// POST: api/Authentication
public IHttpActionResult Post(Authentication AuthData)
{
if (AuthData == null || !AuthData.IsComplete())
{
return(BadRequest("Authentication data required but not provided"));
}
DataAccessSoapClient ws = new DataAccessSoapClient();
string token = ws.Login(AuthData.username, AuthData.password, new DataAccessWS.UserRole[2] {
DataAccessWS.UserRole.BUYER, DataAccessWS.UserRole.SELLER
});
if (string.IsNullOrEmpty(token))
{
return(StatusCode(HttpStatusCode.Unauthorized));
}
IdentityWSSoapClient idWS = new IdentityWSSoapClient();
IdentityData idData = idWS.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
User user = ws.FindUserByUsername(idData.Username);
return(Ok(new AuthToken {
Token = token,
Username = idData.Username,
Role = idData.Role.ToString(),
Id = user.Id
}));
}
private bool CheckUserBuyer(string AuthToken)
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData Data = ws.GetIdentity(new Security {
BinarySecurityToken = AuthToken
});
if (Data == null || Data.Role != UserRole.BUYER)
{
return(false);
}
return(true);
}
private bool ValidateClientIdentity(string token, long userId)
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
DataAccessSoapClient dataWS = new DataAccessSoapClient();
User target = dataWS.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, userId);
return(identity != null && target != null &&
identity.Username.Equals(target.Username) && identity.Role.ToString().Equals(target.Role.ToString()));
}
private IHttpActionResult ValidateUserCanBeDeleted(string authToken)
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = authToken
});
DataAccessSoapClient dataWS = new DataAccessSoapClient();
OrderData[] orders = dataWS.FindOrdersByUsername(new DataAccessWS.Security {
BinarySecurityToken = authToken
}, identity.Username);
if (orders != null && orders.Length > 0)
{
return(BadRequest("User cannot be removed since he/she has registered orders"));
}
return(null);
}
private async Task <bool> listOrders(Message message)
{
string[] parts = message.Text.Split(new char[0]);
if (parts.Length != 2)
{
await BotClient.SendTextMessageAsync(message.Chat.Id, "Listorders command format: /listorders authToken");
return(false);
}
else
{
string authToken = parts[1];
IdentityWSSoapClient iWS = new IdentityWSSoapClient();
IdentityData identity = null;
try
{
identity = iWS.GetIdentity(new identityWS.Security {
BinarySecurityToken = authToken
});
}
catch (Exception ex)
{
await BotClient.SendTextMessageAsync(message.Chat.Id, "An error occurred " + ex.Message);
return(false);
}
if (identity != null)
{
DataAccessSoapClient ws = new DataAccessSoapClient();
OrderData[] orders = ws.FindOrdersByUsername(new DataAccessWS.Security {
BinarySecurityToken = authToken
}, identity.Username);
string response = "";
foreach (var o in orders)
{
response += "{" + o.OrderNumber + "} " + o.DateCreated.ToShortDateString() +
" [" + o.State.ToString() + "]\n";
}
await BotClient.SendTextMessageAsync(message.Chat.Id, response);
return(true);
}
return(false);
}
}
private IHttpActionResult ValidateToken(string token)
{
if (string.IsNullOrEmpty(token))
{
return(Unauthorized());
}
try
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
}
catch (FaultException ex)
{
return(BadRequest("Invalid security token"));
}
return(null);
}
private IHttpActionResult ValidateClientIsSeller(string token)
{
try
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
if (identity != null && identity.Role != IdentityWS.UserRole.SELLER)
{
return(Unauthorized());
}
}
catch (FaultException ex)
{
return(BadRequest("Invalid security token"));
}
return(null);
}
private IHttpActionResult ValidateSeller(string token, string username)
{
try
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
if (identity == null)
{
return(Unauthorized());
}
if (!identity.Username.Equals(username))
{
return(Unauthorized());
}
}
catch (FaultException ex)
{
return(BadRequest("Invalid security token"));
}
return(null);
}
private IHttpActionResult ValidateOwnerProduct(string token, long productId)
{
try
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
if (identity == null)
{
return(Unauthorized());
}
DataAccessSoapClient dataWS = new DataAccessSoapClient();
var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
Product target = dataWS.FindProduct(new DataAccessWS.Security {
BinarySecurityToken = token
}, productId);
if (target == null)
{
return(NotFound());
}
User owner = dataWS.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, target.seller_id);
if (!owner.Username.Equals(identity.Username))
{
return(Unauthorized());
}
}
catch (FaultException ex)
{
return(BadRequest("Invalid security token"));
}
return(null);
}
