[HttpDelete("{id:int}")] // working public string User_DeleteUser(int id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } try { // attempt to remove all data and update changes _context.Accounts.RemoveRange(_context.Accounts.Where(a => a.UserID == id)); _context.RefreshTokens.RemoveRange(_context.RefreshTokens.Where(a => a.UserID == id)); _context.Users.Remove(_context.Users.Single(a => a.ID == id)); _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; ErrorMessage error = new ErrorMessage("Failed to delete user.", "ID: " + id.ToString(), ex.Message); return(JObject.FromObject(error).ToString()); } JObject message = JObject.Parse(SuccessMessage._result); return(message.ToString()); }
[HttpPost("{id:int}/accounts")] // working public IActionResult User_AddAccount(int id, [FromBody] NewAccount accToAdd) { try { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // if this user does not own the folder we are adding to, then error if (accToAdd.FolderID != null && !_context.Users.Single(a => a.ID == id).Folders.Exists(b => b.ID == accToAdd.FolderID)) { ErrorMessage error = new ErrorMessage("Failed to create new account", "User does not have a folder matching that ID."); return(new BadRequestObjectResult(error)); } // create new account and save it Account new_account = new Account(accToAdd, id); _context.Accounts.Add(new_account); _context.SaveChanges(); return(Ok()); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error creating new account.", ex.Message); return(new InternalServerErrorResult(error)); } }
public IActionResult User_EditAccountDesc(int id, int account_id, [FromBody] string description) { // attempt to edit the description // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id)) { ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } // get account and modify Account accToEdit = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id); accToEdit.Description = HelperMethods.EncryptStringToBytes_Aes(description, HelperMethods.GetUserKeyAndIV(id));; accToEdit.LastModified = HelperMethods.EncryptStringToBytes_Aes(DateTime.Now.ToString(), HelperMethods.GetUserKeyAndIV(id)); _context.SaveChanges(); return(Ok()); }
public IActionResult User_AddAccount(int id, [FromBody] NewAccount accToAdd) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // account limit is 50 for now if (_context.Users.Single(a => a.ID == id).Accounts.Count >= 50) { ErrorMessage error = new ErrorMessage("Failed to create new account", "User cannot have more than 50 passwords saved at once."); return(new BadRequestObjectResult(error)); } // if this user does not own the folder we are adding to, then error if (accToAdd.FolderID != null && !_context.Users.Single(a => a.ID == id).Folders.Exists(b => b.ID == accToAdd.FolderID)) { ErrorMessage error = new ErrorMessage("Failed to create new account", "User does not have a folder matching that ID."); return(new BadRequestObjectResult(error)); } // create new account and save it Account new_account = new Account(accToAdd, id); new_account.LastModified = HelperMethods.EncryptStringToBytes_Aes(DateTime.Now.ToString(), HelperMethods.GetUserKeyAndIV(id)); _context.Accounts.Add(new_account); _context.SaveChanges(); // return the new object to easily update on frontend without making another api call return(new OkObjectResult(new ReturnableAccount(new_account))); }
public IActionResult User_GetSingleAccount(int id, int account_id) { try { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id)) { ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } return(new OkObjectResult(new ReturnableAccount(_context.Accounts.Single(a => a.ID == account_id)))); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error getting account", ex.Message); return(new InternalServerErrorResult(error)); } }
public IActionResult User_GetFolders(int id) { try { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // get and return all this user's accounts List <ReturnableFolder> folders = new List <ReturnableFolder>(); foreach (Folder fold in _context.Users.Single(a => a.ID == id).Folders.ToArray()) { ReturnableFolder retFold = new ReturnableFolder(fold); folders.Add(retFold); } return(new OkObjectResult(folders)); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error getting folders", ex.Message); return(new InternalServerErrorResult(error)); } }
public IActionResult User_EditAccountDesc(int id, int account_id, [FromBody] string description) { // attempt to edit the description try { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id)) { ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id).Description = description; _context.SaveChanges(); return(new OkObjectResult(new { new_description = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id).Description })); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error editing description", ex.Message); return(new InternalServerErrorResult(error)); } }
public IActionResult User_EditAccount(int id, int acc_id, [FromBody] NewAccount acc) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == acc_id)) { ErrorMessage error = new ErrorMessage("Failed to delete account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } // get account and modify Account accToEdit = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == acc_id); accToEdit.Title = HelperMethods.EncryptStringToBytes_Aes(acc.Title, HelperMethods.GetUserKeyAndIV(id)); accToEdit.Login = HelperMethods.EncryptStringToBytes_Aes(acc.Login, HelperMethods.GetUserKeyAndIV(id)); accToEdit.Password = HelperMethods.EncryptStringToBytes_Aes(acc.Password, HelperMethods.GetUserKeyAndIV(id)); accToEdit.Url = HelperMethods.EncryptStringToBytes_Aes(acc.Url, HelperMethods.GetUserKeyAndIV(id)); accToEdit.Description = HelperMethods.EncryptStringToBytes_Aes(acc.Description, HelperMethods.GetUserKeyAndIV(id)); accToEdit.LastModified = HelperMethods.EncryptStringToBytes_Aes(DateTime.Now.ToString(), HelperMethods.GetUserKeyAndIV(id)); _context.SaveChanges(); // return the new object to easily update on frontend without making another api call return(new OkObjectResult(new ReturnableAccount(accToEdit))); }
[HttpPut("{id:int}/accounts/{account_id:int}/password")] // in progress public IActionResult User_EditAccountPassword(int id, int account_id, [FromBody] string password) { try { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id)) { ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id).Password = HelperMethods.EncryptStringToBytes_Aes(password, HelperMethods.GetUserKeyAndIV(id)); _context.SaveChanges(); return(Ok()); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error editing password", ex.Message); return(new InternalServerErrorResult(error)); } }
public string User_AccountSetFolder(int id, int account_id, [FromBody] string folder_id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } // attempt to edit the description try { Account acc = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id); // left empty implies removing any associated folder if (string.IsNullOrWhiteSpace(folder_id)) { acc.FolderID = null; } else // here we have to validate that the user owns the folder { acc.FolderID = _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == int.Parse(folder_id)).ID; // we code it like this to make sure that whatever folder we attempt exists and is owner by this user } _context.Accounts.Update(acc); _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error settting folder", "Attempted folder id: " + folder_id, ex.Message)).ToString()); } return(SuccessMessage._result); }
[HttpDelete("{id:int}")] // working public IActionResult User_DeleteUser(int id) { try { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // attempt to remove all data and update changes _context.Accounts.RemoveRange(_context.Accounts.Where(a => a.UserID == id)); _context.RefreshTokens.RemoveRange(_context.RefreshTokens.Where(a => a.UserID == id)); _context.Users.Remove(_context.Users.Single(a => a.ID == id)); _context.SaveChanges(); return(Ok()); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Failed to delete user.", ex.Message); return(new InternalServerErrorResult(error)); } }
public IActionResult User_EditPassword(int id, [FromBody] PasswordReset psw_reset) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // get user from db User user = _context.Users.Single(a => a.ID == id); // if password is valid then we change it and update db if (ValidatePassword(psw_reset.Current_Password, user.Password)) { user.Password = HelperMethods.ConcatenatedSaltAndSaltedHash(psw_reset.New_Password); _context.Update(user); _context.SaveChanges(); return(Ok()); } else { ErrorMessage error = new ErrorMessage("Invalid Password", "Your current password does not match."); return(new BadRequestObjectResult(error)); } }
public IActionResult User_EditAccountIsFavorite(int id, int account_id, [FromBody] bool isFavorite) { // attempt to set account to be favorite or not // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id)) { ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } // get account and set favorite setting.. here we wont see it as the account has been modified Account accToEdit = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id); accToEdit.IsFavorite = isFavorite; _context.SaveChanges(); return(Ok()); }
public IActionResult User_EditLastName(int id, [FromBody] string lastname) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } _context.Users.Where(a => a.ID == id).Single().Last_Name = HelperMethods.EncryptStringToBytes_Aes(lastname, _keyAndIV);; _context.SaveChanges(); return(Ok()); }
public string User_GetSingleAccount(int id, int account_id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } JObject message = JObject.Parse(SuccessMessage._result); message.Add(new JProperty("account", JObject.FromObject(new ReturnableAccount(_context.Accounts.Single(a => a.ID == account_id))))); return(message.ToString()); }
public IActionResult User_GetUser(int id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // strips out private data that is never to be sent back and returns user info ReturnableUser retUser = new ReturnableUser(_context.Users.Where(a => a.ID == id).Single(), _keyAndIV); return(new OkObjectResult(retUser)); }
[HttpPost("{id:int}/accounts")] // working public string User_AddAccount(int id, [FromBody] string accJson) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } JObject json = null; // might want Json verification as own function since all will do it.. we will see try { json = JObject.Parse(accJson); } catch (Exception ex) { Response.StatusCode = 400; ErrorMessage error = new ErrorMessage("Invalid Json", accJson, ex.Message); return(JObject.FromObject(error).ToString()); } try { // if folder id is present, then use it, if not we use standard null for top parent int?folder_id; if (json["folder_id"] == null) { folder_id = null; } else { folder_id = _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == int.Parse(json["folder_id"].ToString())).ID; // makes sure folder exists and is owned by user } // use token in header to to Account new_account = new Account { UserID = id, FolderID = folder_id, Title = json["account_title"]?.ToString(), Login = json["account_login"]?.ToString(), Password = json["account_password"] != null?HelperMethods.EncryptStringToBytes_Aes(json["account_password"].ToString(), HelperMethods.GetUserKeyAndIV(id)) : null, Description = json["account_description"]?.ToString() }; _context.Accounts.Add(new_account); _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error creating new account.", accJson, ex.Message)).ToString()); } return(SuccessMessage._result); }
[HttpPost("{id:int}/folders")] // working public string User_AddFolder(int id, [FromBody] string folderJson) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } JObject json = null; // might want Json verification as own function since all will do it.. we will see try { json = JObject.Parse(folderJson); } catch (Exception ex) { Response.StatusCode = 400; ErrorMessage error = new ErrorMessage("Invalid Json", folderJson, ex.Message); return(JObject.FromObject(error).ToString()); } try { int?pid = json["parent_id"]?.ToObject <int?>(); // parent id // if user doesnt own the parent or isnt currently admin, we throw error if (pid != null && _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == pid) == null && !HelperMethods.ValidateIsAdmin(_httpContextAccessor)) { throw new Exception("User must own the parent folder or be admin"); } // use token in header to to Folder new_folder = new Folder { UserID = id, FolderName = json["folder_name"].ToString(), ParentID = pid }; _context.Folders.Add(new_folder); // add new folder // only update parent if needed if (pid != null) { Folder parent_folder = _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == pid); // this makes sure that the parent folder is owned by our user parent_folder.HasChild = true; _context.Folders.Update(parent_folder); // register to parent that is now has at least 1 child } _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error creating new folder.", folderJson, ex.Message)).ToString()); } return(SuccessMessage._result); }
[HttpGet("{id:int}")] // working public string User_GetUser(int id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } //format response JObject message = JObject.Parse(SuccessMessage._result); ReturnableUser retUser = new ReturnableUser(_context.Users.Where(a => a.ID == id).Single()); // strips out private data that is never to be sent back message.Add(new JProperty("user", JToken.FromObject(retUser))); return(message.ToString()); }
public IActionResult User_AccountSetFolder(int id, int account_id, [FromBody] int?folder_id) { // attempt to edit the description try { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id)) { ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } // use zero to mean null since body paramter must be present if (folder_id == 0) { folder_id = null; } // if this user does not own the folder we are adding to, then error if (folder_id != null && !_context.Users.Single(a => a.ID == id).Folders.Exists(b => b.ID == folder_id)) { ErrorMessage error = new ErrorMessage("Failed to create new account", "User does not have a folder matching that ID."); return(new BadRequestObjectResult(error)); } else { _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id).FolderID = folder_id; _context.SaveChanges(); } return(new OkObjectResult(new { new_folder = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id).FolderID })); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error settting folder", ex.Message); return(new InternalServerErrorResult(error)); } }
[HttpDelete("{id:int}/folders/{folder_id:int}")] // working public string User_DeleteFolder(int id, int folder_id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } try { Folder folderToDelete = _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == folder_id); // if this folder has children, then we need to call DeleteFolder on all children if (folderToDelete.HasChild) { List <Folder> folders = _context.Users.Single(a => a.ID == id).Folders.ToList <Folder>(); foreach (Folder folder in folders) { if (folder.ParentID == folderToDelete.ID) { User_DeleteFolder(id, folder.ID); // recursive call to go down the tree and delete children } } } // delete the accounts in the folder List <Account> accounts = _context.Users.Single(a => a.ID == id).Accounts.ToList <Account>(); foreach (Account account in accounts) { if (account.FolderID == folderToDelete.ID) { _context.Accounts.Remove(account); // no need to call User_DeleteAccount because identity and access token have already been verifies } } _context.SaveChanges(); // save the accounts being deleted _context.Folders.Remove(folderToDelete); // remove the folder _context.SaveChanges(); // save the folder being deleted.. must be done seperate because of foreign keys } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error deleting folder.", "Folder ID: " + folder_id.ToString(), ex.Message)).ToString()); } return(SuccessMessage._result); }
[HttpGet("{id:int}/lastname")] // working public IActionResult User_GetLastName(int id) { try { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } return(new OkObjectResult(new { lastname = _context.Users.Where(a => a.ID == id).Single().Last_Name })); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Failed to get last name.", ex.Message); return(new InternalServerErrorResult(error)); } }
public IActionResult User_GetAccounts(int id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // get and return all this user's accounts List <ReturnableAccount> accs = new List <ReturnableAccount>(); foreach (Account acc in _context.Users.Single(a => a.ID == id).Accounts.ToArray()) { ReturnableAccount retAcc = new ReturnableAccount(acc); accs.Add(retAcc); } return(new OkObjectResult(accs)); }
[HttpDelete("{id:int}/accounts/{account_id:int}")] // working public string User_DeleteAccount(int id, int account_id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } try { _context.Accounts.Remove(_context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id)); // fist match user id to ensure ownership _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error deleting account.", "Account ID: " + account_id.ToString(), ex.Message)).ToString()); } return(SuccessMessage._result); }
public IActionResult User_DeleteAccount(int id, int account_id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id)) { ErrorMessage error = new ErrorMessage("Failed to delete account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } _context.Accounts.Remove(_context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id)); // fist match user id to ensure ownership _context.SaveChanges(); return(Ok()); }
public string User_GetFolders(int id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } // format success response.. maybe could be done better but not sure yet JObject message = JObject.Parse(SuccessMessage._result); JArray folders = new JArray(); foreach (Folder fold in _context.Users.Single(a => a.ID == id).Folders) { folders.Add(JToken.FromObject(new ReturnableFolder(fold))); } message.Add(new JProperty("folders", folders)); return(message.ToString()); }
public IActionResult User_SetMultipleAccountsFolder(int id, [FromBody] JObject data) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // get the accounts and the folder we want to set them to List <int> account_ids = data["account_ids"].ToObject <List <int> >(); int? folder_id = data["folder_id"].ToObject <int>(); // use zero to mean null since body paramter must be present if (folder_id == 0) { folder_id = null; } // if this user does not own the folder we are adding to, then error if (folder_id != null && !_context.Users.Single(a => a.ID == id).Folders.Exists(b => b.ID == folder_id)) { ErrorMessage error = new ErrorMessage("Failed to create new account", "User does not have a folder matching that ID."); return(new BadRequestObjectResult(error)); } foreach (int acc_id in account_ids) { // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == acc_id)) { ErrorMessage error = new ErrorMessage("Failed to delete accounts", "User does not have an account matching ID: " + acc_id); return(new BadRequestObjectResult(error)); } _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == acc_id).FolderID = folder_id; } _context.SaveChanges(); return(Ok()); }
public string User_EditPassword(int id, [FromBody] string passwordJson) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } JObject json = null; // might want Json verification as own function since all will do it.. we will see try { json = JObject.Parse(passwordJson); } catch (Exception ex) { Response.StatusCode = 400; ErrorMessage error = new ErrorMessage("Invalid Json", passwordJson, ex.Message); return(JObject.FromObject(error).ToString()); } try { User user = _context.Users.Single(a => a.ID == id); // if password is valid then we change it and update db if (ValidatePassword(json["current_password"].ToString(), user.Password)) { user.Password = HelperMethods.ConcatenatedSaltAndSaltedHash(json["new_password"].ToString()); _context.Update(user); _context.SaveChanges(); } else { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid Password", json["current_password"].ToString(), "n/a")).ToString()); } } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Failed to update with new password", "n/a", ex.Message)).ToString()); // don't continue to send password back and forth in messages } return(JObject.Parse(SuccessMessage._result).ToString()); }
[HttpPut("{id:int}/accounts/{account_id:int}/password")] // in progress public string User_EditAccountPassword(int id, int account_id, [FromBody] string password) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } try { Account acc = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id); acc.Password = HelperMethods.EncryptStringToBytes_Aes(password, HelperMethods.GetUserKeyAndIV(id)); // this logic will need to be changed to use a unique key _context.Accounts.Update(acc); _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error editing password", "n/a", ex.Message)).ToString()); } return(SuccessMessage._result); }
public string User_EditAccountDesc(int id, int account_id, [FromBody] string description) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } // attempt to edit the description try { Account acc = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id); acc.Description = description; _context.Accounts.Update(acc); _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error editing description", "Attempted description: " + description, ex.Message)).ToString()); } return(SuccessMessage._result); }