private ActionResult SetPassword() { JObject POST = this.GetJsonPostObjectFromRequest(); if (POST["username"] != null && POST["newPassword"] != null && POST["username"].ToString() != "" && POST["username"].ToString() != " " && POST["newPassword"].ToString() != "" && POST["newPassword"].ToString() != " ") { string username = _context.SQLEscape(POST["username"].ToString()); string newPassword = Crypto.HashPassword(Crypto.SHA256(POST["newPassword"].ToString())); //Check if user was found fv_users finalUser = null; try { finalUser = _context.fv_users.Single(m => m.u_name == username); } catch (InvalidOperationException) { } if (finalUser == null) { Response.StatusCode = 400; return(Content($"Could not find the user to update password: {username}.")); } //updating the user finalUser.u_password = newPassword; _context.fv_users.AddOrUpdate(finalUser); try { _context.SaveChanges(); } catch (Exception ex) { if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException) { Response.StatusCode = 400; return(Content($"Could not set password for user {username}. SQL Execution failed.")); } throw; } Response.StatusCode = 200; return(Json(new { message = "Password set." }, JsonRequestBehavior.AllowGet)); } else { Response.StatusCode = 400; return(Content("Not all values are set.")); } }
private ActionResult AddUser() { JObject POST = this.GetJsonPostObjectFromRequest(); if (Request.HttpMethod == "POST" && POST["id"] != null && POST["username"] != null && POST["firstname"] != null && POST["lastname"] != null && POST["isLocked"] != null && POST["password"] != null && POST["username"].ToString() != "" && POST["username"].ToString() != " " && POST["firstname"].ToString() != "" && POST["firstname"].ToString() != " " && POST["lastname"].ToString() != "" && POST["lastname"].ToString() != " " && POST["isLocked"].ToString() != "" && POST["isLocked"].ToString() != " " && POST["password"].ToString() != "" && POST["password"].ToString() != " " && POST["username"].ToString() != AdminCredentials.Username) { string username = _context.SQLEscape(POST["username"].ToString()); string firstname = _context.SQLEscape(POST["firstname"].ToString()); string lastname = _context.SQLEscape(POST["lastname"].ToString()); bool isLocked = Boolean.Parse(_context.SQLEscape(POST["isLocked"].ToString())); string password = Crypto.HashPassword(Crypto.SHA256(POST["password"].ToString())); if (!username.Contains(" ")) { fv_users user = new fv_users() { u_name = username, u_password = password, u_isLocked = isLocked ? 1:0, u_firstName = firstname, u_lastName = lastname }; var newUser = _context.fv_users.Add(user); _context.AddNewYearForUser(DateTime.Today.Year, username, false); _context.AddNewYearForUser((DateTime.Today.Year + 1), username, false); try { _context.SaveChanges(); } catch (Exception ex) { if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException) { Response.StatusCode = 400; return(Content("Could not create a new user. SQL Execution failed.")); } throw; } NewUser userResult = new NewUser() { id = POST["id"].ToString(), username = newUser.u_name, origianlUsername = newUser.u_name, firstname = newUser.u_firstName, lastname = newUser.u_lastName, isLocked = newUser.u_isLocked, years = new int[] { DateTime.Today.Year, DateTime.Today.Year + 1 } }; Response.StatusCode = 200; return(Json(userResult, JsonRequestBehavior.AllowGet)); } else { Response.StatusCode = 400; return(Content("Username should not contain whitespaces.")); } } else { Response.StatusCode = 400; return(Content("Not all values are set.")); } }
private ActionResult UpdateUser() { JObject POST = this.GetJsonPostObjectFromRequest(); if (POST["username"] != null && POST["firstname"] != null && POST["lastname"] != null && POST["isLocked"] != null && POST["username"].ToString() != "" && POST["username"].ToString() != " " && POST["firstname"].ToString() != "" && POST["firstname"].ToString() != " " && POST["lastname"].ToString() != "" && POST["lastname"].ToString() != " " && POST["username"].ToString() != AdminCredentials.Username) { string username = _context.SQLEscape(POST["username"].ToString()); string firstname = _context.SQLEscape(POST["firstname"].ToString()); string lastname = _context.SQLEscape(POST["lastname"].ToString()); bool isLocked = _context.SQLEscape(POST["isLocked"].ToString()) == "0"; //Check if user was found fv_users finalUser = null; try { finalUser = _context.fv_users.Single(m => m.u_name == username); } catch (InvalidOperationException) { } if (finalUser == null) { Response.StatusCode = 400; return(Content($"Could not find the user to update {username}.")); } //updating the user finalUser.u_firstName = firstname; finalUser.u_lastName = lastname; finalUser.u_isLocked = isLocked ? 1 : 0; _context.fv_users.AddOrUpdate(finalUser); try { _context.SaveChanges(); } catch (Exception ex) { if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException) { Response.StatusCode = 400; return(Content($"Could not update the user {username}. SQL Execution failed.")); } throw; } Response.StatusCode = 200; return(Json(new { username = finalUser.u_name, firstname = finalUser.u_firstName, lastname = finalUser.u_lastName, isLocked = finalUser.u_isLocked != 0 }, JsonRequestBehavior.AllowGet)); } else { Response.StatusCode = 400; return(Content("Not all values are set.")); } }
private ActionResult RemoveUser() { JObject POST = this.GetJsonPostObjectFromRequest(); if (POST["username"] != null) { string username = _context.SQLEscape(POST["username"].ToString()); //Check if view was found List <fv_views> views = null; try { views = _context.fv_views.Where(m => m.v_u_name == username).ToList(); } catch (InvalidOperationException) { } if (views != null) { _context.fv_views.RemoveRange(views); //Deleting Years var years = _context.GetYearsForUser(username); bool errorWhileDeletingYears = false; foreach (int year in years) { if (!_context.RemoveYearByYearAndUsername(year, username, false)) { errorWhileDeletingYears = true; } } if (!errorWhileDeletingYears) { //Check if user was found fv_users finalUser = null; try { finalUser = _context.fv_users.Single(m => m.u_name == username); } catch (InvalidOperationException) { } if (finalUser == null) { Response.StatusCode = 400; return(Content($"Could not find the user to delete {username}.")); } //Deleting the user _context.fv_users.Remove(finalUser); try { _context.SaveChanges(); } catch (Exception ex) { if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException) { Response.StatusCode = 400; return(Content($"Could not delete user {username}. SQL Execution failed.")); } throw; } Response.StatusCode = 200; return(Json(new { message = "User deleted." }, JsonRequestBehavior.AllowGet)); } else { Response.StatusCode = 400; return(Content($"Could not delete years for the user {username}.")); } } else { Response.StatusCode = 400; return(Content($"Could not delete views for the user {username}.")); } } else { Response.StatusCode = 400; return(Content("Username is not set.")); } }