private BWebServiceResponse UpdateUserInfo_Internal( HttpListenerContext _Context, string _NewEmailChange, string _NewUserNameChange, JObject _UserObject, JObject _UpdateFieldsUserEntry, JObject _UpdateFieldsAuthEntry, Action <string> _ErrorMessageAction) { var UserKey = new BPrimitiveType(RequestedUserID); if (_UpdateFieldsUserEntry.Count > 0) { string OldEmail = null; string OldUserName = null; if (_NewEmailChange != null && _UserObject.ContainsKey(UserDBEntry.USER_EMAIL_PROPERTY)) { OldEmail = (string)_UserObject[UserDBEntry.USER_EMAIL_PROPERTY]; Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_EMAIL, new BPrimitiveType(OldEmail)); Controller_DeliveryEnsurer.Get().DB_UpdateItem_FireAndForget( _Context, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_EMAIL, new BPrimitiveType(_NewEmailChange), new JObject() { [UserDBEntry.KEY_NAME_USER_ID] = RequestedUserID }); } if (_NewUserNameChange != null && _UserObject.ContainsKey(UserDBEntry.USER_NAME_PROPERTY)) { OldUserName = (string)_UserObject[UserDBEntry.USER_NAME_PROPERTY]; Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_NAME, new BPrimitiveType(OldUserName)); Controller_DeliveryEnsurer.Get().DB_UpdateItem_FireAndForget( _Context, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_NAME, new BPrimitiveType(_NewUserNameChange), new JObject() { [UserDBEntry.KEY_NAME_USER_ID] = RequestedUserID }); } Controller_DeliveryEnsurer.Get().DB_UpdateItem_FireAndForget( _Context, UserDBEntry.DBSERVICE_USERS_TABLE(), UserDBEntry.KEY_NAME_USER_ID, UserKey, _UpdateFieldsUserEntry); var NewEmail = _NewEmailChange ?? (string)_UserObject[UserDBEntry.USER_EMAIL_PROPERTY]; var NewUserName = _NewUserNameChange ?? (string)_UserObject[UserDBEntry.USER_NAME_PROPERTY]; Controller_UserActions.Get().BroadcastUserAction(new Action_UserUpdated( RequestedUserID, OldEmail ?? NewEmail, NewEmail, OldUserName ?? NewUserName, NewUserName, _UpdateFieldsUserEntry), _ErrorMessageAction); } if (_UpdateFieldsAuthEntry.Count > 0) { var UserData = JsonConvert.DeserializeObject <UserDBEntry>(_UserObject.ToString()); if (UserData.AuthMethods != null && UserData.AuthMethods.Count > 0) { foreach (var Method in UserData.AuthMethods) { string PasswordMD5 = null; string OldField = null; BPrimitiveType AuthMethodKey = null; switch (Method.Method) { case AuthMethod.Methods.USER_EMAIL_PASSWORD_METHOD: { PasswordMD5 = Method.PasswordMD5; OldField = Method.UserEmail; AuthMethodKey = new BPrimitiveType(Method.UserEmail + PasswordMD5); break; } case AuthMethod.Methods.USER_NAME_PASSWORD_METHOD: { PasswordMD5 = Method.PasswordMD5; OldField = Method.UserName; AuthMethodKey = new BPrimitiveType(Method.UserName + PasswordMD5); break; } case AuthMethod.Methods.API_KEY_METHOD: AuthMethodKey = new BPrimitiveType(Method.ApiKey); break; } if (AuthMethodKey != null) { bool bRecreateNeed = (_NewEmailChange != null && Method.Method == AuthMethod.Methods.USER_EMAIL_PASSWORD_METHOD) || (_NewUserNameChange != null && Method.Method == AuthMethod.Methods.USER_NAME_PASSWORD_METHOD); if (bRecreateNeed) { MemoryService.DeleteKey(CommonData.MemoryQueryParameters, AuthDBEntry.KEY_NAME_AUTH_DB_ENTRY + AuthMethodKey.AsString, _ErrorMessageAction); //No in-memory recreation for security. if (!DatabaseService.DeleteItem( AuthDBEntry.DBSERVICE_AUTHMETHODS_TABLE(), AuthDBEntry.KEY_NAME_AUTH_DB_ENTRY, AuthMethodKey, out JObject DeletedAuthMethodObject, EBReturnItemBehaviour.ReturnAllOld, _ErrorMessageAction)) { DatabaseService.GetItem( AuthDBEntry.DBSERVICE_AUTHMETHODS_TABLE(), AuthDBEntry.KEY_NAME_AUTH_DB_ENTRY, AuthMethodKey, AuthDBEntry.Properties, out DeletedAuthMethodObject, _ErrorMessageAction); Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, AuthDBEntry.DBSERVICE_AUTHMETHODS_TABLE(), AuthDBEntry.KEY_NAME_AUTH_DB_ENTRY, AuthMethodKey); } if (DeletedAuthMethodObject != null) { DeletedAuthMethodObject.Merge(_UpdateFieldsAuthEntry, new JsonMergeSettings() { MergeArrayHandling = MergeArrayHandling.Replace }); _UpdateFieldsAuthEntry = DeletedAuthMethodObject; } if (_NewEmailChange != null && Method.Method == AuthMethod.Methods.USER_EMAIL_PASSWORD_METHOD) { AuthMethodKey = new BPrimitiveType(_NewEmailChange + PasswordMD5); } else if (_NewUserNameChange != null && Method.Method == AuthMethod.Methods.USER_NAME_PASSWORD_METHOD) { AuthMethodKey = new BPrimitiveType(_NewUserNameChange + PasswordMD5); } Controller_DeliveryEnsurer.Get().DB_PutItem_FireAndForget( _Context, AuthDBEntry.DBSERVICE_AUTHMETHODS_TABLE(), AuthDBEntry.KEY_NAME_AUTH_DB_ENTRY, AuthMethodKey, _UpdateFieldsAuthEntry); } else { Controller_DeliveryEnsurer.Get().DB_UpdateItem_FireAndForget( _Context, AuthDBEntry.DBSERVICE_AUTHMETHODS_TABLE(), AuthDBEntry.KEY_NAME_AUTH_DB_ENTRY, AuthMethodKey, _UpdateFieldsAuthEntry); } } } } } return(BWebResponse.StatusOK("User has been updated.")); }
private BWebServiceResponse DeleteUser(HttpListenerContext _Context, out bool _bSetClearanceForApiKeys, out List <string> _ApiKeys, Action <string> _ErrorMessageAction) { _bSetClearanceForApiKeys = false; _ApiKeys = new List <string>(); var UserKey = new BPrimitiveType(RequestedUserID); if (!DatabaseService.GetItem( UserDBEntry.DBSERVICE_USERS_TABLE(), UserDBEntry.KEY_NAME_USER_ID, UserKey, UserDBEntry.Properties, out JObject UserObject, _ErrorMessageAction)) { return(BWebResponse.InternalError("Database fetch-user-info operation has failed.")); } if (UserObject == null) { return(BWebResponse.NotFound("User does not exist.")); } var UserData = JsonConvert.DeserializeObject <UserDBEntry>(UserObject.ToString()); if (UserData.AuthMethods != null && UserData.AuthMethods.Count > 0) { foreach (var AMethod in UserData.AuthMethods) { string OldField = null; BPrimitiveType AuthMethodKey = null; switch (AMethod.Method) { case AuthMethod.Methods.USER_EMAIL_PASSWORD_METHOD: { AuthMethodKey = new BPrimitiveType(AMethod.UserEmail + AMethod.PasswordMD5); OldField = AMethod.UserEmail; break; } case AuthMethod.Methods.USER_NAME_PASSWORD_METHOD: { AuthMethodKey = new BPrimitiveType(AMethod.UserName + AMethod.PasswordMD5); OldField = AMethod.UserName; break; } case AuthMethod.Methods.API_KEY_METHOD: { AuthMethodKey = new BPrimitiveType(AMethod.ApiKey); _bSetClearanceForApiKeys = true; _ApiKeys.Add(AMethod.ApiKey); if (!Controller_AtomicDBOperation.Get().GetClearanceForDBOperation(InnerProcessor, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_API_KEY + ":" + AMethod.ApiKey, _ErrorMessageAction)) { return(BWebResponse.InternalError("Atomic operation control has failed.")); } break; } } if (AuthMethodKey != null) { Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, AuthDBEntry.DBSERVICE_AUTHMETHODS_TABLE(), AuthDBEntry.KEY_NAME_AUTH_DB_ENTRY, AuthMethodKey); MemoryService.DeleteKey(CommonData.MemoryQueryParameters, AuthDBEntry.KEY_NAME_AUTH_DB_ENTRY + AuthMethodKey.AsString, _ErrorMessageAction); } } } MemoryService.DeleteKey(CommonData.MemoryQueryParameters, UserBaseAccessMEntry.M_KEY_NAME_USER_ID + RequestedUserID, _ErrorMessageAction); Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, UserDBEntry.DBSERVICE_USERS_TABLE(), UserDBEntry.KEY_NAME_USER_ID, UserKey); Controller_UserActions.Get().BroadcastUserAction(new Action_UserDeleted ( RequestedUserID, UserData.UserEmail, UserData.UserName, UserData.UserModels, UserData.UserSharedModels ), _ErrorMessageAction); if (UserData.UserEmail != null && UserData.UserEmail.Length > 0) { Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_EMAIL, new BPrimitiveType(UserData.UserEmail)); } if (UserData.UserName != null && UserData.UserName.Length > 0) { Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_NAME, new BPrimitiveType(UserData.UserName)); } foreach (var ApiKey in _ApiKeys) { Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_API_KEY, new BPrimitiveType(ApiKey)); } return(BWebResponse.StatusOK("User has been deleted.")); }
private BWebServiceResponse CreateUser(HttpListenerContext _Context, Action <string> _ErrorMessageAction) { var NewUserParameters = new JObject(); bool bIsInternalCall = BWebUtilities.DoesContextContainHeader(out List <string> ICHVs, out string _, _Context, "internal-call-secret") && BUtility.CheckAndGetFirstStringFromList(ICHVs, out string ICH) && ICH == CommonData.INTERNAL_CALL_PRIVATE_KEY; using (var InputStream = _Context.Request.InputStream) { using (var ResponseReader = new StreamReader(InputStream)) { try { var ParsedBody = JObject.Parse(ResponseReader.ReadToEnd()); var PropertiesList = new List <string>(); foreach (var Child in ParsedBody) { PropertiesList.Add(Child.Key); } foreach (var MustHaveProperty in UserDBEntry.MustHaveProperties) { if (!PropertiesList.Contains(MustHaveProperty)) { return(BWebResponse.BadRequest("Request body must contain all necessary fields.")); } } foreach (var Child in ParsedBody) { if (UserDBEntry.UpdatableProperties.Contains(Child.Key)) { if (!UserDBEntry.UpdatablePropertiesValidityCheck[Child.Key](Child.Value)) { return(BWebResponse.BadRequest("Given field " + Child.Key + " has invalid value.")); } NewUserParameters[Child.Key] = Child.Value; } } } catch (Exception e) { _ErrorMessageAction?.Invoke("User_CreateListUsers->UpdateUserInfo: Read request body stage has failed. Exception: " + e.Message + ", Trace: " + e.StackTrace); return(BWebResponse.BadRequest("Malformed request body. Request must be a valid json form.")); } } } int ExistenceTrial = 0; string NewUserID = null; while (NewUserID == null && ExistenceTrial < 3) { if (!UserDBEntry.GenerateUserID(out NewUserID, _ErrorMessageAction)) { return(BWebResponse.InternalError("User ID generation has failed.")); } if (!Controller_AtomicDBOperation.Get().GetClearanceForDBOperation(InnerProcessor, UserDBEntry.DBSERVICE_USERS_TABLE(), NewUserID, _ErrorMessageAction)) { return(BWebResponse.InternalError("Atomic operation control has failed.")); } if (!DatabaseService.GetItem( UserDBEntry.DBSERVICE_USERS_TABLE(), UserDBEntry.KEY_NAME_USER_ID, new BPrimitiveType(NewUserID), UserDBEntry.MustHaveProperties, out JObject ExistenceCheck, _ErrorMessageAction)) { return(BWebResponse.InternalError("Database existence check operation has failed.")); } if (ExistenceCheck != null) { Controller_AtomicDBOperation.Get().SetClearanceForDBOperationForOthers(InnerProcessor, UserDBEntry.DBSERVICE_USERS_TABLE(), NewUserID, _ErrorMessageAction); NewUserID = null; ExistenceTrial++; } else { break; } } if (NewUserID == null) { return(BWebResponse.InternalError("Unique ID generation operation has failed.")); } //For other elements to be created without any elements var NewUserObject = JsonConvert.DeserializeObject <UserDBEntry>(NewUserParameters.ToString()); bool bEmailAtomicnessSet = false, bUsernameAtomicnessSet = false; try { if (NewUserObject.UserEmail != null && NewUserObject.UserEmail.Length > 0) { NewUserObject.UserEmail = NewUserObject.UserEmail.ToLower(); if (!bIsInternalCall && NewUserObject.UserEmail.EndsWith(Controller_SSOAccessToken.EMAIL_USER_NAME_POSTFIX)) { return(BWebResponse.BadRequest("E-mail address cannot end with " + Controller_SSOAccessToken.EMAIL_USER_NAME_POSTFIX)); } if (!Controller_AtomicDBOperation.Get().GetClearanceForDBOperation(InnerProcessor, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_EMAIL + ":" + NewUserObject.UserEmail, _ErrorMessageAction)) { return(BWebResponse.InternalError("Atomic operation control has failed.")); } bEmailAtomicnessSet = true; if (!DatabaseService.GetItem( UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_EMAIL, new BPrimitiveType(NewUserObject.UserEmail), UniqueUserFieldsDBEntry.Properties, out JObject _ExistenceCheck, _ErrorMessageAction)) { return(BWebResponse.InternalError("Database operation failed.")); } if (_ExistenceCheck != null) { return(BWebResponse.Conflict("A user with same user e-mail already exists.")); } } if (NewUserObject.UserName != null && NewUserObject.UserName.Length > 0) { if (!bIsInternalCall && NewUserObject.UserName.EndsWith(Controller_SSOAccessToken.EMAIL_USER_NAME_POSTFIX)) { return(BWebResponse.BadRequest("Username cannot end with " + Controller_SSOAccessToken.EMAIL_USER_NAME_POSTFIX)); } if (!Controller_AtomicDBOperation.Get().GetClearanceForDBOperation(InnerProcessor, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_NAME + ":" + NewUserObject.UserName, _ErrorMessageAction)) { return(BWebResponse.InternalError("Atomic operation control has failed.")); } bUsernameAtomicnessSet = true; if (!DatabaseService.GetItem( UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_NAME, new BPrimitiveType(NewUserObject.UserName), UniqueUserFieldsDBEntry.Properties, out JObject _ExistenceCheck, _ErrorMessageAction)) { return(BWebResponse.InternalError("Database operation failed.")); } if (_ExistenceCheck != null) { return(BWebResponse.Conflict("A user with same username already exists.")); } } if (!Controller_Rights_Internal.Get().PerformGetRequestToGetGloballySharedModelIds(out List <string> GloballySharedModelIds, _ErrorMessageAction)) { return(BWebResponse.InternalError("Get-globally-shared-models operation failed.")); } NewUserObject.UserSharedModels = GloballySharedModelIds; if (!DatabaseService.UpdateItem( UserDBEntry.DBSERVICE_USERS_TABLE(), UserDBEntry.KEY_NAME_USER_ID, new BPrimitiveType(NewUserID), JObject.Parse(JsonConvert.SerializeObject(NewUserObject)), out JObject _, EBReturnItemBehaviour.DoNotReturn, DatabaseService.BuildAttributeNotExistCondition(UserDBEntry.KEY_NAME_USER_ID), _ErrorMessageAction)) { return(BWebResponse.InternalError("Database operation failed.")); } if (!Controller_Rights_Internal.Get().GetUserDefaultRights(out JArray DefaultRights, NewUserID, _ErrorMessageAction)) { Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, UserDBEntry.DBSERVICE_USERS_TABLE(), UserDBEntry.KEY_NAME_USER_ID, new BPrimitiveType(NewUserID)); return(BWebResponse.InternalError("Default rights obtaining operation has failed.")); } if (!Controller_Rights_Internal.Get().GrantUserWithRights(true, NewUserID, DefaultRights, _ErrorMessageAction)) { Controller_DeliveryEnsurer.Get().DB_DeleteItem_FireAndForget( _Context, UserDBEntry.DBSERVICE_USERS_TABLE(), UserDBEntry.KEY_NAME_USER_ID, new BPrimitiveType(NewUserID)); return(BWebResponse.InternalError("Right granting operation has failed.")); } if (NewUserObject.UserEmail != null && NewUserObject.UserEmail.Length > 0) { Controller_DeliveryEnsurer.Get().DB_UpdateItem_FireAndForget( _Context, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_EMAIL, new BPrimitiveType(NewUserObject.UserEmail), new JObject() { [UserDBEntry.KEY_NAME_USER_ID] = NewUserID }); } if (NewUserObject.UserName != null && NewUserObject.UserName.Length > 0) { Controller_DeliveryEnsurer.Get().DB_UpdateItem_FireAndForget( _Context, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_NAME, new BPrimitiveType(NewUserObject.UserName), new JObject() { [UserDBEntry.KEY_NAME_USER_ID] = NewUserID }); } Controller_UserActions.Get().BroadcastUserAction(new Action_UserCreated( NewUserID, NewUserObject.UserEmail, NewUserObject.UserName ), _ErrorMessageAction); } finally { Controller_AtomicDBOperation.Get().SetClearanceForDBOperationForOthers(InnerProcessor, UserDBEntry.DBSERVICE_USERS_TABLE(), NewUserID, _ErrorMessageAction); if (bEmailAtomicnessSet) { Controller_AtomicDBOperation.Get().SetClearanceForDBOperationForOthers(InnerProcessor, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_EMAIL + ":" + NewUserObject.UserEmail, _ErrorMessageAction); } if (bUsernameAtomicnessSet) { Controller_AtomicDBOperation.Get().SetClearanceForDBOperationForOthers(InnerProcessor, UniqueUserFieldsDBEntry.DBSERVICE_UNIQUEUSERFIELDS_TABLE(), UniqueUserFieldsDBEntry.KEY_NAME_USER_NAME + ":" + NewUserObject.UserName, _ErrorMessageAction); } } return(BWebResponse.StatusCreated("User has been created.", new JObject() { [UserDBEntry.KEY_NAME_USER_ID] = NewUserID })); }