public async Task GetUserByEmailAndPasswordTest()
{
DbContextOptions <ATZBDbContext> options = new DbContextOptionsBuilder <ATZBDbContext>()
.UseInMemoryDatabase(databaseName: Guid.NewGuid().ToString())
.Options;
ATZBDbContext context = new ATZBDbContext(options);
UserService userService = new UserService(context);
PasswordHasherService passwordHasherService = new PasswordHasherService();
string emailForTest = "*****@*****.**";
string passwordForTest = "testpassword1";
var passwordHashed = await passwordHasherService.HashPasswordAsync(passwordForTest);
ATZBUser expectedUser = new ATZBUser()
{
Email = emailForTest
, PasswordHash = passwordHashed.Key
, PasswordSalt = passwordHashed.Value
};
SeedDbWithUsers(context, DataForSeedUsers);
await userService.CreateUserAsync(expectedUser);
var actualUser = userService.GetUserByUsernameAndPasswordAsync(emailForTest, passwordForTest).Result.Key;
Assert.Equal(expectedUser, actualUser);
}
public async Task <AppUser> Login([FromBody] AppUser loginUser, bool passwordIsHashed)
{
var user = await _appUserService.FindByName(loginUser.Name);
if (user == null)
{
return(null);
}
var res = PasswordHasherService.VerifyMd5Hash(loginUser.Password, user.Password, passwordIsHashed);
return(res ? user : null);
}
public async Task <IHttpActionResult> PutUser(Models.UserModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = await userRepository.GetOne(model.Id);
if (user == null)
{
return(NotFound());
}
user.FirstName = model.FirstName;
user.LastName = model.LastName;
user.UserName = model.UserName;
user.EmailAddress = model.EmailAddress;
if (model.Password != null)
{
user.Salt = PasswordHasherService.GenerateSalt();
user.Hash = PasswordHasherService.HashPassword(model.Password, user.Salt);
}
try
{
await userRepository.SaveAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!userRepository.UserExists(model.Id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public IActionResult UpdateStudent([FromQuery] string Ind, [FromBody] Student stud)
{
try
{
var output = _context.Student.Where(st => st.IndexNumber.Equals(Ind)).FirstOrDefault();
output.FirstName = stud.FirstName;
output.LastName = stud.LastName;
output.BirthDate = stud.BirthDate;
output.IdEnrollment = stud.IdEnrollment;
if (stud.Password != null)
{
output.Password = PasswordHasherService.GenerateSaltedHash(stud.Password, output.Salt);
}
_context.SaveChanges();
return(Ok("Successfuly edited student!"));
}catch (NullReferenceException ex)
{
return(BadRequest("No student found"));
}
}
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
using (var db = new Models.APIContext())
{
var user = db.Users
.Where(u => u.UserName == context.UserName)
.FirstOrDefault();
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return(Task.FromResult <object>(null));
}
if (user.Hash != PasswordHasherService.HashPassword(context.Password, user.Salt))
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return(Task.FromResult <object>(null));
}
var identity = GetIdentityFromUser(db, user, context.Options.AuthenticationType);
var ticket = new AuthenticationTicket(identity, BuildTicketProperties(db, user, context.ClientId == null ? String.Empty : context.ClientId));
context.Validated(ticket);
return(Task.FromResult <object>(null));
}
}
public async Task <IHttpActionResult> PostUser(Models.UserModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var user = new User();
user.FirstName = model.FirstName;
user.LastName = model.LastName;
user.UserName = model.UserName;
user.EmailAddress = model.EmailAddress;
user.Salt = PasswordHasherService.GenerateSalt();
user.Hash = PasswordHasherService.HashPassword(model.Password, user.Salt);
userRepository.Add(user);
await userRepository.SaveAsync();
return(Created(Request.RequestUri + user.Id.ToString(), user));
}
public EnrollResponse EnrollStudent(EnrollRequest request)
{
EnrollResponse enrollResponse = new EnrollResponse();
using (var client = new SqlConnection("Data Source = db-mssql.pjwstk.edu.pl; Initial Catalog = s16796; Integrated Security = True"))
{
using (var command = new SqlCommand())
{
command.Connection = client;
client.Open();
var transaction = client.BeginTransaction();
command.Transaction = transaction;
command.CommandText = "Select IdStudy FROM Studies where Name=@name";
command.Parameters.AddWithValue("name", request.Studies);
var dr = command.ExecuteReader();
if (!dr.Read())
{
dr.Close();
transaction.Rollback();
throw new ArgumentException("No studies found with that name");
}
else
{
enrollResponse.IdStudies = Convert.ToInt32(dr["IdStudy"].ToString());
enrollResponse.Semester = 1;
enrollResponse.Studies = request.Studies;
}
dr.Close();
command.Parameters.Clear();
command.CommandText = "SELECT IdEnrollment, StartDate FROM Enrollment WHERE semester = 1 AND IdStudy = @id order by StartDate desc";
command.Parameters.AddWithValue("id", enrollResponse.IdStudies);
dr = command.ExecuteReader();
if (dr.Read())
{
enrollResponse.IdEnrollment = Convert.ToInt32(dr["IdEnrollment"].ToString());
enrollResponse.StartDate = Convert.ToDateTime(dr["StartDate"]);
}
else
{
//enrollment nie istnieje!
dr.Close();
command.CommandText = "INSERT INTO Enrollment(IdEnrollment, Semester, IdStudy, StartDate) OUTPUT Inserted.IdEnrollment VALUES((SELECT MAX(IdEnrollment) FROM Enrollment) + 1, 1, @id, @startdate)";
command.Parameters.AddWithValue("startdate", DateTime.Now);
dr = command.ExecuteReader();
dr.Read();
enrollResponse.IdEnrollment = Convert.ToInt32(dr["IdEnrollment"].ToString());
enrollResponse.StartDate = DateTime.Now.Date;
}
dr.Close();
var studentsalt = GetSalt(32);
command.Parameters.Clear();
command.CommandText = "INSERT INTO Student(IndexNumber, FirstName, LastName, BirthDate, IdEnrollment, Password, Salt) VALUES(@index, @first, @last, @birth, @enrollment, @Password, @Salt)";
command.Parameters.AddWithValue("index", request.IndexNumber);
command.Parameters.AddWithValue("first", request.FirstName);
command.Parameters.AddWithValue("last", request.LastName);
command.Parameters.AddWithValue("birth", DateTime.ParseExact(request.BirthDate, "dd.MM.yyyy", null));
command.Parameters.AddWithValue("enrollment", enrollResponse.IdEnrollment);
command.Parameters.AddWithValue("Password", PasswordHasherService.GenerateSaltedHash(request.Password, studentsalt));
command.Parameters.AddWithValue("Salt", studentsalt);
try
{
dr = command.ExecuteReader();
enrollResponse.IndexNumber = request.IndexNumber;
}
catch (Exception exc)
{
Console.WriteLine(exc);
dr.Close();
transaction.Rollback();
throw new ArgumentException("This index already exists");
}
dr.Close();
transaction.Commit();
return(enrollResponse);
}
}
}
public override async Task <AppUser> AddNewItem(AppUser user)
{
user.Password = PasswordHasherService.GetMd5Hash(user.Password);
return(await base.AddNewItem(user));
}
protected override void Seed(API.Models.APIContext context)
{
// This method will be called after migrating to the latest version.
// You can use the DbSet<T>.AddOrUpdate() helper extension method
// to avoid creating duplicate seed data. E.g.
var salt = PasswordHasherService.GenerateSalt();
context.Users.AddOrUpdate(
p => p.UserName,
new Core.User
{
EmailAddress = "*****@*****.**",
FirstName = "Admin",
LastName = "Test",
Hash = PasswordHasherService.HashPassword("test", salt),
Salt = salt,
UserName = "******"
}
);
context.Policies.AddOrUpdate(p => p.Id,
new Core.Policy
{
Id = 1,
CustomerName = "Grecia Hung",
Description = "Indernizacion del patrimonio",
TypeCover = Core.TypeCover.Earthquake,
TypeRisk = Core.TypeRisk.Low,
PercentageCoverage = 20,
Price = 1000,
StartDate = DateTimeOffset.Now,
EndDate = DateTimeOffset.Now.AddYears(1)
},
new Core.Policy
{
Id = 2,
CustomerName = "Osner Sanchez",
Description = "N/A",
TypeCover = Core.TypeCover.Stole,
TypeRisk = Core.TypeRisk.Low,
PercentageCoverage = 100,
Price = 5000,
StartDate = DateTimeOffset.Now,
EndDate = DateTimeOffset.Now.AddYears(1)
},
new Core.Policy
{
Id = 3,
CustomerName = "Juan Guaidó",
Description = "Aplica para perdida total",
TypeCover = Core.TypeCover.Fire,
TypeRisk = Core.TypeRisk.High,
PercentageCoverage = 10,
Price = 10000,
StartDate = DateTimeOffset.Now.AddYears(-1),
EndDate = DateTimeOffset.Now.AddDays(-1)
},
new Core.Policy
{
Id = 4,
CustomerName = "Darwin Ruiz",
Description = "Aplica para perdida total",
TypeCover = Core.TypeCover.Others,
TypeRisk = Core.TypeRisk.Medium,
PercentageCoverage = 10,
Price = 3000,
StartDate = DateTimeOffset.Now,
EndDate = DateTimeOffset.Now.AddDays(50)
},
new Core.Policy
{
Id = 5,
CustomerName = "Ambar Urbaez",
Description = "N/A",
TypeCover = Core.TypeCover.Earthquake,
TypeRisk = Core.TypeRisk.High,
PercentageCoverage = 20,
Price = 10000,
StartDate = DateTimeOffset.Now,
EndDate = DateTimeOffset.Now.AddYears(1)
},
new Core.Policy
{
Id = 6,
CustomerName = "Davis Mejias",
Description = "N/A",
TypeCover = Core.TypeCover.Stole,
TypeRisk = Core.TypeRisk.Low,
PercentageCoverage = 100,
Price = 5000,
StartDate = DateTimeOffset.Now,
EndDate = DateTimeOffset.Now.AddYears(1)
},
new Core.Policy
{
Id = 7,
CustomerName = "Andres Padilla",
Description = "N/A",
TypeCover = Core.TypeCover.Fire,
TypeRisk = Core.TypeRisk.Low,
PercentageCoverage = 60,
Price = 10000,
StartDate = DateTimeOffset.Now.AddYears(-1),
EndDate = DateTimeOffset.Now.AddDays(-1)
},
new Core.Policy
{
Id = 8,
CustomerName = "Ibsen Rios",
Description = "Aplica para perdida total",
TypeCover = Core.TypeCover.Lost,
TypeRisk = Core.TypeRisk.MediumHigh,
PercentageCoverage = 35,
Price = 9500,
StartDate = DateTimeOffset.Now,
EndDate = DateTimeOffset.Now.AddDays(100)
}
);
}
public EnrollResponse EnrollStudent(EnrollRequest request, s16796Context context)
{
EnrollResponse enrollResponse = new EnrollResponse();
context.Database.BeginTransaction();
var test = context.Student.Where(student => student.IndexNumber.Equals(request.IndexNumber)).FirstOrDefault();
if (test != null)
{
throw new ArgumentException("Index taken!");
}
enrollResponse.IndexNumber = request.IndexNumber;
try
{
enrollResponse.IdStudies = context.Studies.Where(studies => studies.Name.Equals(request.Studies)).Select(studies => studies.IdStudy).FirstOrDefault();
}catch (InvalidOperationException ex)
{
context.Database.RollbackTransaction();
throw new ArgumentException("No studies found with that name");
}
enrollResponse.Semester = 1;
enrollResponse.Studies = request.Studies;
try
{
var output = context.Enrollment.Where(enroll => enroll.Semester == 1 && enroll.IdStudy == enrollResponse.IdStudies).Select(enr => new
{
IdEnrollment = enr.IdEnrollment,
StartDate = enr.StartDate
}).First();
enrollResponse.IdEnrollment = output.IdEnrollment;
enrollResponse.StartDate = output.StartDate;
}catch (InvalidOperationException ex)
{
enrollResponse.IdEnrollment = context.Enrollment.Max(enr => enr.IdEnrollment) + 1;
enrollResponse.StartDate = DateTime.Now.Date;
var enrollmentadd = new Enrollment()
{
IdEnrollment = enrollResponse.IdEnrollment,
Semester = 1,
IdStudy = enrollResponse.IdStudies,
StartDate = enrollResponse.StartDate
};
context.Enrollment.Add(enrollmentadd);
}
var studentsalt = GetSalt(32);
var nowystudent = new Student()
{
IndexNumber = request.IndexNumber,
FirstName = request.FirstName,
LastName = request.LastName,
BirthDate = DateTime.ParseExact(request.BirthDate, "dd.MM.yyyy", null),
IdEnrollment = enrollResponse.IdEnrollment,
Password = PasswordHasherService.GenerateSaltedHash(request.Password, studentsalt),
Salt = studentsalt
};
context.Student.Add(nowystudent);
context.SaveChanges();
context.Database.CommitTransaction();
return(enrollResponse);
}
