.InviteCode);
connection.Close();
}
await this.userService.AuthenticateMaster(username, password);
using (SqlConnection connection = this.userService.Connection)
{
SqlCommand commandCreateUser = new SqlCommand($"CREATE LOGIN {daten.Username} WITH PASSWORD = '******'", "''")}'", connection);
await commandCreateUser.ExecuteNonQueryAsync();
connection.Close();
}
await this.userService.Authenticate(username, password);
using (SqlConnection connection = this.userService.Connection)
{
SqlCommand commandAddUser = new SqlCommand($"CREATE USER {daten.Username} FOR LOGIN {daten.Username} WITH DEFAULT_SCHEMA = dbo", connection);
await commandAddUser.ExecuteNonQueryAsync();
SqlCommand commandAddRole = new SqlCommand($"ALTER ROLE [DB_USER] ADD MEMBER {daten.Username}", connection);
await commandAddRole.ExecuteNonQueryAsync();
DatabaseContext context = new DatabaseContext(connection);
UserEntity user = await CreateUserProfile(daten, context);
await context.SaveChangesAsync();
await this.LinkInviteCode(user.Id, daten.InviteCode, context);
await context.SaveChangesAsync();
connection.Close();
}
return(this.Ok());
}
private async void SignupCommandExecute()
{
this.Message = string.Empty;
Client client = new Client(new HttpClient());
if (!Guid.TryParse(this.Id, out Guid inviteCode))
{
this.Message = "Invite code invalid.";
return;
}
if (this.Password != this.PasswordRepeat)
{
this.Message = "Passwords must match.";
return;
}
this.IsBusy = true;
try
{
UserPostData data = new UserPostData()
{
InviteCode = inviteCode,
Username = this.Username,
Nickname = this.Nickname,
Password = this.Password
};
await client.SignupAsync(data);
await SecureStorage.SetAsync(LoginViewModel.UsernameKey, this.Username);
await SecureStorage.SetAsync(LoginViewModel.PasswordKey, this.Password);
App.Client = client;
await Shell.Current.GoToAsync($"//{nameof(LoginPage)}");
}
catch (ApiException exception)
{
this.Message = exception.ToString();
}
finally
{
this.IsBusy = false;
}
}
internal static UserPostData GetUserData()
{
var postData = new UserPostData
{
appid = Application.cloudProjectId,
userid = AnalyticsSessionInfo.userId,
sessionid = AnalyticsSessionInfo.sessionId,
platform = Application.platform.ToString(),
platformid = (UInt32)Application.platform,
sdk_ver = Application.unityVersion,
debug_device = Debug.isDebugBuild,
deviceid = SystemInfo.deviceUniqueIdentifier,
plugin_ver = kVersionString
};
return(postData);
}
static UserPostData GetUserData()
{
var postData = new UserPostData
{
appid = DataPrivacyUtils.GetApplicationId(),
userid = DataPrivacyUtils.GetUserId(),
sessionid = DataPrivacyUtils.GetSessionId(),
platform = Application.platform.ToString(),
platformid = (UInt32)Application.platform,
sdk_ver = Application.unityVersion,
debug_device = Debug.isDebugBuild,
deviceid = DataPrivacyUtils.GetDeviceId(),
plugin_ver = kVersionString
};
return(postData);
}
public HttpResponseMessage CleanAndAddAblieferndeStelle(string userId, [FromBody] UserPostData postData)
{
var access = this.GetManagementAccess();
access.AssertFeatureOrThrow(ApplicationFeature.BenutzerUndRolleBenutzerverwaltungZustaendigeStelleEdit);
var response = new HttpResponseMessage(HttpStatusCode.OK);
JObject result;
try
{
if (access.HasRole(AccessRoles.RoleAS))
{
response = new HttpResponseMessage(HttpStatusCode.Forbidden);
}
if (string.IsNullOrEmpty(userId))
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
if (postData == null)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
userDataAccess.CleanAndAddAblieferndeStelleToUser(userId, postData.AblieferndeStelleIds, access.UserId);
result = new JObject {
{ "success", true }
};
}
catch (Exception ex)
{
Log.Error(ex,
$"Fehler beim zuordnen der Abliefernde Stelle zum User; UserId:='{userId}', ablieferndeStelleId:={postData?.AblieferndeStelleIds}");
result = new JObject {
{ "error", ServiceHelper.GetExceptionInfo(ex) }
};
response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
}
response.Content = new JsonContent(result);
return(response);
}
public HttpResponseMessage UpdateUser([FromBody] UserPostData postData)
{
var access = this.GetManagementAccess();
if (string.IsNullOrEmpty(postData?.Id))
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
// Logic validieren
if (postData.ResearcherGroup && postData.BarInternalConsultation)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
if (postData.ResearcherGroup && (postData.RolePublicClient == null || !postData.RolePublicClient.Equals(AccessRoles.RoleOe3)))
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
// Pflichtfelder validieren
if (string.IsNullOrEmpty(postData.FamilyName))
{
throw new BadRequestException("Name muss angegeben werden.");
}
if (string.IsNullOrEmpty(postData.FirstName))
{
throw new BadRequestException("Vorname muss angegeben werden.");
}
if (string.IsNullOrEmpty(postData.Street))
{
throw new BadRequestException("Strasse muss angegeben werden.");
}
if (string.IsNullOrEmpty(postData.ZipCode))
{
throw new BadRequestException("PLZ muss angegeben werden.");
}
if (string.IsNullOrEmpty(postData.Town))
{
throw new BadRequestException("Ort muss angegeben werden.");
}
if (string.IsNullOrEmpty(postData.CountryCode))
{
throw new BadRequestException("Land muss angegeben werden.");
}
if (string.IsNullOrEmpty(postData.EmailAddress))
{
throw new BadRequestException("E-Mail muss angegeben werden.");
}
if (!string.IsNullOrEmpty(postData.BirthdayString))
{
if (DateTime.TryParse(postData.BirthdayString, CultureInfo.GetCultureInfo("de-DE"), DateTimeStyles.None, out var birthday))
{
postData.Birthday = birthday;
}
else
{
throw new BadRequestException("The property BirthdayString is not in the expected format dd.mm.yyyy.");
}
}
if (!string.IsNullOrEmpty(postData.DownloadLimitDisabledUntilString))
{
if (DateTime.TryParse(postData.DownloadLimitDisabledUntilString, CultureInfo.GetCultureInfo("de-DE"), DateTimeStyles.None,
out var downloadLimitDisabledUntil))
{
postData.DownloadLimitDisabledUntil = downloadLimitDisabledUntil;
}
else
{
throw new BadRequestException("The property DownloadLimitDisabledUntilString is not in the expected format dd.mm.yyyy.");
}
}
if (!string.IsNullOrEmpty(postData.DigitalisierungsbeschraenkungString))
{
if (DateTime.TryParse(postData.DigitalisierungsbeschraenkungString, CultureInfo.GetCultureInfo("de-DE"), DateTimeStyles.None,
out var digitalisierungsbeschraenkungAufgehobenBis))
{
postData.DigitalisierungsbeschraenkungAufgehobenBis = digitalisierungsbeschraenkungAufgehobenBis;
}
else
{
throw new BadRequestException("The property DigitalisierungsbeschraenkungString is not in the expected format dd.mm.yyyy.");
}
}
var originalUser = userDataAccess.GetUser(postData.Id);
CheckCustomAttributes.CheckEditNotAllowedAttribute(originalUser, postData);
CheckCustomAttributes.CheckEditNotAllowedForAttribute(originalUser, postData);
CheckCustomAttributes.CheckEditRequiresFeatureAttribute(GetUser().Features, originalUser, postData);
userDataAccess.UpdateUser(postData, access.UserId);
// Alle zugewiesen Abliefernde Stellen löschen
if (postData.RolePublicClient != AccessRoles.RoleAS)
{
userDataAccess.DeleteAllAblieferdeStelleFromUser(postData.Id);
}
var response = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new JsonContent(new JObject {
{ "success", true }
})
};
return(response);
}
public IHttpActionResult Register(UserPostData item)
{
var Rs = new ApiResult <User>();
if (!ModelState.IsValid)
{
// Lỗi validate dữ liệu trả ra từ model
foreach (string key in ModelState.Keys)
{
ModelState current = ModelState[key];
foreach (ModelError error in current.Errors)
{
Rs.Failed(new ErrorObject()
{
Code = key,
Description = error.ErrorMessage
});
}
}
return(Content(HttpStatusCode.BadRequest, Rs));
}
if (item.RoleId == 0)
{
item.RoleId = 1;
}
UserResult userInfo;
try
{
userInfo = UserInfo;
}
catch (Exception)
{
userInfo = new UserResult();
}
if (userInfo.Id > 0)
{
item.CreatedUser = userInfo.Id;
}
item.Password = Libs.GetMd5(item.Password + EncryptCore.PassKey);
Rs = userDAL.Register(item);
if (Rs.Succeeded)
{
string OTP = userDAL.GetOtp(Rs.Data.Id);
string Url = ConfigUtil.DomainBaseHttp + "/Api/Acc/ConfirmEmail?Id=" + Rs.Data.Id.ToString() + "&OTP=" + OTP;
if (!String.IsNullOrEmpty(item.SucRedirectUrl))
{
Url += "&SucRedirectUrl=" + item.SucRedirectUrl;
}
if (!String.IsNullOrEmpty(item.FailRedirectUrl))
{
Url += "&FailRedirectUrl=" + item.FailRedirectUrl;
}
object DataContent = new
{
Link = Url,
item.FirstName
};
var EmailContent = EmailContentHtml.EmailContentFormat(DataContent, "ConfirmEmail.html");
var e = EmailUtility.SendMail(ConfigUtil.Email_DisplayName, item.Email, "Xác thực Email", EmailContent);
return(Ok(Rs));
}
else
{
return(Content(HttpStatusCode.BadRequest, Rs));
}
}