public HttpResponseMessage DeleteUser([FromBody] AdminUserDTO adminUserDTO)
{
var response = new HttpResponseMessage();
if (adminUserDTO.jwt == null)
{
response.Content = new StringContent("JWT is null.");
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
using (var db = new DataBaseContext())
{
try
{
TokenManager tokenManager = new TokenManager(db);
//Validate Token
string newJWT = tokenManager.ValidateToken(adminUserDTO.jwt);
//if jwt not valid redirect to SSO login
if (newJWT == null)
{
response = Request.CreateResponse(HttpStatusCode.Moved);
response.Content = new StringContent("https://kfc-sso.com/#/login");
return(response);
}
AuthorizationManager authManager = new AuthorizationManager(db);
//authorize action
if (!authManager.AuthorizeUserToUser(adminUserDTO.jwt, new Guid(adminUserDTO.userID), Actions.DELETEUSER))
{
response.Content = new StringContent("Unauthorized to add user.");
response.StatusCode = HttpStatusCode.Unauthorized;
return(response);
}
//delete user from db
UserManager userManager = new UserManager(db);
userManager.DeleteUser(new Guid(adminUserDTO.userID));
//return response
response.Content = new StringContent(newJWT);
response.StatusCode = HttpStatusCode.OK;
return(response);
}
catch (UserDoesNotExistException e)
{
response.Content = new StringContent(e.Message);
response.StatusCode = HttpStatusCode.OK;
return(response);
}
catch (Exception e)
{
response.Content = new StringContent(e.Message);
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
}
}
public HttpResponseMessage AddUser([FromBody] AdminUserDTO adminUserDTO)
{
var response = new HttpResponseMessage();
if (adminUserDTO.jwt == null)
{
response.Content = new StringContent("JWT is null.");
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
using (var db = new DataBaseContext())
{
try
{
TokenManager tokenManager = new TokenManager(db);
//Validate Token
string newJWT = tokenManager.ValidateToken(adminUserDTO.jwt);
//if jwt not valid redirect to SSO login
if (newJWT == null)
{
response = Request.CreateResponse(HttpStatusCode.Moved);
response.Content = new StringContent("https://kfc-sso.com/#/login");
return(response);
}
AuthorizationManager authManager = new AuthorizationManager(db);
//authorize action
if (!authManager.AuthorizeUserToUser(adminUserDTO.jwt, new Guid(adminUserDTO.userID), Actions.ADDUSER))
{
response.Content = new StringContent("Unauthorized to add user.");
response.StatusCode = HttpStatusCode.Unauthorized;
return(response);
}
//create user
User user = new User()
{
userEmail = adminUserDTO.userEmail,
height = adminUserDTO.height,
accountType = adminUserDTO.accountType,
parentID = new Guid(adminUserDTO.parentID),
clientID = new Guid(adminUserDTO.clientID)
};
//Add user to database
UserManager userManager = new UserManager(db);
userManager.AddUser(user);
//create response
response.Content = new StringContent(newJWT);
response.StatusCode = HttpStatusCode.OK;
return(response);
}
catch (Exception e)
{
response.Content = new StringContent(e.Message);
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
}
}
public HttpResponseMessage GetUser(string strID)
{
var jwt = Request.Headers.GetValues("token").FirstOrDefault();
var response = new HttpResponseMessage();
if (jwt == null)
{
response.Content = new StringContent("JWT is null.");
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
Guid userID;
//check id is correct format
try
{
userID = Guid.Parse(strID);
}
catch (Exception)
{
response.Content = new StringContent("Invalid Guid format");
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
using (var db = new DataBaseContext())
{
try
{
TokenManager tokenManager = new TokenManager(db);
//Validate Token
string newJWT = tokenManager.ValidateToken(jwt);
//if jwt not valid redirect to SSO login
if (newJWT == null)
{
response = Request.CreateResponse(HttpStatusCode.Moved);
response.Content = new StringContent("https://kfc-sso.com/#/login");
return(response);
}
AuthorizationManager authManager = new AuthorizationManager(db);
//authorize action
if (!authManager.AuthorizeUserToUser(jwt, userID, Actions.GETUSER))
{
response.Content = new StringContent("Unauthorized to add user.");
response.StatusCode = HttpStatusCode.Unauthorized;
return(response);
}
//GetUser
UserManager userManager = new UserManager(db);
User user = userManager.GetUser(userID);
//Make UserDTO
UserDTO userDTO = new UserDTO()
{
user = user,
jwt = newJWT
};
response.StatusCode = HttpStatusCode.OK;
response.Content = new StringContent(JsonConvert.SerializeObject(userDTO),
System.Text.Encoding.UTF8, "application/json");
return(response);
}catch (Exception e)
{
response.Content = new StringContent(e.Message);
response.StatusCode = HttpStatusCode.Conflict;
return(response);
}
}
}
