// Returns admin status
public bool CheckIsUserisAdmin(int UserID)
{
string queryString = "SELECT IsAdmin FROM Users WHERE UserID=@UserID";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@UserID", UserID));
bool isAdmin = false;
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
isAdmin = reader.GetBoolean(0);
}
}
connection.Close();
return(isAdmin);
}
// Returns users data
public Auth_UserModel GetUsersData(int userID)
{
string queryString = "SELECT * FROM Users WHERE UserID=@UserID";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@UserID", userID));
Auth_UserModel user = new Auth_UserModel();
using (MySqlDataReader reader = cmd.ExecuteReader())
{
if (reader.Read())
{
user.userID = int.Parse(RemoveSpacesInString(reader[0].ToString()));
user.username = RemoveSpacesInString(reader[1].ToString());
user.firstname = RemoveSpacesInString(reader[2].ToString());
user.lastname = RemoveSpacesInString(reader[3].ToString());
user.email = RemoveSpacesInString(reader[4].ToString());
user.password = RemoveSpacesInString(reader[5].ToString());
user.googleSubjectID = RemoveSpacesInString(reader[6].ToString());
user.isAdmin = Convert.ToBoolean(Convert.ToInt16(RemoveSpacesInString(reader[7].ToString())));
user.profileImageUrl = RemoveSpacesInString(reader[8].ToString());
}
}
connection.Close();
return(user);
}
// Returns the user id if password is correct else return -1
public int CheckIfPasswordIsCorrect(string emailOrUsername, string password)
{
string queryString = "SELECT UserID FROM Users WHERE Email=@Email OR Username=@Username AND Password=@Password";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@Username", emailOrUsername));
cmd.Parameters.Add(new MySqlParameter("@Email", emailOrUsername));
cmd.Parameters.Add(new MySqlParameter("@Password", password));
int userID = -1;
using (MySqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
userID = reader.GetInt32(0);
}
}
connection.Close();
return(userID);
}
// Return true if account is linked, add more values to add more linked options.
public Tuple <bool, string> IsAccountLinkedToAlternativeAuth(int userID)
{
string queryString = "SELECT GoogleSubjectID FROM Users WHERE UserID=@UserID";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@UserID", userID));
string value = null;
using (MySqlDataReader reader = cmd.ExecuteReader())
{
if (reader.Read())
{
value = RemoveSpacesInString(reader[0].ToString());
}
}
connection.Close();
if (string.IsNullOrWhiteSpace(value) || string.IsNullOrEmpty(value))
{
return(Tuple.Create(false, "None"));
}
else
{
return(Tuple.Create(true, value));
}
}
// Creates a new user and return UserID
public int CreateNewUser(Auth_UserModel user)
{
string queryString = "INSERT INTO Users (Username, Email, FirstName, LastName, Password, GoogleSubjectID, IsAdmin) VALUES (@Username, @Email, @FirstName, @LastName, @Password, @GoogleSubjectID, @IsAdmin)";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@Username", user.username));
cmd.Parameters.Add(new MySqlParameter("@Email", user.email));
cmd.Parameters.Add(new MySqlParameter("@FirstName", user.firstname));
cmd.Parameters.Add(new MySqlParameter("@LastName", user.lastname));
cmd.Parameters.Add(new MySqlParameter("@Password", user.password));
cmd.Parameters.Add(new MySqlParameter("@GoogleSubjectID", user.googleSubjectID));
cmd.Parameters.Add(new MySqlParameter("@IsAdmin", false));
cmd.ExecuteScalar();
connection.Close();
return(CheckIfPasswordIsCorrect(user.email, user.password)); // <- returns userID
}
private void SetProfilePicture(string httpHost)
{
if (string.IsNullOrEmpty(profileImageUrl) || string.IsNullOrWhiteSpace(profileImageUrl))
{
profileImageUrl = ConfigContex.GetDefaultProfilePictureUrl();
}
}
public async Task <Tuple <bool, string> > UploadUserProfilePictureAsync(IWebHostEnvironment env, IFormFile imagefile, int userID)
{
if (imagefile == null || imagefile.Length < 0 || imagefile.Length > ConfigContex.GetProfileImageMaxSizeInBytes())
{
return(Tuple.Create(false, "File is to large or none existing"));
}
//store old image url, if it exist
string oldImageUrl = GetUsersData(userID).profileImageUrl;
// Start image upload
// Create Directory
if (!Directory.Exists(env.WebRootPath))
{
Console.WriteLine("wwwRoot does not exist");
}
// Create file uniq name
var fileName = ImageProcessing.GenerateUniqFileNameFromOldName(imagefile.FileName);
string wwrootPath = env.WebRootPath;
wwrootPath = wwrootPath + "/";
string fullPath = wwrootPath + fileName;
try
{
// Upload file to local storage (wwwroot)
using (var fileStream = Image.FromStream(imagefile.OpenReadStream()))
{
// Copy image, resize it, make new image
int newSize = ConfigContex.GetProfileImagePixelSize(); // Get size from appsettings
Bitmap resultImage = ImageProcessing.Resize(fileStream, newSize, newSize);
resultImage.Save(fullPath);
}
// Upload file to dropbox, then get shared link
string sharedUrl = await DropboxApi.Upload(fullPath, fileName, true);
// Upload url to database
AddProfilePictureByUrl(sharedUrl, userID);
// Delete local stored image
File.Delete(fullPath);
// Succes
DeleteProfilePictureFromCloud(oldImageUrl);
return(Tuple.Create(true, "Profile image successfully created."));
}
catch (Exception e)
{
Console.WriteLine(e);
return(Tuple.Create(false, "Error in uploading file, check if its the correct extenstion (PNG, JPG)."));
}
}
public void DeleteAccount(int userID)
{
string queryString = "DELETE FROM Users WHERE UserID=@UserID";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@UserID", userID));
cmd.ExecuteScalar();
connection.Close();
}
public static async Task <string> Upload(string localFile, string saveFileAs, bool makePublic)
{
using var dbx = new DropboxClient(ConfigContex.GetDropboxApiKey());
using var mem = new MemoryStream(File.ReadAllBytes(localFile));
var updated = await dbx.Files.UploadAsync("/" + saveFileAs, WriteMode.Overwrite.Instance, body : mem);
// returns a shared link if its public
if (makePublic)
{
return(await GetSharingLink(saveFileAs));
}
else
{
return(null);
}
}
public void UploadProfileImageUrlToDB(string url, int userID)
{
string queryString = "UPDATE Users SET ProfileImageUrl=@ProfileImageUrl WHERE UserID=@UserID";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@ProfileImageUrl", url));
cmd.Parameters.Add(new MySqlParameter("@UserID", userID));
cmd.ExecuteScalar();
connection.Close();
}
// Changes pasword of user
public void ChangePassword(int userID, string password)
{
string queryString = "UPDATE Users SET Password=@Password WHERE UserID=@UserID";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@Password", password));
cmd.Parameters.Add(new MySqlParameter("@UserID", userID));
cmd.ExecuteReader();
connection.Close();
}
// Return true if email exist
public bool DoesEmailExist(string email)
{
string queryString = "SELECT Email FROM Users WHERE Email=@Email";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@Email", email));
MySqlDataReader reader = cmd.ExecuteReader();
bool returnParam = reader.HasRows;
connection.Close();
return(returnParam);
}
// Return true if username exist
public bool DoesUsernameExist(string username)
{
string queryString = "SELECT Username FROM Users WHERE Username=@Username";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@Username", username));
MySqlDataReader reader = cmd.ExecuteReader();
bool returnParam = reader.HasRows;
connection.Close();
return(returnParam);
}
private static async Task <string> GetSharingLink(string savedDropboxFile)
{
using var dbx = new DropboxClient(ConfigContex.GetDropboxApiKey());
savedDropboxFile = "/" + savedDropboxFile;
try
{
var sharingLink = await dbx.Sharing.CreateSharedLinkWithSettingsAsync(new CreateSharedLinkWithSettingsArg(savedDropboxFile));
// Dropbox return in the end of its link id=0, to get a raw image we need to change it to raw=1.
string rawSharingLink = sharingLink.Url;
rawSharingLink = rawSharingLink.Remove(rawSharingLink.Length - 4);
rawSharingLink = rawSharingLink + "raw=1";
return(rawSharingLink);
}
catch
{
return(null);
}
}
// Update User information
public void EditUser(Auth_UserModel user)
{
string queryString = "UPDATE Users SET Username=@Username, Email=@Email, Firstname=@Firstname, Lastname=@Lastname, Password=@Password WHERE UserID=@UserID";
MySqlConnection connection = new MySqlConnection(ConfigContex.GetConnectionString());
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = connection;
cmd.CommandText = queryString;
connection.Open();
cmd.Parameters.Add(new MySqlParameter("@UserID", user.userID));
cmd.Parameters.Add(new MySqlParameter("@Username", user.username));
cmd.Parameters.Add(new MySqlParameter("@Email", user.email));
cmd.Parameters.Add(new MySqlParameter("@Firstname", user.firstname));
cmd.Parameters.Add(new MySqlParameter("@Lastname", user.lastname));
cmd.Parameters.Add(new MySqlParameter("@Password", user.password));
cmd.ExecuteScalar();
connection.Close();
}
public static async Task DeleteFromDropbox(string dropboxSharedLink)
{
try
{
string[] pathRoutes = dropboxSharedLink.Split("/");
dropboxSharedLink = pathRoutes[pathRoutes.Length - 1];
dropboxSharedLink = dropboxSharedLink.Remove(dropboxSharedLink.Length - 6);
if (pathRoutes[2] != "www.dropbox.com")
{
return;
}
using var dbx = new DropboxClient(ConfigContex.GetDropboxApiKey());
DeleteArg deleteArg = new DeleteArg("/" + dropboxSharedLink);
await dbx.Files.DeleteV2Async(deleteArg);
}
catch (Exception)
{
throw;
}
}
// On class creation
public AuthController(IWebHostEnvironment environment)
{
_env = environment;
_DisableSignup = ConfigContex.UserRegisteringDsabled(); // <- check if we allow users to be able to signup. refers to appsetings.json
}
