public IHttpActionResult AddUserIndicesWithoutAuthorization(long id, List <string> tickers)
        {
            using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
                Models.User user = cc.Users
                                   .FirstOrDefault(u => u.UserId == id);
                if (user == null)
                {
                    return(BadRequest("user not found"));
                }
                else
                {
                    try {
                        List <Models.Index> indices = cc.Indices
                                                      .Where(i => tickers.Contains(i.Ticker))
                                                      .ToList();

                        foreach (Models.Index index in indices)
                        {
                            if (!user.Indices.Contains(index))
                            {
                                user.Indices.Add(index);
                            }
                        }

                        cc.SaveChanges();
                    } catch (Exception e) {
                        // terrible error handling
                        return(InternalServerError(e));
                    }
                }
                return(Json(JsonObjects.Jsonify(user.Indices.ToList())));
            }
        }
        public IHttpActionResult GetIndexWithoutAuthorization(string username, string ticker)
        {
            using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
                Models.User user = cc.Users
                                   .FirstOrDefault(u => u.Username.Equals(username));

                if (user == null)
                {
                    return(NotFound());
                }
                else
                {
                    Models.Index index;
                    if (user.IsAdministrator)
                    {
                        // look for ticker in all indices
                        index = cc.Indices
                                .Where(i => i.Ticker.Equals(ticker))
                                .FirstOrDefault();
                    }
                    else
                    {
                        // look for ticker in user's indices
                        index = user.Indices
                                .Where(i => i.Ticker.Equals(ticker))
                                .FirstOrDefault();
                    }
                    if (index == null)
                    {
                        return(NotFound());
                    }
                    return(Json(JsonObjects.Jsonify(index)));
                }
            }
        }
        public IHttpActionResult GetAllIndicesWithoutAuthorization(string username)
        {
            List <Models.Index> results;

            using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
                Models.User user = cc.Users
                                   .FirstOrDefault(u => u.Username.Equals(username));

                if (user == null)
                {
                    results = new List <Models.Index>();
                }
                else
                {
                    if (user.IsAdministrator)
                    {
                        // return all indices
                        results = cc.Indices.ToList();
                    }
                    else
                    {
                        // return user's indices
                        results = user.Indices.ToList();
                    }
                }
            }
            return(Json(JsonObjects.Jsonify(results)));
        }
        public IHttpActionResult AddUserIndices([FromUri] long id, [FromBody] List <string> tickers)
        {
            using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
                // username in Thread.CurrentPrincipal.Identity.Name
                Models.User adminUser = cc.Users
                                        .FirstOrDefault(u => u.Username.Equals(Thread.CurrentPrincipal.Identity.Name));

                if (adminUser == null || !adminUser.IsAdministrator)
                {
                    return(Unauthorized());
                }
            }
            return(AddUserIndicesWithoutAuthorization(id, tickers));
        }
        public IHttpActionResult ValidatePassword(dynamic loginInfo)
        {
            string username;
            string password;

            if (JsonObjects.IsStringNullOrEmpty(loginInfo, "username") ||
                JsonObjects.IsStringNullOrEmpty(loginInfo, "password")
                )
            {
                return(BadRequest(INVALID_LOGIN_DATA));
            }

            try {
                username = loginInfo.username;
                password = loginInfo.password;
            } catch (Exception) {
                return(BadRequest(INVALID_LOGIN_DATA));
            }

            // get user entity
            using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
                Models.User user = cc.Users
                                   .FirstOrDefault((u) => u.Username.Equals(username));
                if (user == null)
                {
                    return(BadRequest(INVALID_USERNAME_OR_PASSWORD));
                }

                byte[] hash = GetEncodedPassword(password, user.Salt);

                // get stored hash in bytes
                byte[] bUserPassword = Convert.FromBase64String(user.Password);

                if (hash.SequenceEqual(bUserPassword))
                {
                    // create and return a token
                    string token = createToken(username);
                    return(Ok(token));
                }
                else
                {
                    return(BadRequest(INVALID_USERNAME_OR_PASSWORD));
                }
            }
        }
        public IHttpActionResult GetUsers()
        {
            using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
                // username in Thread.CurrentPrincipal.Identity.Name
                Models.User adminUser = cc.Users
                                        .FirstOrDefault(u => u.Username.Equals(Thread.CurrentPrincipal.Identity.Name));

                if (adminUser == null || !adminUser.IsAdministrator)
                {
                    return(Unauthorized());
                }
                else
                {
                    List <Models.User> results = cc.Users.ToList();
                    return(Json(JsonObjects.Jsonify(results)));
                }
            }
        }