public string SaveWebSession(WebSessionModel model)
{
try
{
if (string.IsNullOrEmpty(model.Id))
{
model.Id = CommonHelper.GenerateUuid();
model.SignedIn = (int)CommonHelper.GetUnixTimestamp();
Context.WebSessions.Add(model);
}
else
{
model.SignedIn = (int)CommonHelper.GetUnixTimestamp();
Context.WebSessions.Update(model);
}
if (Context.SaveChanges() > 0)
{
return(model.Id);
}
return(null);
}
catch (Exception e)
{
_logger.LogError("WebSession ==>> SaveWebSession: " + e.Message);
return(null);
}
}
public static ActionResult <WebSessionModel> Execute(Guid webSessionId, string connectionString)
{
try
{
using (var connection = new SqlConnection(connectionString))
{
// create command object
var command = new SqlCommand();
command.Connection = connection;
command.Connection.Open();
// expire given web session on user logout
command.CommandText = @$ "
UPDATE web_sessions
SET web_sessions.expired = GETDATE()
OUTPUT inserted.*
WHERE web_sessions.id = '{webSessionId}'
";
var reader = command.ExecuteReader();
// if no rows returned, web session was not found
if (!reader.HasRows)
{
reader.Close();
return(new BadRequestResult());
}
// read returned row to get expired web session
reader.Read();
var expiredWebSession = new WebSessionModel(reader);
reader.Close();
return(new OkObjectResult(expiredWebSession));
}
}
public void DeleteWebSession(WebSessionModel model)
{
try
{
Context.WebSessions.Remove(model);
Context.SaveChanges();
}
catch (Exception e)
{
_logger.LogError("WebSession ==>> DeleteWebSession: " + e.Message);
}
}
public WebSessionModel FindWebSession(WebSessionModel model)
{
try
{
var result = Context.WebSessions
.Where(b => b.Browser == model.Browser)
.FirstOrDefault(b => b.Ip == model.Ip);
return(result);
}
catch (Exception e)
{
_logger.LogError("WebSession ==>> FindWebSession: " + e.Message);
return(null);
}
}
public static ActionResult <WebSessionModel> Execute(PostUserLoginType data, string connectionString)
{
try
{
using (var connection = new SqlConnection(connectionString))
{
// create command object
var command = new SqlCommand();
command.Connection = connection;
command.Connection.Open();
// get user with the same username as given value
command.CommandText = @$ "
SELECT users.id
, passwords.hashed_password
, passwords.salt
FROM users
JOIN passwords
ON users.id = passwords.user_id
WHERE users.username = '******'
AND passwords.expired IS NULL
";
var reader = command.ExecuteReader();
// if nothing was returned, user does not exist with given username
if (!reader.HasRows)
{
reader.Close();
return(new BadRequestResult());
}
// read returned row to get user id and password
reader.Read();
var userId = reader["id"].ToString();
var passwordSalt = reader["salt"].ToString();
var passwordHashed = reader["hashed_password"].ToString();
reader.Close();
// hash given password
var credentialsHashedPassword = UserController.ApplyHash(
UserController.DecodeSalt(passwordSalt),
data.password
);
// if given password does not match database, unauthorized
if (credentialsHashedPassword != passwordHashed)
{
return(new UnauthorizedResult());
}
// if here, the password is correct and a web session can be made
command.CommandText = @$ "
INSERT INTO web_sessions ( user_id )
OUTPUT inserted.*
VALUES ( '{userId}' )
";
reader = command.ExecuteReader();
// if nothing was returned, web session was not created
if (!reader.HasRows)
{
reader.Close();
return(new BadRequestResult());
}
// reader return row to get web session id
reader.Read();
var webSession = new WebSessionModel(reader);
reader.Close();
// if here, everything ran properly
return(new OkObjectResult(webSession));
}
