Ejemplo n.º 1
0
        public IEnumerable <Student> GetAllStudents()
        {
            const string sqlQuery = "SELECT S.FirstName, S.LastName, S.BirthDate, St.Name, E.Semester FROM Student S " +
                                    " LEFT JOIN Enrollment E ON S.IdEnrollment = E.IdEnrollment " +
                                    " LEFT JOIN Studies St ON E.IdStudy = St.IdStudy";
            var students = new List <Student>();

            using var connection =
                      new SqlConnection(AppSettingsUtils.GetConnectionString());
            using var command = new SqlCommand
                  {
                      Connection  = connection,
                      CommandText = sqlQuery
                  };
            connection.Open();
            var dataReader = command.ExecuteReader();

            while (dataReader.Read())
            {
                var student = new Student
                {
                    FirstName   = dataReader["FirstName"].ToString(),
                    LastName    = dataReader["LastName"].ToString(),
                    BirthDate   = DateTime.Parse(dataReader["BirthDate"].ToString()).ToString("yyyy-MM-dd"),
                    StudiesName = dataReader["Name"].ToString(),
                    Semester    = Parse(dataReader["Semester"].ToString())
                };
                students.Add(student);
            }

            return(students);
        }
        public HttpResponseMessage SaveImage()
        {
            if (!Request.Content.IsMimeMultipartContent())
            {
                throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
            }

            var httpRequest = HttpContext.Current.Request;

            if (httpRequest.Files.Count == 0)
            {
                throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
            }

            ImageInformation normalImageInformation = new ImageInformation
            {
                Width             = AppSettingsUtils.GetDimensionWidth("PromotionProductImagesNormalDimension"),
                Height            = AppSettingsUtils.GetDimensionHeight("PromotionProductImagesNormalDimension"),
                BlobDirectoryName = AppSettingsUtils.GetStringAppSetting("PromotionProductBlobImagesTempDirectory")
            };

            string fileName = UploadFileHandler.SaveUploadedImage(httpRequest.Files[0], normalImageInformation);

            return(Request.CreateResponse <ImageModel>(HttpStatusCode.OK, new ImageModel {
                ImageFileNamePath = normalImageInformation.RelativeFileName, ImageFileName = fileName
            }));
        }
Ejemplo n.º 3
0
        public EnrollmentResponse PromoteStudents(PromoteStudentsRequest promoteStudentsRequest)
        {
            using var connection = new SqlConnection(AppSettingsUtils.GetConnectionString());
            using var command    = new SqlCommand { Connection = connection };
            connection.Open();

            command.CommandText = @"SELECT COUNT(1) FROM sys.objects WHERE name='PromoteStudents'";

            if (!Convert.ToBoolean(Parse(command.ExecuteScalar().ToString())))
            {
                var fileInfo = new FileInfo("Resources/promote_students_procedure.sql");
                command.CommandText = fileInfo.OpenText().ReadToEnd();
                command.ExecuteNonQuery();
            }

            command.CommandText = "EXEC PromoteStudents @Semester, @Studies";
            command.Parameters.AddWithValue("Semester", promoteStudentsRequest.Semester);
            command.Parameters.AddWithValue("Studies", promoteStudentsRequest.Studies);
            var dataReader = command.ExecuteReader();

            if (dataReader.Read())
            {
                return(new EnrollmentResponse
                {
                    IdEnrollment = Parse(dataReader["IdEnrollment"].ToString()),
                    Semester = Parse(dataReader["Semester"].ToString()),
                    IdStudy = Parse(dataReader["IdStudy"].ToString()),
                    StartDate = DateTime.Parse(dataReader["StartDate"].ToString()).ToString("yyyy-MM-dd")
                });
            }

            throw new ResourceNotFoundException("Not Found");
        }
Ejemplo n.º 4
0
        public Enrollment GetEnrollmentByStudentIndexSqlInjectionVulnerable(string indexNumber)
        {
            var sqlQuery =
                "SELECT S.IndexNumber, E.Semester, E.StartDate, St.Name FROM Enrollment " +
                "E LEFT JOIN Student S on e.IdEnrollment = S.IdEnrollment " +
                "LEFT JOIN Studies St on E.IdStudy = St.IdStudy " +
                $"WHERE S.IndexNumber = {indexNumber}";

            using var connection = new SqlConnection(AppSettingsUtils.GetConnectionString());
            using var command    = new SqlCommand
                  {
                      Connection  = connection,
                      CommandText = sqlQuery
                  };
            connection.Open();
            var dataReader = command.ExecuteReader();
            var enrollment = new Enrollment();

            while (dataReader.Read())
            {
                {
                    enrollment.IndexNumber = dataReader["IndexNumber"].ToString();
                    enrollment.Semester    = Parse(dataReader["Semester"].ToString());
                    enrollment.StartDate   = DateTime.Parse(dataReader["StartDate"].ToString()).ToString("yyyy-MM-dd");
                    enrollment.StudiesName = dataReader["Name"].ToString();
                }
            }

            return(enrollment);
        }
Ejemplo n.º 5
0
        public StudentWithStudiesResponse GetStudentByIndexNumberSqlInjectionInVulnerable(string indexNumber)
        {
            var sqlQuery = "SELECT S.FirstName, S.LastName, S.BirthDate, St.Name, E.Semester FROM Student S " +
                           "LEFT JOIN Enrollment E ON S.IdEnrollment = E.IdEnrollment " +
                           "LEFT JOIN Studies St ON E.IdStudy = St.IdStudy WHERE S.IndexNumber = @indexNumber";

            using var connection =
                      new SqlConnection(AppSettingsUtils.GetConnectionString());
            using var command = new SqlCommand
                  {
                      Connection  = connection,
                      CommandText = sqlQuery
                  };
            command.Parameters.AddWithValue("indexNumber", indexNumber);

            connection.Open();
            var dataReader = command.ExecuteReader();

            if (dataReader.Read())
            {
                return(new StudentWithStudiesResponse
                {
                    FirstName = dataReader["FirstName"].ToString(),
                    LastName = dataReader["LastName"].ToString(),
                    BirthDate = DateTime.Parse(dataReader["BirthDate"]
                                               .ToString()).ToString("yyyy-MM-dd"),
                    StudiesName = dataReader["Name"].ToString(),
                    Semester = Parse(dataReader["Semester"].ToString())
                });
            }

            throw new ResourceNotFoundException($"Student with indexNumber = {indexNumber} not found");
        }
Ejemplo n.º 6
0
        public TokenResponse RefreshJwtToken(RefreshTokenRequest refreshTokenRequest)
        {
            using var connection = new SqlConnection(AppSettingsUtils.GetConnectionString());
            using var command    = new SqlCommand { Connection = connection };
            connection.Open();

            command.CommandText = "SELECT S.IndexNumber FROM Student S WHERE S.Refresh_Token = @RefreshToken";
            command.Parameters.AddWithValue("RefreshToken", refreshTokenRequest.RefreshToken);
            var dataReader = command.ExecuteReader();

            if (!dataReader.Read())
            {
                throw new ResourceNotFoundException("Refresh token doesn't exist");
            }

            var index = dataReader["IndexNumber"].ToString();

            dataReader.Close();

            var token           = CreateJwtToken(index);
            var newRefreshToken = Convert.ToBase64String(Guid.NewGuid().ToByteArray());

            command.Parameters.Clear();
            command.CommandText = "UPDATE Student SET Refresh_Token = @RefreshToken WHERE IndexNumber = @IndexNumber";
            command.Parameters.AddWithValue("@RefreshToken", newRefreshToken);
            command.Parameters.AddWithValue("IndexNumber", index);
            command.ExecuteNonQuery();

            return(new TokenResponse
            {
                Token = new JwtSecurityTokenHandler().WriteToken(token),
                RefreshToken = newRefreshToken
            });
        }
        private void ResizeLogos(PromotionProductDto promotionProductDto)
        {
            string logoFileName = System.IO.Path.Combine(AppSettingsUtils.GetStringAppSetting("PromotionProductBlobImagesTempDirectory"), promotionProductDto.Logo);

            UploadFileHandler.ResizeFromStreamImage(logoFileName, promotionProductDto.Logo,
                                                    new ImageInformation
            {
                Width             = AppSettingsUtils.GetDimensionWidth("PromotionProductImagesNormalDimension"),
                Height            = AppSettingsUtils.GetDimensionHeight("PromotionProductImagesNormalDimension"),
                BlobDirectoryName = AppSettingsUtils.GetStringAppSetting("PromotionProductBlobImagesNormalDirectory")
            });

            UploadFileHandler.ResizeFromStreamImage(logoFileName, promotionProductDto.Logo,
                                                    new ImageInformation
            {
                Width             = AppSettingsUtils.GetDimensionWidth("PromotionProductImagesThumbnailsDimension"),
                Height            = AppSettingsUtils.GetDimensionHeight("PromotionProductImagesThumbnailsDimension"),
                BlobDirectoryName = AppSettingsUtils.GetStringAppSetting("PromotionProductBlobImagesThumbnailsDirectory")
            });

            UploadFileHandler.ResizeFromStreamImage(logoFileName, promotionProductDto.Logo,
                                                    new ImageInformation
            {
                Width             = AppSettingsUtils.GetDimensionWidth("PromotionProductImagesPreviewDimension"),
                Height            = AppSettingsUtils.GetDimensionHeight("PromotionProductImagesPreviewDimension"),
                BlobDirectoryName = AppSettingsUtils.GetStringAppSetting("PromotionProductBlobImagesPreviewDirectory")
            });
        }
Ejemplo n.º 8
0
        public EnrollmentStudentResponse GetEnrollmentByStudentIndexSqlInjectionVulnerable(string indexNumber)
        {
            var sqlQuery =
                "SELECT S.IndexNumber, E.Semester, E.StartDate, St.Name FROM Enrollment " +
                "E LEFT JOIN Student S on e.IdEnrollment = S.IdEnrollment " +
                "LEFT JOIN Studies St on E.IdStudy = St.IdStudy " +
                $"WHERE S.IndexNumber = {indexNumber}";

            using var connection = new SqlConnection(AppSettingsUtils.GetConnectionString());
            using var command    = new SqlCommand
                  {
                      Connection  = connection,
                      CommandText = sqlQuery
                  };
            connection.Open();
            var dataReader = command.ExecuteReader();

            if (dataReader.Read())
            {
                return(new EnrollmentStudentResponse
                {
                    IndexNumber = dataReader["IndexNumber"].ToString(),
                    Semester = Parse(dataReader["Semester"].ToString()),
                    StartDate = DateTime.Parse(dataReader["StartDate"].ToString()).ToString("yyyy-MM-dd"),
                    StudiesName = dataReader["Name"].ToString()
                });
            }

            throw new ResourceNotFoundException($"Enrollment for Student with indexNumber = {indexNumber} not found");
        }
Ejemplo n.º 9
0
        protected override void OnServiceHostsStarting()
        {
            bool mockTeamCity = AppSettingsUtils.ReadAppSettingBool("MockTeamCity");

            Bootstraper.Bootstrap(mockTeamCity);

            base.OnServiceHostsStarting();
        }
Ejemplo n.º 10
0
        static DeploymentController()
        {
            _onlyDeployableCheckedByDefault =
                AppSettingsUtils.ReadAppSettingBool(_AppSettingsKey_OnlyDeployableCheckedByDefault);

            _isCreatePackageVisible =
                AppSettingsUtils.ReadAppSettingBool(_AppSettingsKey_IsCreatePackageVisible);
        }
Ejemplo n.º 11
0
        private void MapRelativeLogoPath(ProductDto productDto)
        {
            if (string.IsNullOrEmpty(productDto.Logo))
            {
                return;
            }

            productDto.RelativeFileName = UploadFileHandler.GetBlobRelativeFileName(AppSettingsUtils.GetStringAppSetting("StoragePrefixUrl"), AppSettingsUtils.GetStringAppSetting("ProductImagesBlobThumbnailsDirectory"), productDto.Logo);
        }
Ejemplo n.º 12
0
        public void ShouldGetZeroWhenTaxRatePercentageIsNotPresentInAppSettings()
        {
            _optionsMonitorMock.Setup(o => o.CurrentValue).Returns(new AppSettings()
            {
            });

            var taxRate = AppSettingsUtils.GetTaxRatePercentage(_optionsMonitorMock.Object);

            Assert.AreEqual(0, taxRate);
        }
Ejemplo n.º 13
0
        public bool CheckIfStudentExists(string index)
        {
            using var connection = new SqlConnection(AppSettingsUtils.GetConnectionString());
            using var command    = new SqlCommand { Connection = connection };
            connection.Open();
            command.CommandText = "SELECT 1 FROM Student S WHERE S.IndexNumber = @IndexNumber";
            command.Parameters.AddWithValue("IndexNumber", index);

            return(Convert.ToBoolean(Parse(command.ExecuteScalar().ToString())));
        }
Ejemplo n.º 14
0
        static ApiController()
        {
            string visibleEnvironmentsStr          = AppSettingsUtils.ReadAppSettingString(_AppSettingsKey_VisibleEnvironments);
            string deployableEnvironmentsStr       = AppSettingsUtils.ReadAppSettingString(_AppSettingsKey_DeployableEnvironments);
            string allowedProjectConfigurationsStr = AppSettingsUtils.ReadAppSettingString(_AppSettingsKey_AllowedProjectConfigurations);

            _visibleEnvironments                = ParseAppSettingSet(visibleEnvironmentsStr);
            _deployableEnvironments             = ParseAppSettingSet(deployableEnvironmentsStr);
            _allowedProjectConfigurations       = ParseAppSettingSet(allowedProjectConfigurationsStr);
            _maxProjectConfigurationBuildsCount = AppSettingsUtils.ReadAppSettingInt(_AppSettingsKey_MaxProjectConfigurationBuildsCount);
        }
Ejemplo n.º 15
0
        public void ShouldGetTaxRatePercentage()
        {
            _optionsMonitorMock.Setup(o => o.CurrentValue).Returns(new AppSettings()
            {
                TaxRatePercentage = "20",
            });

            var taxRate = AppSettingsUtils.GetTaxRatePercentage(_optionsMonitorMock.Object);

            Assert.AreEqual(20, taxRate);
        }
Ejemplo n.º 16
0
        public void ShouldSetLowerRangeToZeroWhenItsNotPresentInAppSettings()
        {
            _optionsMonitorMock.Setup(o => o.CurrentValue).Returns(new AppSettings()
            {
                MaximumDonationAmount = "2",
            });

            decimal minimumDonationAmount;
            decimal maximumDonationAmount;

            AppSettingsUtils.GetLowerAndHigherRange(_optionsMonitorMock.Object, out minimumDonationAmount, out maximumDonationAmount);

            Assert.AreEqual(0, minimumDonationAmount);
        }
Ejemplo n.º 17
0
        protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
        {
            optionsBuilder.UseSqlServer(
                AppSettingsUtils.ConnectionString("ParseTheParcel"),
                x => x.MigrationsHistoryTable("__EFMigrationHistory", DefaultSchema));

            optionsBuilder.EnableSensitiveDataLogging();

#if DEBUG
            if (LoggerFactory != null)
            {
                optionsBuilder.UseLoggerFactory(LoggerFactory);
            }
#endif
        }
Ejemplo n.º 18
0
        public void ShouldGetLowerAndHigherRange()
        {
            _optionsMonitorMock.Setup(o => o.CurrentValue).Returns(new AppSettings()
            {
                MinimumDonationAmount = "2",
                MaximumDonationAmount = "100000"
            });

            decimal minimumDonationAmount;
            decimal maximumDonationAmount;

            AppSettingsUtils.GetLowerAndHigherRange(_optionsMonitorMock.Object, out minimumDonationAmount, out maximumDonationAmount);

            Assert.AreEqual(2, minimumDonationAmount);
            Assert.AreEqual(100000, maximumDonationAmount);
        }
Ejemplo n.º 19
0
        public TokenResponse LogIn(LoginRequestDto loginRequestDto)
        {
            using var connection = new SqlConnection(AppSettingsUtils.GetConnectionString());
            using var command    = new SqlCommand { Connection = connection };
            connection.Open();
            var transaction = connection.BeginTransaction();

            command.Transaction = transaction;

            command.CommandText = "SELECT S.Password, S.Salt FROM Student S WHERE S.IndexNumber = @IndexNumber";
            command.Parameters.AddWithValue("IndexNumber", loginRequestDto.Index);
            var dataReader = command.ExecuteReader();

            if (!dataReader.Read())
            {
                throw new BadLoginOrPasswordException("Bad Login or Password");
            }

            var salt           = (byte[])dataReader["Salt"];
            var storedPassword = dataReader["Password"].ToString();

            dataReader.Close();

            if (!PasswordUtils.ValidatePassword(loginRequestDto.Password, storedPassword, salt))
            {
                throw new BadLoginOrPasswordException("Bad Login or Password");
            }

            var token        = CreateJwtToken(loginRequestDto.Index);
            var refreshToken = Convert.ToBase64String(Guid.NewGuid().ToByteArray());

            command.Parameters.Clear();
            command.CommandText = "UPDATE Student SET Refresh_Token = @RefreshToken WHERE IndexNumber = @IndexNumber";
            command.Parameters.AddWithValue("@RefreshToken", refreshToken);
            command.Parameters.AddWithValue("IndexNumber", loginRequestDto.Index);
            command.ExecuteNonQuery();

            transaction.Commit();

            return(new TokenResponse
            {
                Token = new JwtSecurityTokenHandler().WriteToken(token),
                RefreshToken = refreshToken
            });
        }
Ejemplo n.º 20
0
        public static ValidationResult ValidateAmount(IOptionsMonitor <AppSettings> settings, decimal amount)
        {
            decimal minimumDonationAmount;
            decimal maximumDonationAmount;

            AppSettingsUtils.GetLowerAndHigherRange(settings, out minimumDonationAmount, out maximumDonationAmount);

            var isLowerRangeValid  = amount >= minimumDonationAmount;
            var largerRangeExists  = maximumDonationAmount != 0;
            var isLargerRangeValid = !largerRangeExists ? true : amount <= maximumDonationAmount;

            if (isLowerRangeValid && isLargerRangeValid)
            {
                return(ValidationResult.Success);
            }

            return(new ValidationResult("Donation amount can not be smaller than " + minimumDonationAmount + (largerRangeExists ? (" and can not be larger than " + maximumDonationAmount) : "")));
        }
Ejemplo n.º 21
0
        private void ResizeLogo(CompanyLogoDto companyLogo, bool isLogo)
        {
            string logoFileName = System.IO.Path.Combine(AppSettingsUtils.GetStringAppSetting("CompanyImagesBlobTempDirectory"), companyLogo.Logo);

            if (isLogo)
            {
                UploadFileHandler.ResizeFromStreamImage(logoFileName, companyLogo.Logo,
                                                        new ImageInformation
                {
                    Width             = AppSettingsUtils.GetDimensionWidth("CompanyImagesLogoDimension"),
                    Height            = AppSettingsUtils.GetDimensionHeight("CompanyImagesLogoDimension"),
                    BlobDirectoryName = AppSettingsUtils.GetStringAppSetting("CompanyImagesBlobLogoDirectory")
                });

                return;
            }

            UploadFileHandler.ResizeFromStreamImage(logoFileName, companyLogo.Logo,
                                                    new ImageInformation
            {
                Width             = AppSettingsUtils.GetDimensionWidth("CompanyImagesNormalDimension"),
                Height            = AppSettingsUtils.GetDimensionHeight("CompanyImagesNormalDimension"),
                BlobDirectoryName = AppSettingsUtils.GetStringAppSetting("CompanyImagesBlobNormalDirectory")
            });

            UploadFileHandler.ResizeFromStreamImage(logoFileName, companyLogo.Logo,
                                                    new ImageInformation
            {
                Width             = AppSettingsUtils.GetDimensionWidth("CompanyImagesThumbnailsDimension"),
                Height            = AppSettingsUtils.GetDimensionHeight("CompanyImagesThumbnailsDimension"),
                BlobDirectoryName = AppSettingsUtils.GetStringAppSetting("CompanyImagesBlobThumbnailsDirectory")
            });

            UploadFileHandler.ResizeFromStreamImage(logoFileName, companyLogo.Logo,
                                                    new ImageInformation
            {
                Width             = AppSettingsUtils.GetDimensionWidth("CompanyImagesPreviewDimension"),
                Height            = AppSettingsUtils.GetDimensionHeight("CompanyImagesPreviewDimension"),
                BlobDirectoryName = AppSettingsUtils.GetStringAppSetting("CompanyImagesBlobPreviewDirectory")
            });
        }
Ejemplo n.º 22
0
 static SecurityUtils()
 {
     _canDeployRole = AppSettingsUtils.ReadAppSettingStringOptional(_AppSettingKey_CanDeployRole);
 }
Ejemplo n.º 23
0
        private void MapRelativeLogoPath(CompanyDto companyDto)
        {
            if (companyDto.Galleries == null || companyDto.Galleries.Count == 0 || companyDto.Logo == null)
            {
                return;
            }

            if (companyDto.Logo != null && !string.IsNullOrEmpty(companyDto.Logo.Logo))
            {
                companyDto.Logo.NormalRelativeFileName = UploadFileHandler.GetBlobRelativeFileName(AppSettingsUtils.GetStringAppSetting("StoragePrefixUrl"), AppSettingsUtils.GetStringAppSetting("CompanyImagesBlobLogoDirectory"), companyDto.Logo.Logo);
            }

            foreach (var companyLogo in companyDto.Galleries)
            {
                if (string.IsNullOrEmpty(companyLogo.Logo))
                {
                    return;
                }

                companyLogo.NormalRelativeFileName    = UploadFileHandler.GetBlobRelativeFileName(AppSettingsUtils.GetStringAppSetting("StoragePrefixUrl"), AppSettingsUtils.GetStringAppSetting("CompanyImagesBlobNormalDirectory"), companyLogo.Logo);
                companyLogo.ThumbnailRelativeFileName = UploadFileHandler.GetBlobRelativeFileName(AppSettingsUtils.GetStringAppSetting("StoragePrefixUrl"), AppSettingsUtils.GetStringAppSetting("CompanyImagesBlobThumbnailsDirectory"), companyLogo.Logo);
                companyLogo.PreviewRelativeFileName   = UploadFileHandler.GetBlobRelativeFileName(AppSettingsUtils.GetStringAppSetting("StoragePrefixUrl"), AppSettingsUtils.GetStringAppSetting("CompanyImagesBlobPreviewDirectory"), companyLogo.Logo);
            }
        }
Ejemplo n.º 24
0
 public GiftAidCalculator(IOptionsMonitor <AppSettings> settings)
 {
     TaxRatePercentage = AppSettingsUtils.GetTaxRatePercentage(settings);
 }
Ejemplo n.º 25
0
 static NCasServerSetting()
 {
     ServerUri = new Uri(AppSettingsUtils.GetString("ServerUrl"));
 }
Ejemplo n.º 26
0
        public EnrollmentResponse EnrollNewStudent(EnrollmentStudentRequest enrollmentStudentRequest)
        {
            using var connection = new SqlConnection(AppSettingsUtils.GetConnectionString());
            using var command    = new SqlCommand { Connection = connection };
            connection.Open();
            var transaction = connection.BeginTransaction();

            command.Transaction = transaction;

            command.CommandText = "SELECT s.IdStudy FROM Studies s WHERE s.Name = @StudiesName";
            command.Parameters.AddWithValue("StudiesName", enrollmentStudentRequest.Studies);
            var dataReader = command.ExecuteReader();

            if (!dataReader.Read())
            {
                throw new ResourceNotFoundException(
                          $"Studies by name {enrollmentStudentRequest.Studies} does not exist in database");
            }
            var idStudy = Parse(dataReader["IdStudy"].ToString());

            dataReader.Close();
            command.Parameters.Clear();
            command.CommandText =
                "SELECT * FROM Enrollment E WHERE E.Semester = 1 AND E.IdStudy = @IdStudy";
            command.Parameters.AddWithValue("IdStudy", idStudy);
            dataReader = command.ExecuteReader();

            var enrollmentResponse = new EnrollmentResponse();

            if (!dataReader.Read())
            {
                dataReader.Close();
                command.Parameters.Clear();

                command.CommandText =
                    @"INSERT INTO Enrollment(IdEnrollment, Semester, StartDate, IdStudy) 
                OUTPUT INSERTED.IdEnrollment, INSERTED.Semester, INSERTED.StartDate, INSERTED.IdStudy 
                VALUES((SELECT MAX(E.IdEnrollment) FROM Enrollment E) + 1, @Semester, @StartDate, @IdStudy);";
                command.Parameters.AddWithValue("Semester", 1);
                command.Parameters.AddWithValue("StartDate", DateTime.Now);
                command.Parameters.AddWithValue("IdStudy", idStudy);

                enrollmentResponse.IdEnrollment = Parse(command.ExecuteScalar().ToString());
                enrollmentResponse.Semester     = Parse(command.Parameters["Semester"].Value.ToString());
                enrollmentResponse.IdStudy      = Parse(command.Parameters["IdStudy"].Value.ToString());
                enrollmentResponse.StartDate    =
                    DateTime.Parse(command.Parameters["StartDate"].Value.ToString()).ToString("yyyy-MM-dd");
            }
            else
            {
                enrollmentResponse.IdEnrollment = Parse(dataReader["IdEnrollment"].ToString());
                enrollmentResponse.Semester     = Parse(dataReader["Semester"].ToString());
                enrollmentResponse.IdStudy      = Parse(dataReader["IdStudy"].ToString());
                enrollmentResponse.StartDate    =
                    DateTime.Parse(dataReader["StartDate"].ToString()).ToString("yyyy-MM-dd");
            }

            dataReader.Close();
            command.Parameters.Clear();
            command.CommandText = "SELECT S.IndexNumber FROM Student S WHERE IndexNumber = @indexNumber";
            command.Parameters.AddWithValue("indexNumber", enrollmentStudentRequest.Index);
            dataReader = command.ExecuteReader();
            if (dataReader.Read())
            {
                throw new BadRequestException("Student Index number not unique");;
            }

            dataReader.Close();
            command.Parameters.Clear();
            var salt = PasswordUtils.GenerateSalt();

            command.CommandText =
                @"INSERT INTO Student(IndexNumber, FirstName, LastName, BirthDate, IdEnrollment, Password, Salt) 
                VALUES (@IndexNumber, @FirstName, @LastName, @BirthDate, @IdEnrollment, @Password, @Salt)";
            command.Parameters.AddWithValue("IndexNumber", enrollmentStudentRequest.Index);
            command.Parameters.AddWithValue("FirstName", enrollmentStudentRequest.FirstName);
            command.Parameters.AddWithValue("LastName", enrollmentStudentRequest.LastName);
            command.Parameters.AddWithValue("BirthDate", enrollmentStudentRequest.BirthDate);
            command.Parameters.AddWithValue("IdEnrollment", enrollmentResponse.IdEnrollment);
            command.Parameters.AddWithValue("Password",
                                            PasswordUtils.CreateSaltedPasswordHash(enrollmentStudentRequest.Password, salt));
            command.Parameters.AddWithValue("Salt", salt);
            command.ExecuteNonQuery();

            transaction.Commit();
            return(enrollmentResponse);
        }