public static otpview updateEntity(otpview entityObjct, DTOotpview dto)
{
if (entityObjct == null)
{
entityObjct = new otpview();
}
entityObjct.User_ID = dto.User_ID;
entityObjct.otpCode = dto.otpCode;
entityObjct.otpRetryCount = dto.otpRetryCount;
entityObjct.otpExpirationTime = dto.otpExpirationTime;
entityObjct.otpNextAllowedTime = dto.otpNextAllowedTime;
entityObjct.otpRecordCreated = dto.otpRecordCreated;
return(entityObjct);
}
public IHttpActionResult sendUserOTPAndSaveOTP(int UserID, bool isResend)
{
string userPhoneNum = getPhoneNumFromUserID(UserID);
string correctPhoneNum = getCorrectPhoneNumFormat(userPhoneNum);
string newOTP = generateOTP();
otpview toUpdate = (from c in db.otpviews where c.User_ID == UserID select c).SingleOrDefault();
DTOotpview dtoOtpView = new DTOotpview(toUpdate);
if (isResend)
{
dtoOtpView.otpRetryCount += 1; //increment the retrycount
if (dtoOtpView.otpRetryCount < 3) //still a valid attempt
{
sendEmailViaWebApi(correctPhoneNum, "Hello from Nanofin! Your OTP for your transaction is: " + newOTP);
dtoOtpView.otpCode = newOTP;
//dtoOtpView.otpRetryCount has been set above
dtoOtpView.otpExpirationTime = DateTime.Now.AddMinutes(3);
dtoOtpView.otpNextAllowedTime = null; //remains null as long as the user isn't blocked
dtoOtpView.otpRecordCreated = DateTime.Now;
toUpdate = EntityMapper.updateEntity(toUpdate, dtoOtpView);
db.Entry(toUpdate).State = EntityState.Modified;
db.SaveChanges();
return(Content(HttpStatusCode.OK, "OTP Resent Successfully"));
}
if (dtoOtpView.otpRetryCount == 3)//too many attempts: user can request new OTP after a defined time=>blocked
{
dtoOtpView.otpCode = null;
dtoOtpView.otpRetryCount = 3;
dtoOtpView.otpExpirationTime = null;
dtoOtpView.otpNextAllowedTime = DateTime.Now.AddMinutes(2);//block time
dtoOtpView.otpRecordCreated = DateTime.Now;
toUpdate = EntityMapper.updateEntity(toUpdate, dtoOtpView);
db.Entry(toUpdate).State = EntityState.Modified;
db.SaveChanges();
return(Content(HttpStatusCode.OK, "User blocked, OTP not Resent"));
}
return(StatusCode(HttpStatusCode.NoContent));
}
else //not a resend: first time being sent
{
Nullable <DateTime> nowTime = DateTime.Now;
//check if user is blocked: User is not blocked timeNow>next allowed time
if (dtoOtpView.otpNextAllowedTime == null || (Nullable.Compare(nowTime, dtoOtpView.otpNextAllowedTime) > 0))
{
sendEmailViaWebApi(correctPhoneNum, "Hello from Nanofin! Your OTP for your transaction is: " + newOTP);
dtoOtpView.otpCode = newOTP;
dtoOtpView.otpRetryCount = 0;
dtoOtpView.otpExpirationTime = DateTime.Now.AddMinutes(1); //expiry time
dtoOtpView.otpNextAllowedTime = null; //remains null as long as the user isn't blocked
dtoOtpView.otpRecordCreated = DateTime.Now;
toUpdate = EntityMapper.updateEntity(toUpdate, dtoOtpView);
db.Entry(toUpdate).State = EntityState.Modified;
db.SaveChanges();
return(Content(HttpStatusCode.OK, "OTP Sent sucessfully first time"));
}
else //user is still blocked
{
return(Content(HttpStatusCode.OK, "User is still blocked"));
}
}
}
