Example #1
0
        // PUT api/Comment/5
        public HttpResponseMessage PutComment(string token, int id, Comment comment)
        {
            if (!ModelState.IsValid)
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
            }

            if (id != comment.id)
            {
                return(Request.CreateResponse(HttpStatusCode.BadRequest));
            }

            Token oldToken = db.Token.Where(t => t.token1 == token && t.expires > DateTime.Now).FirstOrDefault();

            if (oldToken != null)
            {
                Comment oldComment = db.Comment.Find(id);
                if (oldComment.idUser != oldToken.userId)
                {
                    ModelState.AddModelError("Forbiden", "operation not allowed");
                    return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
                }

                oldComment.comment1 = comment.comment1;

                oldToken.expires         = DateTime.Now.AddMinutes(15);
                db.Entry(oldToken).State = EntityState.Modified;
                Utils.Util.RemoveTokens(db);


                db.Entry(oldComment).State = EntityState.Modified;
                try
                {
                    db.SaveChanges();
                }
                catch (DbUpdateConcurrencyException ex)
                {
                    return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
                }

                return(Request.CreateResponse(HttpStatusCode.OK));
            }
            else
            {
                ModelState.AddModelError("token", "token expired");
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
            }
        }
Example #2
0
        private void storeMessage(BlogAngularEntities db, User user, string message)
        {
            var now  = DateTime.Now;
            var chat = new Models.ChatMessage()
            {
                uid     = Guid.NewGuid(),
                Created = now,
                User    = user,
                UserId  = user.id,
                Message = message.Length <= 150 ? message : message.Substring(0, 150)
            };

            db.ChatMessage.Add(chat);

            db.Entry(user).State = EntityState.Unchanged;
            db.Entry(chat).State = EntityState.Added;

            storeOldChat(db, now);
        }
Example #3
0
        // PUT api/Category/5
        public HttpResponseMessage PutCategory(string token, int id, Category category)
        {
            if (!ModelState.IsValid)
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
            }

            Token oldToken = db.Token.Where(t => t.token1 == token && t.expires > DateTime.Now).FirstOrDefault();

            if (oldToken != null)
            {
                if (id != category.id)
                {
                    return(Request.CreateResponse(HttpStatusCode.BadRequest));
                }

                oldToken.expires = DateTime.Now.AddMinutes(15);
                Util.RemoveTokens(db);
                db.Entry(oldToken).State = EntityState.Modified;
                db.Entry(category).State = EntityState.Modified;

                try
                {
                    db.SaveChanges();
                }
                catch (DbUpdateConcurrencyException ex)
                {
                    return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
                }

                return(Request.CreateResponse(HttpStatusCode.OK));
            }
            else
            {
                ModelState.AddModelError("token", "token expired");
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
            }
        }
        // PUT api/Password/5
        public HttpResponseMessage PutPassword(string id, NewPassword pass)
        {
            if (!ModelState.IsValid)
            {
                return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
            }           

             Token token = db.Token.Where(t => t.token1 == id && t.expires > DateTime.Now).FirstOrDefault();
             if (token != null)
             {          

                 var user = db.User.Find(token.userId);
                 var salted = Util.saltPassword(pass.oldPassword, user.salt);

                 if (salted != user.password)
                 {
                     db.Token.Remove(token);
                     db.SaveChanges();
                     ModelState.AddModelError("token", "token expired");
                     return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
                 }

                 RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
                 byte[] random = new byte[10];
                 rngCsp.GetBytes(random);
                 var strSalt = BitConverter.ToString(random).Replace("-", "");

                 user.password = Util.saltPassword(pass.password, strSalt);
                 user.salt = strSalt;
                 
                 Util.RemoveTokens(db);
                 db.Token.Remove(token);
                 db.Entry(user).State = EntityState.Modified;

                 try
                 {
                     db.SaveChanges();
                 }
                 catch (DbUpdateConcurrencyException ex)
                 {
                     return Request.CreateErrorResponse(HttpStatusCode.NotFound, ex);
                 }
                 return Request.CreateResponse(HttpStatusCode.OK);
             }
             else
             {
                 ModelState.AddModelError("token", "token expired");
                 return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
             }            
        }
Example #5
0
        // PUT api/Post/5
        public HttpResponseMessage PutPost(string token, int id, Post post)
        {
            if (!ModelState.IsValid)
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
            }

            Token oldToken = db.Token.Where(t => t.token1 == token && t.expires > DateTime.Now).FirstOrDefault();

            if (oldToken != null)
            {
                if (id != post.id)
                {
                    return(Request.CreateResponse(HttpStatusCode.BadRequest));
                }

                Post oldPost = db.Post.Find(id);
                if (oldPost.idUser != oldToken.userId)
                {
                    ModelState.AddModelError("Forbiden", "operation not allowed");
                    return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
                }

                oldPost.idCategory  = post.Category.id;
                oldPost.postContent = post.postContent;
                oldPost.synopsis    = post.synopsis;
                oldPost.title       = post.title;

                oldToken.expires = DateTime.Now.AddMinutes(15);
                Util.RemoveTokens(db);

                db.Entry(oldToken).State      = EntityState.Modified;
                db.Entry(post.Category).State = EntityState.Unchanged;
                db.Entry(oldPost).State       = EntityState.Modified;

                try
                {
                    db.SaveChanges();
                }
                catch (DbUpdateConcurrencyException ex)
                {
                    return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
                }

                return(Request.CreateResponse(HttpStatusCode.OK));
            }
            else
            {
                ModelState.AddModelError("token", "token expired");
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
            }
        }
        // GET api/ChatMessage
        public IEnumerable <ChatMessage> GetChatMessages(string id)
        {
            Token token = db.Token.Where(t => t.token1 == id && t.expires > DateTime.Now).FirstOrDefault();

            if (token != null)
            {
                ChatHub.storeOldChat(db, DateTime.Now);
                token.expires = DateTime.Now.AddMinutes(15);
                Util.RemoveTokens(db);
                db.Entry(token).State = EntityState.Modified;
                db.SaveChanges();
                var chatmessages = db.ChatMessage.Include(c => c.User).OrderBy(c => c.Created).ToList();
                return(chatmessages.Select(c => new ChatMessage()
                {
                    Avatar = c.User.avatar,
                    Message = c.Message,
                    Username = c.User.username,
                    Hour = c.Created.ToString("h:mm:ss")
                }));
            }
            return(new List <ChatMessage>());
        }
Example #7
0
        public async Task <HttpResponseMessage> PostUpload(string id)
        {
            Token token = db.Token.Where(t => t.token1 == id && t.expires > DateTime.Now).FirstOrDefault();

            if (token != null)
            {
                // Check if the request contains multipart/form-data.
                if (!Request.Content.IsMimeMultipartContent())
                {
                    throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType);
                }

                token.expires = DateTime.Now.AddMinutes(15);
                Util.RemoveTokens(db);
                db.Entry(token).State = EntityState.Modified;

                User user = db.User.Find(token.userId);

                string root     = HttpContext.Current.Server.MapPath("~/cliente/app/images/avatars");
                var    provider = new MultipartFormDataStreamProvider(root);

                try
                {
                    // Read the form data.
                    await Request.Content.ReadAsMultipartAsync(provider);


                    // This illustrates how to get the file names.
                    foreach (MultipartFileData fileData in provider.FileData)
                    {
                        if (string.IsNullOrEmpty(fileData.Headers.ContentDisposition.FileName))
                        {
                            return(Request.CreateResponse(HttpStatusCode.NotAcceptable, "This request is not properly formatted"));
                        }
                        string fileName = fileData.Headers.ContentDisposition.FileName;
                        if (fileName.StartsWith("\"") && fileName.EndsWith("\""))
                        {
                            fileName = fileName.Trim('"');
                        }
                        if (fileName.Contains(@"/") || fileName.Contains(@"\"))
                        {
                            fileName = Path.GetFileName(fileName);
                        }
                        string path = Path.Combine(root, user.username + fileName.Substring(fileName.LastIndexOf('.')));
                        File.Delete(path);
                        File.Move(fileData.LocalFileName, path);

                        user.avatar = user.username + fileName.Substring(fileName.LastIndexOf('.'));
                        db.SaveChanges();
                    }

                    return(Request.CreateResponse(HttpStatusCode.OK));
                }
                catch (System.Exception e)
                {
                    return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, e));
                }
            }
            else
            {
                ModelState.AddModelError("token", "token expired");
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
            }
        }