public HttpResponseMessage PasswordReset2(UserAuthenticationRequest request)
{
dynamic data = new ExpandoObject();
using (GetEmployerConnString gecs = new GetEmployerConnString(Request.EmployerID())) {
using (GetUserContentPreference gucp = new GetUserContentPreference()) {
gucp.CCHID = Request.CCHID();
gucp.GetData(gecs.ConnString);
data.ContactPhoneNumber = gucp.ContactPhoneNumber;
}
}
string userName = Request.UserName();
MembershipUser mu = Membership.GetUser(userName);
if (mu == null)
{
data.Fail = true;
data.ErrorMessage = "Unexpected Error locating User Membership";
}
else
{
if (string.IsNullOrEmpty(request.SecretAnswer))
{
data.Fail = true;
data.ErrorMessage = "Missing Password Security Secret Answer";
}
else
{
try {
// Reset the password using the secret answer; the new password is a system-generated one
string newPwd = mu.ResetPassword(request.SecretAnswer);
// Use the system-generated password to change to the new user-provided password
if (mu.ChangePassword(newPwd, request.NewPassword))
{
mu.Comment = string.Empty;
Membership.UpdateUser(mu);
data.Success = true;
}
else
{
data.Fail = true;
data.ErrorMessage = "Wrong Password Security Secret Answer";
}
}
catch (Exception exc) {
data.Fail = true;
data.ErrorMessage = exc.Message;
}
}
}
HttpResponseMessage hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);
return(hrm);
}
public HttpResponseMessage PasswordReset1(UserAuthenticationRequest request)
{
var e = new CCHEncrypt();
dynamic data = new ExpandoObject();
using (GetEmployerConnString gecs = new GetEmployerConnString(Request.EmployerID())) {
using (GetUserContentPreference gucp = new GetUserContentPreference()) {
gucp.CCHID = Request.CCHID();
gucp.GetData(gecs.ConnString);
data.ContactPhoneNumber = gucp.ContactPhoneNumber;
}
using (GetEmployeeByCchIdForCallCenter gebcfcc = new GetEmployeeByCchIdForCallCenter()) {
gebcfcc.CchId = Request.CCHID();
gebcfcc.GetData(gecs.ConnString);
if (request.UserName == gebcfcc.Email &&
request.LastFourSsn == gebcfcc.MemberSsn)
{
data.Success = true;
e.UserKey = Request.EncryptionKey();
e.SecretKey = Properties.Settings.Default.SecretKey;
e.Add("EmployerID", Request.EmployerID().ToString());
e.Add("UserID", Request.UserID());
e.Add("UserName", request.UserName);
e.Add("CCHID", Request.CCHID().ToString());
string authHash = e.ToString();
//data.AuthHash = authHash;
}
else
{
data.Fail = true;
data.ErrorMessage = "Email or SSN does Not Match";
}
}
}
HttpResponseMessage hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);
return(hrm);
}
public HttpResponseMessage UserPreferences()
{
HttpResponseMessage hrm = Request.CreateResponse(HttpStatusCode.NoContent);
dynamic data = new ExpandoObject();
using (GetEmployerConnString gecs = new GetEmployerConnString(Request.EmployerID()))
{
using (GetUserContentPreference gucp = new GetUserContentPreference())
{
gucp.CCHID = Request.CCHID();
gucp.GetData(gecs.ConnString);
data.SmsInd = gucp.SmsInd;
data.EmailInd = gucp.EmailInd;
data.OsBasedAlertInd = gucp.OsBasedAlertInd;
data.LocaleCode = gucp.LocaleCode;
hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);
}
}
return(hrm);
}
public HttpResponseMessage Register2(String hsId, [FromBody] UserAuthenticationRequest hsRequest)
{
dynamic eo = new ExpandoObject();
HttpResponseMessage hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
new Exception("Client Handshake is Not Authorized"));
var e = new CCHEncrypt();
if (ValidateConsumer.IsValidConsumer(hsId))
{
hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("User was Not Found"));
using (GetEmployerConnString gecs = new GetEmployerConnString(Request.EmployerID())) {
const string employeeQuery =
"SELECT CONVERT(varchar(10), DateOfBirth, 111) AS DateOfBirthText, * FROM Enrollments WHERE CCHID = @CchId";
using (var employeeDb = new DataBase(employeeQuery, true)) {
employeeDb.AddParameter("CchId", Request.CCHID());
employeeDb.GetData(gecs.ConnString);
if (employeeDb.Tables.Count > 0 && employeeDb.Tables[0].Rows.Count > 0)
{
hsRequest.FirstName = employeeDb.Tables[0].Rows[0].GetData("FirstName");
hsRequest.LastName = employeeDb.Tables[0].Rows[0].GetData("LastName");
hsRequest.LastName = hsRequest.LastName.Replace("_", " ");
hsRequest.DateOfBirth = employeeDb.Tables[0].Rows[0].GetData("DateOfBirthText");
hsRequest.LastFourSsn = employeeDb.Tables[0].Rows[0].GetData("MemberSsn");
hsRequest.MedicalId = employeeDb.Tables[0].Rows[0].GetData("MemberMedicalId");
string fullName = string.Format("{0} {1}", hsRequest.FirstName, hsRequest.LastName);
string mobilePhone = hsRequest.MobilePhone;
string alternatePhone = hsRequest.Phone;
eo.UserName = hsRequest.UserName;
eo.DisplayName = fullName;
eo.MobilePhone = mobilePhone;
eo.AlternatePhone = alternatePhone;
using (GetUserContentPreference gucp = new GetUserContentPreference()) {
gucp.CCHID = Request.CCHID();
gucp.GetData(gecs.ConnString);
eo.SmsInd = gucp.SmsInd;
eo.EmailInd = gucp.EmailInd;
eo.OsBasedAlertInd = gucp.OsBasedAlertInd;
eo.LocaleCode = gucp.LocaleCode;
eo.PreferredContact = gucp.ContactPhoneNumber;
}
MembershipCreateStatus status;
if (CreateNewMemberAccount(email: hsRequest.UserName, firstName: hsRequest.FirstName,
lastName: hsRequest.LastName, phone: hsRequest.Phone,
secretQuestionId: hsRequest.SecretQuestionId, secretAnswer: hsRequest.SecretAnswer,
password: hsRequest.Password, mobilePhone: hsRequest.MobilePhone,
cchid: Request.CCHID(), employerId: Request.EmployerID(),
cnxString: gecs.ConnString, status: out status))
{
var membershipUser = Membership.GetUser(hsRequest.UserName);
if (membershipUser != null)
{
if (membershipUser.ProviderUserKey != null)
{
eo.Question = membershipUser.PasswordQuestion;
string aspUserId = membershipUser.ProviderUserKey.ToString();
e.UserKey = Request.EncryptionKey();
e.SecretKey = Properties.Settings.Default.SecretKey;
e.Add("UserID", aspUserId);
e.Add("CCHID", Request.CCHID().ToString());
e.Add("EmployerID", Request.EmployerID().ToString());
e.Add("UserName", hsRequest.UserName);
//((IDictionary<string, object>) eo)["AuthHash"] = e.ToString();
//hrm = Request.CreateResponse(HttpStatusCode.OK, (eo as ExpandoObject));
eo.AuthHash = e.ToString();
hrm = Request.CreateResponse(HttpStatusCode.OK, (object)eo);
//InsertAuditTrail(Request.CCHID(), aspUserId,
// "Animation Register", Request.RequestUri.Host, gecs.ConnString);
LogUserLoginHistory(hsRequest.UserName, Request.CCHID(), gecs.ConnString);
}
}
}
else
{
switch (status)
{
case MembershipCreateStatus.DuplicateUserName:
hrm = Request.CreateErrorResponse(HttpStatusCode.Conflict,
new Exception("Member Account already exists"));
break;
default:
hrm = Request.CreateErrorResponse(HttpStatusCode.InternalServerError,
new Exception("Error in creating new Member Account"));
break;
}
}
}
}
}
}
return(hrm);
}
public HttpResponseMessage PasswordReset0(UserAuthenticationRequest request)
{
var e = new CCHEncrypt();
dynamic data = new ExpandoObject();
using (GetUserProfileByEmail gupbe = new GetUserProfileByEmail()) {
gupbe.Email = request.UserName;
gupbe.GetFrontEndData();
int employerId = Convert.ToInt32(gupbe.EmployerId);
using (GetEmployerConnString gecs = new GetEmployerConnString(employerId)) {
using (GetKeyEmployeeInfo gkei = new GetKeyEmployeeInfo()) {
gkei.Email = request.UserName;
gkei.GetData(gecs.ConnString);
if (gkei.Tables.Count > 0 && gkei.Tables[0].Rows.Count > 0)
{
int cchId = gkei.Tables[0].Rows[0].GetData <int>("CCHID");
using (GetUserContentPreference gucp = new GetUserContentPreference()) {
gucp.CCHID = cchId;
gucp.GetData(gecs.ConnString);
data.ContactPhoneNumber = gucp.ContactPhoneNumber;
}
using (GetEmployeeByCchIdForCallCenter gebcfcc = new GetEmployeeByCchIdForCallCenter()) {
gebcfcc.CchId = cchId;
gebcfcc.GetData(gecs.ConnString);
if (request.UserName.ToLower() == gebcfcc.Email.ToLower() &&
request.FullSsn.Trim() == gebcfcc.MemberFullSsn)
{
var membershipUser = Membership.GetUser(request.UserName);
if (membershipUser != null)
{
if (membershipUser.ProviderUserKey != null)
{
e.UserKey = Request.EncryptionKey();
e.SecretKey = Properties.Settings.Default.SecretKey;
e.Add("UserName", request.UserName);
e.Add("CCHID", gkei.CCHID.ToString());
e.Add("EmployerID", employerId.ToString());
string aspUserId = membershipUser.ProviderUserKey.ToString();
e.Add("UserID", aspUserId);
data.AuthHash = e.ToString();
data.Question = membershipUser.PasswordQuestion;
data.Success = true;
}
else
{
data.Fail = true;
data.ErrorMessage = "Provider User Key does Not Exist";
}
}
else
{
data.Fail = true;
data.ErrorMessage = "Member Account does Not Exist";
}
}
else
{
data.Fail = true;
data.ErrorMessage = "Email or SSN does Not Match";
}
}
}
else
{
data.Fail = true;
data.ErrorMessage = "Key Employee Info is Missing";
}
}
}
}
HttpResponseMessage hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);
return(hrm);
}
public HttpResponseMessage Login(String hsId, [FromBody] UserAuthenticationRequest hsRequest)
{
var hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("Client Handshake is Not Authorized"));
var e = new CCHEncrypt();
dynamic data = new ExpandoObject();
if (!ValidateConsumer.IsValidConsumer(hsId))
{
LogUtil.Log(string.Format("Login failed. Inavlid Handshake Id {0}", hsId), LogLevel.Info);
return(hrm);
}
hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("User Name and Password Do Not Match"));
if (!Membership.ValidateUser(hsRequest.UserName, hsRequest.Password))
{
// This can also happen if the account is locked. Check to see if it is locked
// and return an appropriate error message.
if (IsUserLocked(hsRequest.UserName))
{
LogUtil.Log(string.Format("Login failed for user {0}. Account is locked.",
hsRequest.UserName), LogLevel.Info);
hrm = Request.CreateErrorResponse(HttpStatusCode.Forbidden, new Exception("Account locked"));
}
else
{
LogUtil.Log(string.Format("Login failed for user {0}. Credentials failed membership validation.",
hsRequest.UserName), LogLevel.Info);
}
return(hrm);
}
using (var employerDb = new DataBase(EMPLOYER_QUERY, true)) {
employerDb.AddParameter("Email", hsRequest.UserName);
employerDb.GetFrontEndData();
hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
new Exception("User Profile was Not Found"));
if (employerDb.Tables.Count < 1 || employerDb.Tables[0].Rows.Count < 1)
{
LogUtil.Log(string.Format("Login failed for user {0}. User Profile was not found.",
hsRequest.UserName), LogLevel.Info);
return(hrm);
}
e.Add("EmployerID", employerDb.Tables[0].Rows[0].GetData("employerId"));
using (var gkei = new GetKeyEmployeeInfo()) {
gkei.Email = hsRequest.UserName;
string cnxString = employerDb.Tables[0].Rows[0].GetData("connectionString");
gkei.GetData(cnxString);
hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
new Exception("Employee Info on User Name was Not Found"));
if (gkei.Tables.Count < 1 || gkei.Tables[0].Rows.Count < 1)
{
LogUtil.Log(string.Format("Login failed for user {0}. Employee Info was not found.",
hsRequest.UserName), LogLevel.Info);
return(hrm);
}
//UserAccess Check dstrickland 7/7/2015
using (var cpaa = new CheckPersonApplicationAccess(gkei.CCHID, cnxString)) {
if (!cpaa.HasAccess)
{
LogUtil.Log(string.Format("Login failed for user {0}. User does not have acces to AppId 2.",
hsRequest.UserName), LogLevel.Info);
return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
new Exception(cpaa.ErrorMessage)));
}
}
var firstName = gkei.Tables[0].Rows[0].GetData("FirstName");
var lastName = gkei.Tables[0].Rows[0].GetData("LastName");
var fullName = string.Format("{0} {1}", firstName, lastName);
var mobilePhone = gkei.Tables[0].Rows[0].GetData("MobilePhone");
var alternatePhone = gkei.Tables[0].Rows[0].GetData("Phone");
using (var gucp = new GetUserContentPreference()) {
gucp.CCHID = gkei.CCHID;
gucp.GetData(cnxString);
data.SmsInd = gucp.SmsInd;
data.EmailInd = gucp.EmailInd;
data.OsBasedAlertInd = gucp.OsBasedAlertInd;
data.LocaleCode = gucp.LocaleCode;
data.PreferredContact = gucp.ContactPhoneNumber;
hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);
}
var membershipUser = Membership.GetUser(hsRequest.UserName);
if (membershipUser != null && membershipUser.ProviderUserKey != null)
{
e.UserKey = Request.EncryptionKey();
e.SecretKey = Properties.Settings.Default.SecretKey;
e.Add("UserName", hsRequest.UserName);
e.Add("CCHID", gkei.CCHID.ToString());
string aspUserId = membershipUser.ProviderUserKey.ToString();
e.Add("UserID", aspUserId);
string authHash = e.ToString();
data.AuthHash = authHash;
data.UserName = hsRequest.UserName;
data.DisplayName = fullName;
data.MobilePhone = mobilePhone;
data.AlternatePhone = alternatePhone;
data.Question = membershipUser.PasswordQuestion;
hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);
LogUserLoginHistory(hsRequest.UserName, gkei.CCHID, cnxString);
//Load accumulations for all dependents
Task.Run(async() => await LoadEmployeeAndDependentsAccumulationsAsync(
Int32.Parse(employerDb.Tables[0].Rows[0].GetData("employerId")),
Int32.Parse(gkei.CCHID.ToString())));
}
}
}
return(hrm);
}
