public async static Task <Models.Auth> GetUserById(int id)
{
using (SqlConnection connection = new SqlConnection(SQL_CONNECTION_STRING))
{
await connection.OpenAsync();
using (SqlCommand command = new SqlCommand(null, connection))
{
command.CommandText = "SELECT * FROM userAccounts WHERE id = @id";
command.Parameters.AddWithValue("@id", id);
//command.Parameters.AddWithValue("@clicked", clicked+1); Should Update
using (SqlDataAdapter Adapter = new SqlDataAdapter(command))
{
DataTable table = new DataTable();
Adapter.Fill(table);
foreach (DataRow row in table.Rows)
{ //Vyberame data z Table, vytvarame Objekty a populujeme ich informaciami
string userEmail = row["userEmail"].ToString();
int PermissionLevel = int.Parse(row["userPermission"].ToString());
Models.Auth authObj = new Models.Auth(id, userEmail, PermissionLevel);
return(authObj);
}
}
}
return(null);
}
}
public async Task <IActionResult> AddUser(Models.Auth newUser)
{
if (!User.Identity.IsAuthenticated)
{
return(View("Login"));
}
if (!hasPermission(PermissionLevels.AddUsersPermission))
{
ViewBag.CanNotAdd = true;
return(View("AddUserAdmin"));
}
ViewBag.Duple = await Database.GetUserByEmail(newUser.Name);
if (ViewBag.Duple == null)
{
ViewBag.NewUser = newUser;
await Database.InsertUser(newUser);
if (ModelState.IsValid)
{
ModelState.Clear();
}
}
return(View("AddUserAdmin"));
}
public async static Task <Models.Auth> VerifyAdminCredentials(Models.Auth login) //funkcia na porovanie hesla v databaze a zadaneho hesla
{
using (SqlConnection conn = new SqlConnection(SQL_CONNECTION_STRING))
{
string queryString = $"SELECT userPassword, userPermission FROM userAccounts WHERE userEmail = @user";
using (SqlCommand command = new SqlCommand(queryString, conn))
{
command.Parameters.AddWithValue("@user", login.Name);
await conn.OpenAsync();
using (SqlDataReader reader = await command.ExecuteReaderAsync())
{
if (await reader.ReadAsync())
{
if (reader.GetString(0) != ComputeSha256Hash(login.Pass))
{
return(null);
}
login.Pass = "";
login.PermissionLevel = reader.GetInt32(1);
return(login);
}
}
}
return(null);
}
}
public async static Task <List <Models.Auth> > GetAllUsers()
{
List <Models.Auth> AuthList = new List <Models.Auth>(); //List na vsetky rows
using (SqlConnection conn = new SqlConnection(SQL_CONNECTION_STRING))
{
string queryString = "SELECT * FROM userAccounts";
await conn.OpenAsync();
using (SqlCommand getAll = new SqlCommand(queryString, conn))
{
using (SqlDataAdapter Adapter = new SqlDataAdapter(getAll))
{
DataTable table = new DataTable();
Adapter.Fill(table);
foreach (DataRow row in table.Rows)
{ //Vyberame data z Table, vytvarame Objekty a populujeme ich informaciami
int id = int.Parse(row["id"].ToString());
int PermissionLevel = int.Parse(row["userPermission"].ToString());
string userEmail = row["userEmail"].ToString();
Models.Auth authObj = new Models.Auth(id, userEmail, PermissionLevel);
AuthList.Add(authObj); //Pridavame do Listu
}
}
}
return(AuthList);
}
}
public ActionResult LogoutDo()
{
var model = new Models.Auth();
model.Logout();
return(RedirectToAction("Login"));
}
public async Task <IActionResult> EditSelectedUser(int id)
{
if (!User.Identity.IsAuthenticated)
{
return(View("Login"));
}
if (!hasPermission(PermissionLevels.EditUsersPermission))
{
ViewBag.CanNotedit = true;
return(View("UserAdmin"));
}
Models.Auth auth = await Database.GetUserById(id);
if (!LocalDatabase.EditSelectedUser.ContainsKey(User.Identity.Name))
{
LocalDatabase.EditSelectedUser.Add(User.Identity.Name, auth);
}
else
{
LocalDatabase.EditSelectedUser[User.Identity.Name] = auth;
}
return(View("UserAdmin"));
}
protected string Authorize(string address, string login, string pass)
{
var data = new Models.Auth {
Login = login, Pass = pass
};
var response = PostRequest($"{address}/auth", data);
string token = response.Content.ReadAsStringAsync().Result;
return(token);
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
auth = new Models.Auth();
auth.CheckUser();
if (auth.is_auth)
{
base.OnActionExecuting(filterContext);
}
else
{
filterContext.Result = RedirectToAction("Login", "Account");
}
ViewBag.auth = auth;
}
public ActionResult LoginDo()
{
var form = new { username = "", password = "" };
form = Dtl.json_to_object(Dtl.json_request(), form);
var error = "";
var model = new Models.Auth();
model.Login(form.username, form.password, ref error);
var rtn = new
{
success = String.IsNullOrEmpty(error),
error
};
return(Content(Dtl.json_stringify(rtn), "application/json"));
}
public async static Task <bool> EditUser(Models.Auth user)
{
using (SqlConnection conn = new SqlConnection(SQL_CONNECTION_STRING))
{ //Možno by bolo dobré implementovať kontrolu toho či sa LoggedInUser = createdBy a ak nie, tak nepovoliť edit?
string queryString = "UPDATE userAccounts";
queryString += " SET userEmail = @userEmail, userPermission = @userPermission WHERE id = @id";
await conn.OpenAsync();
using (SqlCommand edit = new SqlCommand(queryString, conn))
{
edit.Parameters.AddWithValue("@userEmail", user.Name);
edit.Parameters.AddWithValue("@userPermission", user.PermissionLevel);
edit.Parameters.AddWithValue("@id", user.id);
await edit.ExecuteNonQueryAsync();
}
}
return(true);
}
public async static Task InsertUser(Models.Auth auth)
{
using (SqlConnection conn = new SqlConnection(SQL_CONNECTION_STRING))
{
//Toto by malo vložiť long_link a short_link, tieto názvy stĺpcov som používal podľa predošlích funkcii.
string queryString = "INSERT INTO userAccounts (userEmail, userPassword, userPermission)";
queryString += " VALUES(@userEmail, @userPassword, @userPermission)";
await conn.OpenAsync();
using (SqlCommand insert = new SqlCommand(queryString, conn))
{
insert.Parameters.AddWithValue("@userEmail", auth.Name);
insert.Parameters.AddWithValue("@userPassword", ComputeSha256Hash(auth.Pass));
insert.Parameters.AddWithValue("@userPermission", auth.PermissionLevel);
await insert.ExecuteNonQueryAsync();
await conn.CloseAsync();
}
}
}
public string GetUser()
{
string uname = "Guest";
// Получение cookie, пришедшего с запросом
HttpCookie c = HttpContext.Request.Cookies["auth"];
if (c != null)
{
// Поиск по токену имени пользователя
Models.Auth auth = ndb.Authes.FirstOrDefault(au => au.Token == c.Value);
if (auth != null)
{
Models.User user = ndb.Users.FirstOrDefault(u => u.Username == auth.Username);
if (user != null)
{
uname = user.Username;
}
}
// Обновить cookie
Response.SetCookie(c);
} // Возвращение имени пользователя или статуса "Guest", если такой не обнаружен.
return(uname);
}
public async Task <IActionResult> Login(Models.Auth auth) //Script for Login
{
auth = await Database.VerifyAdminCredentials(auth);
if (auth != null)
{
var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme, ClaimTypes.Name, ClaimTypes.Role);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, auth.Name));
identity.AddClaim(new Claim(ClaimTypes.Name, auth.Name));
identity.AddClaim(new Claim("Permission", auth.PermissionLevel + ""));
var principal = new ClaimsPrincipal(identity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, new AuthenticationProperties { IsPersistent = false });
if (!LocalDatabase.ShowAllLinks.ContainsKey(auth.Name))
{
LocalDatabase.ShowAllLinks.Add(auth.Name, false);
}
return(View("ReRoute"));
} //Redirects to AdminPanel if returns True
ViewBag.Passed = false; //Should Update Admin login with 'Incorrect Credentials'
return(View("Login")); //Redirection to the same page if AdminLog.CheckCred(auth) returns False
}
public AuthController(UserManager <User> userManager,
SignInManager <User> signInManager)
{
this._auth = new Auth(userManager, signInManager);
}
public Home(Models.Auth auth)
{
this.auth = auth;
}
public MemberGroup(Models.Auth auth)
{
this.auth = auth;
}
// GET: Home
public ActionResult Index(Models.Auth auth)
{
this.auth = auth;
return(View());
}
public Contact(Models.Auth auth)
{
this.auth = auth;
}
public Project(Models.Auth auth)
{
this.auth = auth;
}
public Calendar(Models.Auth auth)
{
this.auth = auth;
}
public Community(Models.Auth auth)
{
this.auth = auth;
}
