public JsonResult RefreshAuthorizationToken(string token, string refreshToken, string authHash)
{
//Create the response model
MobileAppValidationModel response = new MobileAppValidationModel()
{
Success = false, Message = ""
};
/*---------------------------------Token Validation Begin-----------------------------------*/
#region Validate the Token
//Get the current token from the database
UnitOfWork work = new UnitOfWork();
external_token currentToken = work.SystemRepository.GetAuthorizationToken(token);
//Invalid token
if (currentToken == null || currentToken.refresh_token != refreshToken)
{
response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid);
return(Json(response, JsonRequestBehavior.AllowGet));
}
//Build the string to be hashed
string salt = currentToken.refresh_token;
string paramString = "token=" + token + "&refreshToken=" + refreshToken;
string stringToHash = salt + "?" + paramString;
//Invalid hash
if (!ValidateHash(stringToHash, authHash))
{
response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash);
return(Json(response));
}
#endregion
/*----------------------------------Token Validation End------------------------------------*/
//Refresh the token
currentToken = work.SystemRepository.RefreshAuthorizationToken(token, refreshToken);
//Build the response and return
if (currentToken != null)
{
response.Success = true;
response.Message = GetTokenValidationResultMessage(TokenValidationResult.Success);
response.Token = currentToken.token;
response.Refresh = currentToken.refresh_token;
return(Json(response));
}
else
{
response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureOther);
return(Json(response));
}
}
public JsonResult RemoveAuthorizationToken(string refreshToken, string authHash)
{
//Create the response model
MobileAppTokenErrorModel response = new MobileAppTokenErrorModel()
{
Success = false, Message = ""
};
/*---------------------------------Token Validation Begin-----------------------------------*/
#region Validate the Token
//Get the currentToken
UnitOfWork work = new UnitOfWork();
external_token currentToken = work.SystemRepository.GetAuthorizationTokenByRefresh(refreshToken);
//Invalid token
if (currentToken == null)
{
response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid);
return(Json(response));
}
//Build the string to be hashed
string salt = currentToken.refresh_token;
string paramString = "refreshToken=" + refreshToken;
string stringToHash = salt + "?" + paramString;
//Invalid hash
if (!ValidateHash(stringToHash, authHash))
{
response.Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash);
return(Json(response));
}
#endregion
/*----------------------------------Token Validation End------------------------------------*/
//Remove the token from the database
bool removed = work.SystemRepository.RemoveAuthorizationToken(refreshToken);
//Populate the model's message
if (removed)
{
response.Message = "Token Removed";
}
else
{
response.Message = "Unknown Error";
}
//Return
return(Json(response));
}
public bool RemoveAuthorizationToken(string refreshToken)
{
external_token tokenToRemove = _dbContext.external_token.SingleOrDefault(et => et.refresh_token.Equals(refreshToken));
if (tokenToRemove == null)
{
return(false);
}
_dbContext.external_token.Remove(tokenToRemove);
Save();
return(true);
}
public bool ExpireAuthorizationToken(string token)
{
external_token tokenToRemove = _dbContext.external_token.SingleOrDefault(et => et.token.Equals(token));
if (tokenToRemove == null)
{
return(false);
}
tokenToRemove.expiration_date = DateTime.Now;
Save();
return(true);
}
public JsonResult ExpireAuthorizationToken(string token, string authHash)
{
/*---------------------------------Token Validation Begin-----------------------------------*/
#region Validate the Token
//Get the current token
UnitOfWork work = new UnitOfWork();
external_token currentToken = work.SystemRepository.GetAuthorizationToken(token);
//Invalid token
if (currentToken == null)
{
return(Json(new MobileAppTokenErrorModel()
{
Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid)
}));
}
//Build the string to be hashed
string salt = currentToken.refresh_token;
string paramString = "token=" + token;
string stringToHash = salt + "?" + paramString;
//Invalid hash
if (!ValidateHash(stringToHash, authHash))
{
return(Json(new MobileAppTokenErrorModel()
{
Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash)
}));
}
#endregion
/*----------------------------------Token Validation End------------------------------------*/
//Expire the token
bool expired = work.SystemRepository.ExpireAuthorizationToken(token);
//Build the response
MobileAppTokenErrorModel response = new MobileAppTokenErrorModel()
{
Success = expired, Message = "Unknown Error"
};
if (expired)
{
response.Message = "Token Expired";
}
//Return
return(Json(response));
}
public external_token RefreshAuthorizationToken(string token, string refreshToken)
{
external_token tokenToRefresh = _dbContext.external_token.SingleOrDefault(et => et.token.Equals(token) && et.refresh_token.Equals(refreshToken));
if (tokenToRefresh == null)
{
return(null);
}
tokenToRefresh.token = Guid.NewGuid().ToString();
tokenToRefresh.refresh_token = Guid.NewGuid().ToString();
tokenToRefresh.created_date = DateTime.Now;
tokenToRefresh.expiration_date = DateTime.Now.AddMonths(3);
Save();
return(tokenToRefresh);
}
//TODO: SET CONSTANT FOR EXPIRE DATE
public external_token GenerateAuthorizationToken(string username, string IPAddress)
{
/*var exisitingToken = _dbContext.external_token.SingleOrDefault(et => et.id == _unitOfWork.UserRepository.GetUser(username).id && et.source.Equals(IPAddress));
* if (exisitingToken != null)
* _dbContext.external_token.Remove(exisitingToken);*/
external_token newToken = new external_token()
{
user_id = _unitOfWork.UserRepository.GetUser(username).id,
source = IPAddress,
created_date = DateTime.Now,
expiration_date = DateTime.Now.AddMonths(3),
token = Guid.NewGuid().ToString(),
refresh_token = Guid.NewGuid().ToString()
};
_dbContext.external_token.Add(newToken);
Save();
return(newToken);
}
public JsonResult ReportScan(int aID, bool hasCardToGive, string timeScanned, string token, int userID, string authHash)
{
/*---------------------------------Token Validation Begin-----------------------------------*/
#region Validate the Token
//Get the current token
UnitOfWork work = new UnitOfWork();
external_token currentToken = work.SystemRepository.GetAuthorizationToken(token);
//Invalid token
if (currentToken == null)
{
return(Json(new MobileAppTokenErrorModel()
{
Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid)
}));
}
//Expired token
if (DateTime.Now.CompareTo(currentToken.expiration_date) > 0)
{
return(Json(new MobileAppTokenErrorModel()
{
Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureExpired)
}));
}
//Make sure the date passed in is valid
DateTime dt = DateTime.Now;
if (!DateTime.TryParse(timeScanned, out dt))
{
return(Json(new MobileAppScanResultModel()
{
Success = false, Message = "DateTime was invalid", Code = 11
}));
}
//Build the string to be hashed
string salt = currentToken.refresh_token;
String paramString = "";
paramString += "aID=" + aID + "&hasCardToGive=" + hasCardToGive.ToString().ToLower() + "&timeScanned=" + timeScanned + "&token=" + token + "&userID=" + userID;
string stringToHash = salt + "?" + paramString;
//Invalid hash
if (!ValidateHash(stringToHash, authHash))
{
return(Json(new MobileAppTokenErrorModel()
{
Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureExpired)
}));
}
#endregion
/*----------------------------------Token Validation End------------------------------------*/
//Default AchievementResult is falilure
JPPConstants.AssignAchievementResult assignAchievementResult = JPPConstants.AssignAchievementResult.FailureOther;
//Assign the achievement and get the result
assignAchievementResult = work.AchievementRepository.AssignAchievement(userID, aID, currentToken.user_id, true, dt, hasCardToGive);
//Create the response model
MobileAppScanResultModel response = GetAssignResultModel(assignAchievementResult);
//Return
return(Json(response));
}
public JsonResult GetAchievements(string token, string authHash)
{
/*---------------------------------Token Validation Begin-----------------------------------*/
#region Validate the Token
//Get the current token from the database
UnitOfWork work = new UnitOfWork();
external_token currentToken = work.SystemRepository.GetAuthorizationToken(token);
//Invalid token
if (currentToken == null)
{
return(Json(new MobileAppTokenErrorModel()
{
Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureInvalid)
}));
}
//Expired token
if (DateTime.Now.CompareTo(currentToken.expiration_date) > 0)
{
return(Json(new MobileAppTokenErrorModel()
{
Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureExpired)
}));
}
//Build the string to be hashed
string salt = currentToken.refresh_token;
string paramString = "token=" + token;
string stringToHash = salt + "?" + paramString;
//Invalid hash
if (!ValidateHash(stringToHash, authHash))
{
return(Json(new MobileAppTokenErrorModel()
{
Success = false, Message = GetTokenValidationResultMessage(TokenValidationResult.FailureHash)
}));
}
#endregion
/*----------------------------------Token Validation End------------------------------------*/
//If the user has full Admin permissions, return all active achievements
//If not, return all active achievements they are a caretaker of
bool isFullAdmin = Roles.IsUserInRole(currentToken.user.username, JPPConstants.Roles.FullAdmin);
List <achievement_template> assignableAchievements = work.AchievementRepository.GetAssignableAchievements(currentToken.user_id, isFullAdmin);
//Create the list of achievements to return
if (assignableAchievements != null && assignableAchievements.Count >= 0)
{
List <MobileAppAchievementModel> mobileAppAchievements = new List <MobileAppAchievementModel>();
foreach (achievement_template achievement in assignableAchievements)
{
MobileAppAchievementModel mobileAchievement = new MobileAppAchievementModel()
{
AchievementID = achievement.id, Icon = achievement.icon, Title = achievement.title
};
mobileAppAchievements.Add(mobileAchievement);
}
return(Json(mobileAppAchievements));
}
//The user cannot assign any achievements
return(Json(new MobileAppTokenErrorModel()
{
Success = false, Message = GetLoginResultMessage(LoginValidationResult.FailureNoAchievements)
}));
}
public JsonResult Login(string username, string password, string devPassword, string authHash)
{
//Create the response model
MobileAppValidationModel response = new MobileAppValidationModel()
{
Success = false, Message = ""
};
/*---------------------------------Hash Validation Begin-----------------------------------*/
#region Hash Validation
//Build the string that will be hashed
string salt = Request.Url.GetLeftPart(UriPartial.Authority).ToString() + username;
string paramString = bool.Parse((JPPConstants.SiteSettings.GetValue(JPPConstants.SiteSettings.DevPasswordEnabled))) ? "devPassword="******"&": "";
paramString += "password="******"&username="******"?" + paramString;
//Invalid hash
if (!ValidateHash(stringToHash, authHash))
{
response.Message = GetLoginResultMessage(LoginValidationResult.FailureHash);
return(Json(response));
}
#endregion
/*----------------------------------Hash Validation End------------------------------------*/
//Attempt to validate the user
if (Membership.ValidateUser(username, password))
{
//Check the user's roles to see if they have permission to assign achievments
if (!Roles.IsUserInRole(username, JPPConstants.Roles.AssignIndividualAchievements) && !Roles.IsUserInRole(username, JPPConstants.Roles.FullAdmin))
{
response.Message = GetLoginResultMessage(LoginValidationResult.FailurePermissions);
return(Json(response));
}
//Create a new token for the user
UnitOfWork work = new UnitOfWork();
external_token token = work.SystemRepository.GenerateAuthorizationToken(username, Request.UserHostAddress);
//Make sure the token exists
if (token == null)
{
response.Success = false;
response.Message = GetLoginResultMessage(LoginValidationResult.FailureOther);
}
else
{
response.Success = true;
response.Message = GetLoginResultMessage(LoginValidationResult.Success);
response.Token = token.token;
response.Refresh = token.refresh_token;
}
//Return Success if token exists or FailureOther if token was null
return(Json(response));
}
//Invalid username/password
response.Message = GetLoginResultMessage(LoginValidationResult.FailureInvalid);
return(Json(response));
}
//TODO: SET CONSTANT FOR EXPIRE DATE
public external_token GenerateAuthorizationToken(string username, string IPAddress)
{
/*var exisitingToken = _dbContext.external_token.SingleOrDefault(et => et.id == _unitOfWork.UserRepository.GetUser(username).id && et.source.Equals(IPAddress));
if (exisitingToken != null)
_dbContext.external_token.Remove(exisitingToken);*/
external_token newToken = new external_token()
{
user_id = _unitOfWork.UserRepository.GetUser(username).id,
source = IPAddress,
created_date = DateTime.Now,
expiration_date = DateTime.Now.AddMonths(3),
token = Guid.NewGuid().ToString(),
refresh_token = Guid.NewGuid().ToString()
};
_dbContext.external_token.Add(newToken);
Save();
return newToken;
}
