public IActionResult AddFull([FromBody] JObject userData)
{
var name = userData["name"]?.ToString();
var username = userData["username"]?.ToString();
var password = userData["password"]?.ToString();
var email = userData["email"]?.ToString();
var role = userData["role"]?.ToString();
var imgUrl = userData["imageUrl"]?.ToString();
if (name == null || username == null || password == null)
{
return(StatusCode(400, "No name, username, or password given"));
}
var otherUser = _users.GetOneByUsername(username);
if (otherUser != null)
{
return(StatusCode(409, "A User with this username already exists"));
}
var hashed = PasswordHandler.HashPassword(password);
var user = new User {
Name = name, Username = username, Password = hashed
};
user.ImageUrl = imgUrl ?? user.ImageUrl;
user.Role = role ?? user.Role;
user.Email = email ?? user.Email;
_users.Add(user);
return(Created($"/users/{user.Id}", user));
}
public User(string firstName, string lastName, string userName, string password)
{
FirstName = firstName;
LastName = lastName;
(PasswordHash, Salt) = PasswordHandler.HashPassword(password);
UserName = userName;
}
private void LoginButton_Click(object sender, RoutedEventArgs e)
{
//get user input
string userIdInput = userID.Text.ToString();
string userPasswordInput = passwordBox.Password.ToString();
// hash the password
string hashed = PasswordHandler.HashPassword(userPasswordInput);
// and check if its correct
bool accountCorrect = PasswordHandler.CompareHashedToStored(userIdInput, hashed);
if (!accountCorrect)
{
// For security reasons, we always display the same message
// so that users cannot brute force to determine login ids
outputInfo.Title = "Bad Login";
outputInfo.Message = "The UserID or Password you entered is incorrect!";
outputInfo.Severity = InfoBarSeverity.Error;
outputInfo.IsOpen = true;
}
else
{
using (var db = new AirContext())
{
// grab the user and update the session
var user = db.Users.Include(user => user.CustInfo)
.Where(dbuser => dbuser.LoginId == userIdInput).FirstOrDefault();
UserSession.userId = user.UserId;
UserSession.userLoggedIn = true;
// then send them to the appropriate page
if (user.UserRole == Role.MARKETING_MANAGER)
{
Frame.Navigate(typeof(MarketingManagerPage));
}
else if (user.UserRole == Role.LOAD_ENGINEER)
{
Frame.Navigate(typeof(LoadEngineerPage));
}
else if (user.UserRole == Role.FLIGHT_MANAGER)
{
Frame.Navigate(typeof(FlightManagerPage));
}
else if (user.UserRole == Role.ACCOUNTING_MANAGER)
{
Frame.Navigate(typeof(AccountingManagerPage));
}
else
{
Frame.Navigate(typeof(MainPage), null, new SlideNavigationTransitionInfo()
{
Effect = SlideNavigationTransitionEffect.FromRight
});
}
}
}
}
public IActionResult Update([FromRoute] int id, [FromBody] JObject userData)
{
var requester = new
{
Role = User.Claims.Single(c => c.Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role").Value,
Id = int.Parse(User.Claims.Single(c => c.Type == "user id").Value)
};
if (requester.Role == "user" && requester.Id != id)
{
return(StatusCode(403, "Trying to access another user's data"));
}
var name = userData["name"]?.ToString();
var username = userData["username"]?.ToString();
var password = userData["password"]?.ToString();
var email = userData["email"]?.ToString();
var imgUrl = userData["imageUrl"]?.ToString();
var role = userData["role"]?.ToString();
var user = _users.GetOneById(id);
if (user == null)
{
return(NotFound());
}
user.Name = name ?? user.Name;
user.Username = username ?? user.Username;
if (password != null)
{
var hashed = PasswordHandler.HashPassword(password);
user.Password = hashed ?? user.Password;
}
user.ImageUrl = imgUrl ?? user.ImageUrl;
if (requester.Role == "admin" && role != null)
{
user.Role = role ?? user.Role;
}
user.Email = email ?? user.Email;
if (!string.IsNullOrEmpty(user.Username) && !string.IsNullOrEmpty(user.Password))
{
user.Active = true;
}
_users.Update(user);
return(new ObjectResult(user));
}
private void HandleUpdateAccount()
{
// validate input
if (ValidateInput())
{
User currentUser = null;
CustomerInfo custInfo = null;
if (UserSession.userLoggedIn)
{
var db = new AirContext();
var user = db.Users.Include(dbuser => dbuser.CustInfo).Single(dbuser => dbuser.UserId == UserSession.userId);
currentUser = user;
// if the current user is a customer, then update their information from the fields
if (user.UserRole == Role.CUSTOMER)
{
custInfo = currentUser.CustInfo;
custInfo.Name = NameInput.Text;
custInfo.Address = AddressInput.Text;
custInfo.City = CityInput.Text;
custInfo.State = StateInput.Text;
custInfo.Zip = ZipInput.Text;
custInfo.PhoneNumber = PhoneInput.Text;
custInfo.Age = (int)AgeInput.Value;
custInfo.CreditCardNumber = CreditCardInput.Text;
}
}
// if they are updating their password then we need to update their hashed password
if (!string.IsNullOrWhiteSpace(PasswordInput.Password) && !string.IsNullOrWhiteSpace(ConfirmPasswordInput.Password))
{
currentUser.HashedPass = PasswordHandler.HashPassword(PasswordInput.Password);
}
using (var db = new AirContext())
{
// save the updated customer info in the database
var dbuser = db.Users.Single(user => user.LoginId == currentUser.LoginId);
if (custInfo != null)
{
dbuser.CustInfo = custInfo;
}
dbuser.HashedPass = currentUser.HashedPass;
db.SaveChanges();
}
// display to the user that we updated their info successfull
outputInfo.Title = "Account Information Updated!";
outputInfo.Message = "Your Account Information was updated successfully!";
outputInfo.Severity = InfoBarSeverity.Success;
outputInfo.IsOpen = true;
}
}
private void HandleNewAccount()
{
// Input validation.
if (ValidateInput())
{
// Get Random UserID
int userID = MakeUserID();
// fill out a new customer info object with their info from
// the fields
CustomerInfo customerInfo = new()
{
Name = NameInput.Text,
Address = AddressInput.Text,
City = CityInput.Text,
State = StateInput.Text,
Zip = ZipInput.Text,
PhoneNumber = PhoneInput.Text,
Age = (int)AgeInput.Value,
CreditCardNumber = CreditCardInput.Text
};
// fill out a new user object with their info
User user = new()
{
LoginId = userID.ToString(),
HashedPass = PasswordHandler.HashPassword(PasswordInput.Password),
UserRole = Role.CUSTOMER,
CustInfo = customerInfo
};
// add the user to the database
UserUtilities.AddUserToDB(user);
// and display information to the user about their account being created
outputInfo.Title = "Account Creation Successful!";
outputInfo.Message = $"Your Login ID is: {userID}, please remember it for future logins!";
outputInfo.Severity = InfoBarSeverity.Success;
outputInfo.IsOpen = true;
}
}
public static User MapWithPasswordHashToEntity(UserDetailModel detailModel)
{
var passwordHandler = new PasswordHandler();
var user = new User
{
Id = detailModel.Id,
Name = detailModel.Name,
Email = detailModel.Email,
Password = passwordHandler.HashPassword(detailModel.Password),
};
foreach (var activity in detailModel.Activities)
{
user.Activities.Add(ActivityMapper.MapToEntity(activity));
}
foreach (var team in detailModel.Teams)
{
user.Teams.Add(TeamUserMapper.MapToEntity(team, MapToListModel(user)));
}
return(user);
}