public ResponseDTO <Boolean> AddLot(HttpRequest httprequest) { //ResponseDTO<ParkingMasterFrontendDTO> response = loginManager.SessionChecker(httpRequest["token"]); try { var token = httprequest["token"]; ResponseDTO <Session> SessionDTO = _sessionServices.GetSession(new Guid(token)); if (SessionDTO.Data != null) { AuthorizationClient authorizationClient = new AuthorizationClient(); List <ClaimDTO> functionClaims = new List <ClaimDTO>() { new ClaimDTO(new Claim("Action", "AddParkingLot")) }; var username = httprequest["username"]; ResponseDTO <Boolean> authCheck = authorizationClient.Authorize(username, functionClaims); if (authCheck.Data == true) { //String[] arr = httprequest.Form.AllKeys; var ownerid = SessionDTO.Data.UserAccount.Id; var lotname = httprequest["lotname"]; var address = httprequest["address"]; var cost = Double.Parse(httprequest["cost"]); var useraccount = SessionDTO.Data.UserAccount; var spotfile = httprequest.Files["file"]; var mapfile = httprequest.Files["map"]; ResponseDTO <Boolean> response = _lotManagementService.AddLot(ownerid, lotname, address, cost, useraccount, spotfile, mapfile); _loggerService.LogAction(LogConstants.ACTION_REGISTER_LOT, SessionDTO.Data.Id.ToString(), SessionDTO.Data.SessionId.ToString()); return(response); } else { return(new ResponseDTO <Boolean>() { Data = false, Error = ErrorStrings.UNAUTHORIZED_ACTION }); } } else { return(new ResponseDTO <Boolean>() { Data = false, Error = ErrorStrings.SESSION_NOT_FOUND }); } } catch (Exception e) { return(new ResponseDTO <Boolean>() { Data = false, Error = httprequest.Form + e.ToString() }); } }
public void Authorize_InvalidInputs_ReturnFalse(string testTitle, string username, List <ClaimDTO> functionClaims) { // Arrange Boolean expected = false; Boolean actual = true; AuthorizationClient authClient = new AuthorizationClient(); // Act actual = authClient.Authorize(username, functionClaims).Data; // Assert Assert.AreEqual(expected, actual); }
public ResponseDTO <Boolean> DeleteLot(LotDeletionDTO request) { try { var token = request.Token; ResponseDTO <Session> SessionDTO = _sessionServices.GetSession(new Guid(token)); if (SessionDTO.Data != null) { AuthorizationClient authorizationClient = new AuthorizationClient(); List <ClaimDTO> functionClaims = new List <ClaimDTO>() { new ClaimDTO(new Claim("Action", "DeleteParkingLot")) }; var username = SessionDTO.Data.UserAccount.Username; ResponseDTO <Boolean> authCheck = authorizationClient.Authorize(username, functionClaims); if (authCheck.Data == true) { var lotname = request.LotName; ResponseDTO <Boolean> response = _lotManagementService.DeleteLot(new Guid(lotname)); _loggerService.LogAction(LogConstants.ACTION_DELETE_LOT, SessionDTO.Data.Id.ToString(), SessionDTO.Data.SessionId.ToString()); return(response); } else { return(new ResponseDTO <Boolean>() { Data = false, Error = ErrorStrings.UNAUTHORIZED_ACTION }); } } else { return(new ResponseDTO <Boolean>() { Data = false, Error = ErrorStrings.SESSION_EXPIRED }); } } catch (Exception e) { return(new ResponseDTO <Boolean>() { Data = false, Error = "[LOT MANAGEMENT MANAGER] Could not delete lot. " + e.ToString() }); } }
public ResponseDTO <bool> ReserveSpot(ReservationRequestDTO request) { // Check if all Guids are formatted properly Guid sessionId; try { sessionId = Guid.Parse(request.SessionId); } catch (Exception) { return(new ResponseDTO <bool>() { Data = false, Error = ErrorStrings.REQUEST_FORMAT }); } Guid spotId; try { spotId = Guid.Parse(request.SpotId); } catch (Exception) { return(new ResponseDTO <bool>() { Data = false, Error = ErrorStrings.REQUEST_FORMAT }); } ResponseDTO <Session> sessionDTO = _sessionServices.GetSession(sessionId); // If session data is null, then an error occured if (sessionDTO.Data == null) { return(new ResponseDTO <bool>() { Data = false, Error = sessionDTO.Error }); } // Check that user has permission to use this function List <ClaimDTO> requiredClaims = new List <ClaimDTO>() { new ClaimDTO("Action", "ReserveParkingSpot") }; ResponseDTO <Boolean> authResponse = _authorizationClient.Authorize(sessionDTO.Data.UserAccount.Username, requiredClaims); if (!authResponse.Data) { return(new ResponseDTO <bool>() { Data = false, Error = authResponse.Error }); } // TODO: Check if vehicle exists in data store ReservationDTO reservationDTO = new ReservationDTO() { DurationInMinutes = request.DurationInMinutes, UserId = sessionDTO.Data.UserAccount.Id, VehicleVin = request.VehicleVin, SpotId = spotId }; _loggerService.LogAction(LogConstants.ACTION_ADD_RESERVATION, sessionDTO.Data.Id.ToString(), sessionDTO.Data.SessionId.ToString()); return(_reservationServices.ReserveSpot(reservationDTO)); }
/* * public bool UpdateUser(User user) * { * try * { * _userManagementService.UpdateUser(user); * return true; * } * catch (Exception e) * { * Console.WriteLine(e.ToString()); * return false; * } * } * public IEnumerable<User> GetAllUsers() * { * return _userManagementService.GetAllUsers(); * } */ public ResponseDTO <ParkingMasterFrontendDTO> SetRole(ParkingMasterFrontendDTO request) { ResponseDTO <ParkingMasterFrontendDTO> response = new ResponseDTO <ParkingMasterFrontendDTO>(); // Check if request id is in guid format Guid sessionId; try { sessionId = new Guid(request.Token); } catch (Exception e) { response.Data = null; response.Error = ErrorStrings.SESSION_NOT_FOUND; return(response); } // Check if role is allowed if (!Roles.IsFrontendSelectableRole(request.Role)) { response.Data = null; response.Error = ErrorStrings.REQUEST_FORMAT; return(response); } // Check if session is active and get user information ResponseDTO <Session> sessionDTO = _sessionService.GetSession(sessionId); if (sessionDTO.Data == null) { response.Data = null; response.Error = ErrorStrings.SESSION_NOT_FOUND; } // Check that user has permission to use this function List <ClaimDTO> requiredClaims = new List <ClaimDTO>() { new ClaimDTO("Action", "SetRole") }; ResponseDTO <Boolean> authResponse = _authorizationClient.Authorize(sessionDTO.Data.UserAccount.Username, requiredClaims); if (!authResponse.Data) { response.Data = null; response.Error = authResponse.Error; return(response); } // Set up user information that will change UserAccountDTO userAccountChanges = new UserAccountDTO() { Id = sessionDTO.Data.UserAccount.Id, RoleType = request.Role }; // Make user changes ResponseDTO <UserAccountDTO> userAccountResponse = _userManagementService.SetRole(userAccountChanges); if (userAccountResponse.Data == null) { response.Data = null; response.Error = userAccountResponse.Error; return(response); } List <Claim> newClaims = _claimService.GetUserClaims(userAccountChanges.RoleType, userAccountResponse.Data.Username).Data; ResponseDTO <bool> editClaimsResponse; try { editClaimsResponse = _userManagementService.ResetUserClaims(userAccountChanges.Id, newClaims); } catch (Exception e) { response.Data = null; response.Error = e.ToString(); return(response); } if (!editClaimsResponse.Data) { response.Data = null; response.Error = editClaimsResponse.Error; return(response); } response.Data = new ParkingMasterFrontendDTO(); response.Data.Id = userAccountResponse.Data.Id.ToString(); response.Data.Role = userAccountResponse.Data.RoleType; response.Data.Token = sessionId.ToString(); return(response); }