public async Task PostUser([FromBody] JsonDocument request)
{
JObject jValue = WebMessageHelpers.GetJObjectFromBody(request);
User user = new User(0, jValue.GetValue("login").ToString(), jValue.GetValue("password").ToString());
user.AccessLevel = 0;
Response.ContentType = "application/json";
byte[] body;
user.Password = UserHelpers.HashPassword(user.Login, user.Password);
if (_context.User.FirstOrDefault(row => row.Login == user.Login) != null)
{
Response.StatusCode = 400;
body = UserHelpers.DuplicateUserResponse();
await Response.Body.WriteAsync(body, 0, body.Length);
return;
}
_context.User.Add(user);
await _context.SaveChangesAsync();
body = UserHelpers.SuccessfulUserAdding();
Response.StatusCode = 200;
await Response.Body.WriteAsync(body, 0, body.Length);
}
public async Task Login([FromBody] JsonDocument request)
{
JObject jValue = WebMessageHelpers.GetJObjectFromBody(request);
Response.Headers.Add("Access-Control-Allow-Headers", "*");
Response.Headers.Add("Content-Type", "application/json");
User userAuth = new User(0, jValue.GetValue("login").ToString(), jValue.GetValue("password").ToString());
var user = _context.User.FirstOrDefault(row => row.Login == userAuth.Login);
byte[] body;
if (user != null)
{
string hashPassword = UserHelpers.HashPassword(userAuth.Login, userAuth.Password);
if (user.Password != hashPassword)
{
Response.StatusCode = 401;
body = UserHelpers.WrongPasswordOrLogin();
await Response.Body.WriteAsync(body, 0, body.Length);
return;
}
var logedUser = _context.ActiveUser.FirstOrDefault(row => row.UserId == user.Id);
string token = "";
if (logedUser != null)
{
token = logedUser.Token;
}
else
{
token = UserHelpers.GenerateUserToken();
ActiveUser activeUser = new ActiveUser(0, user.Id, token);
_context.ActiveUser.Add(activeUser);
await _context.SaveChangesAsync();
}
body = UserHelpers.SuccessfulLogin(token);
Response.StatusCode = 200;
await Response.Body.WriteAsync(body, 0, body.Length);
}
else
{
Response.StatusCode = 401;
body = UserHelpers.WrongPasswordOrLogin();
await Response.Body.WriteAsync(body, 0, body.Length);
return;
}
}
public async Task AttachPupilAccount([FromBody] JsonDocument request)
{
if (Request.Headers.GetCommaSeparatedValues("Authorization").ToList().Count < 1)
{
Response.StatusCode = 403;
return;
}
JObject jValue = WebMessageHelpers.GetJObjectFromBody(request);
string userLogin = jValue.GetValue("login").ToString();
int pupilId = Int32.Parse(jValue.GetValue("pupilId").ToString());
string token = Request.Headers.GetCommaSeparatedValues("Authorization").ToList().ElementAt(0);
if (UserHelpers.GetUser(token, _context).AccessLevel < (int)Permissions.Teacher)
{
Response.StatusCode = 403;
return;
}
Response.ContentType = "application/json";
byte[] body;
var pupil = _context.Pupil.FirstOrDefault(row => row.Id == pupilId);
User user = _context.User.FirstOrDefault(row => row.Login == userLogin);
if (user == null || pupil == null)
{
Response.StatusCode = 400;
body = UserHelpers.UserOrPupilAbsent();
await Response.Body.WriteAsync(body, 0, body.Length);
return;
}
if (pupil.AccountId != 0)
{
Response.StatusCode = 400;
body = UserHelpers.PupilAlreadySynced();
await Response.Body.WriteAsync(body, 0, body.Length);
return;
}
pupil.AccountId = user.Id;
user.AccessLevel = (int)Permissions.Pupil;
await _context.SaveChangesAsync();
Response.StatusCode = 200;
}
public async Task GetCurriculum(int id, [FromBody] JsonDocument?request)
{
if (Request.Headers.GetCommaSeparatedValues("Authorization").ToList().Count < 1)
{
Response.StatusCode = 403;
return;
}
string token = Request.Headers.GetCommaSeparatedValues("Authorization").ToList().ElementAt(0);
if (UserHelpers.GetUser(token, _context).AccessLevel < (int)Permissions.Pupil)
{
Response.StatusCode = 403;
return;
}
if (_context.Form.FirstOrDefault(row => row.Id == id) == null)
{
Response.StatusCode = 400;
return;
}
DateTime date = DateTime.Now;
JObject jValue = WebMessageHelpers.GetJObjectFromBody(request);
if (jValue.ContainsKey("date"))
{
string strDate = jValue.GetValue("date").ToString();
if (!String.IsNullOrWhiteSpace(strDate))
{
date = Convert.ToDateTime(strDate);
}
}
Response.Headers.Add("Access-Control-Allow-Headers", "*");
Response.Headers.Add("Content-Type", "application/json");
byte[] body = CuriculumHelpers.GetHomeWork(_context, id, date);
await Response.Body.WriteAsync(body, 0, body.Length);
}
public async Task DeleteUser([FromBody] JsonDocument request)
{
byte[] body;
JObject jValue = WebMessageHelpers.GetJObjectFromBody(request);
string[] token = Request.Headers.GetCommaSeparatedValues("Authorization");
if (token.Count() == 0)
{
Response.StatusCode = 403;
return;
}
var user = UserHelpers.GetUser(token[0], _context);
if (user == null)
{
Response.StatusCode = 400;
return;
}
var tempLogin = jValue.GetValue("login").ToString();
var tempPassword = jValue.GetValue("password").ToString();
if (user.Login != tempLogin && user.Password != UserHelpers.HashPassword(tempLogin, tempPassword))
{
Response.StatusCode = 400;
body = UserHelpers.DuplicateUserResponse();
await Response.Body.WriteAsync(body, 0, body.Length);
}
_context.User.Remove(user);
await _context.SaveChangesAsync();
body = UserHelpers.SuccessDeleting();
await Response.Body.WriteAsync(body, 0, body.Length);
}
