Ejemplo n.º 1
0
        /// <summary>
        /// Public default Constructor
        /// </summary>
        public override void OnActionExecuting(HttpActionContext context)
        {
            AuthModel authModel = new AuthModel();

            var header = context.Request.Headers.SingleOrDefault(x => x.Key == "token");

            bool valid, isAdmin, okDate;

            if (header.Value == null)
            {
                valid = false;
            }
            else
            {
                //tokenul apartine unui admin
                isAdmin = authModel.VerifyAdminToken(header.Value.First());

                //tokenul este valid
                okDate = authModel.VerifyToken(header.Value.First());

                valid = isAdmin && okDate;
            }

            if (!valid)
            {
                //Invalid Authorization Key
                context.Response = context.Request.CreateResponse(HttpStatusCode.Forbidden);
            }
        }
        /// <summary>
        /// Public default Constructor
        /// </summary>
        public override void OnActionExecuting(HttpActionContext context)
        {
            AuthModel authModel = new AuthModel();
            FormModel formModel = new FormModel();

            var header = context.Request.Headers.SingleOrDefault(x => x.Key == "token");
            var formIdToDelete = context.Request.RequestUri.Segments[3];

            bool valid=false, isAdmin=false, okDate=false, formIsFromUser=false;

            if (header.Value == null)
            {
                valid = false;
            }
            else
            {
                //tokenul apartine unui admin
                isAdmin = authModel.VerifyAdminToken(header.Value.First());

                //tokenul este valid
                okDate = authModel.VerifyToken(header.Value.First());

                valid = isAdmin && okDate;

                //tokenul si formul apartin aceluiasi user
                formIsFromUser = formModel.FormIdCreatedbyUserId(Int32.Parse(formIdToDelete), header.Value.First());

            }

            if (!(valid || formIsFromUser))
            {
                //Invalid Authorization Key
                context.Response = context.Request.CreateResponse(HttpStatusCode.Forbidden);
            }
        }
Ejemplo n.º 3
0
        public MyMessage Get()
        {
            AuthModel authModel = new AuthModel();

            var header = Request.Headers.SingleOrDefault(x => x.Key == "token");
            bool isAdmin = authModel.VerifyAdminToken(header.Value.First());
            RoleMessage msg;

            if (isAdmin)
            {
                msg = new RoleMessage("admin");
                return msg;
            }
            else
            {
                msg = new RoleMessage("user");
                return msg;
            }
        }
Ejemplo n.º 4
0
        public HttpResponseMessage Post(UserDTO user)
        {
            AuthModel auth = new AuthModel();
            HttpResponseMessage responseMessage;
            string response = auth.Authenticate(user.Username, user.Password);

            if (response != null)
            {
                string role = auth.GetRole(user.Username);
                TokenMessage msg = new TokenMessage(response,role);
                responseMessage = Request.CreateResponse(HttpStatusCode.OK, msg);

            }
            else
            {
                ErrorMessage msg = new ErrorMessage("Invalid username or password");
                responseMessage = Request.CreateResponse(HttpStatusCode.Forbidden, msg);
            }

            return responseMessage;
        }