public IHttpActionResult CreateUserAccount(RegistrationDTO userInput) // CREATE ACCOUNT
{
TextResult httpResponse = new TextResult("There is already an account with that name!", msg);
UserAccountsManager umgr = new UserAccountsManager();
CustomerManager cmgr = new CustomerManager();
if (!ModelState.IsValid)
{
return(BadRequest());
}
bool EmailIsOk = cmgr.IsValidEmail(userInput.Email);
if (EmailIsOk.Equals(false))
{
httpResponse.ChangeHTTPMessage("Enter valid email!", msg);
return(httpResponse); // HTTP response if accountname already exists
}
;
bool accNameExist = umgr.CheckIfAccountNameExists(userInput.AccountName); // Check if username already exists, returns bool
if (accNameExist.Equals(true))
{
return(httpResponse); // HTTP response if accountname already exists
}
;
bool emailExists = cmgr.CheckIfEmailExists(userInput.Email); // check if email already exists, returns bool
if (emailExists.Equals(true))
{
httpResponse.ChangeHTTPMessage("Email already exists!", msg); // If email exists, HTTP response
return(httpResponse);
}
;
bool passwordIsNotOk = umgr.CheckIfPasswordIsOk(userInput.AccountPassword); // checks if password is ok
if (passwordIsNotOk.Equals(true))
{
httpResponse.ChangeHTTPMessage("Password must contain atleast six characters, one digit and one uppercase!", msg); // If password is not ok, HTTP response
return(httpResponse);
}
;
var customerObject = cmgr.AddCustomer(userInput.Email); // Creates customer entity
var userObject = umgr.CreateUserAccount(userInput.AccountName, userInput.AccountPassword, userInput.PhoneNumber, userInput.CustomerName, customerObject); // creates useraccount entity
try
{
db.Customers.Add(customerObject); // adds customer entity to DB
db.UserAccounts.Add(userObject); // adds useraccount to DB
db.SaveChanges();
}
catch
{
httpResponse.ChangeHTTPMessage("Failed to create account!", msg); // HTTP response if fails to savechanges to DB
return(httpResponse);
}
return(Ok()); // returns login token if registration succesfull
}
public IHttpActionResult PutUserAccounts(ChangePasswordDTO passwordInput) // CHANGE PASSWORD
{
TextResult httpResponse = new TextResult("Failed to change password!", msg); // Http response
string salt;
string hashedOldPassword = null;
string hashedNewPassword;
string hashedPasswordFromDb = null;
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
UserAccountsManager umgr = new UserAccountsManager();
bool passwordIsNotOk = umgr.CheckIfPasswordIsOk(passwordInput.NewPassword); // Check if password is valid
if (passwordIsNotOk.Equals(true))
{
httpResponse.ChangeHTTPMessage("Password must contain atleast six characters, one digit and one uppercase!", msg); // If password is not ok, HTTP response
return(httpResponse);
}
try
{
salt = umgr.GetUserSalt(passwordInput.AccountName); // Gets salt from DB
hashedOldPassword = umgr.HashPassword(salt, passwordInput.OldPassword); // Hashing old password with user salt
hashedNewPassword = umgr.HashPassword(salt, passwordInput.NewPassword); // Hashing new password with user salt
hashedPasswordFromDb = umgr.GetPassword(passwordInput.AccountName); // Gets old hashed password from DB
} catch
{
return(httpResponse); // http response if above operations failed
}
if (hashedOldPassword.Equals(hashedPasswordFromDb)) // Compares new password vs old
{
UserAccounts updatedUser = new UserAccounts();
updatedUser.accountPassword = hashedNewPassword; // Adds new hashed password to user entity
updatedUser.accountName = passwordInput.AccountName; // User entity account name
bool entityIsUpdated = umgr.UpdateEntityInDb(updatedUser); // Updating entity in DB
if (entityIsUpdated.Equals(true))
{
httpResponse.ChangeHTTPMessage("Password changed!", msg);
return(httpResponse);
}
return(httpResponse);
}
httpResponse.ChangeHTTPMessage("Password not correct!", msg); // if input password and password from DB do not match
return(httpResponse);
}