public object Login(string username, string password) { var user = uow.UserRepository.Get(u => u.username == username && u.password == password, includeProperties: "Groups,AdministeredCourses,EnrolledCourses").FirstOrDefault(); if (user != null) { var token = Guid.NewGuid(); user.Token = Utilities.Protect(token.ToString(), "auth"); user.Sessions = new List <UserSession>(); user.Sessions.Add(new UserSession { DateCreated = DateTime.Now, Token = token }); uow.Save(); user.AvailableCourses = GetUserAvailableCourses(user); var u = UsersController.GetUserUIObject(user); Nlog.Log(LogLevel.Info, $"User {username} successfully logged in."); var userString = JsonConvert.SerializeObject(u); //HttpContext.Current.Response.Cookies.Add(new HttpCookie("pprojects_user_token", Utilities.Protect(token.ToString(), "cookie"))); //HttpContext.Current.Response.Cookies.Add(new HttpCookie("pprojects_user", Utilities.Protect(userString, "cookie"))); return(u); } Nlog.Log(LogLevel.Info, $"Wrong username or password. User {username}, Pass: {password} Ip: {GetClientIp()}"); return(new HttpResponseMessage { StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Neispravno korisničko ime ili lozinka") }); }
public object UpdateUser(User user) { HttpResponseMessage message = new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized }; if (CurrentUser.IsAdmin || CurrentUser.id == user.id) { if (ValidateUser(user, out message)) { var u = uow.UserRepository.GetByID(user.id); if (u != null) { var text = $"User data for {user.username} successfully changed. Changed by: {CurrentUser.username} - name={u.name}=>{user.name} surname={u.surname}=>{user.surname} email={u.email}=>{user.email} username={u.username}=>{user.username}"; u.name = user.name; u.surname = user.surname; u.email = user.email; u.registrationCode = user.registrationCode; u.username = user.username; uow.Save(); Nlog.Log(LogLevel.Info, text); } return(user); } } return(message); }
public object CheckRecoveryCode(dynamic data) { var encryptedId = data.data; try { if (encryptedId != null) { var sId = Utilities.Unprotect(encryptedId.ToString()); int id; if (int.TryParse(sId, out id)) { var user = uow.UserRepository.GetByID(id); if (user != null) { return new { user.id, user.username } } ; } } } catch (CryptographicException ex) { Nlog.Log(LogLevel.Error, ex, $"CheckRecoveryCode {data}"); } Nlog.Log(LogLevel.Error, $"CheckRecoveryCode: recovery code error: {data}"); return(new HttpResponseMessage { StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Greška u kodu za oporavak.") }); }
public object UpdatePassword(PasswordChange obj) { HttpResponseMessage message; try { if (ValidatePassword(obj, out message)) { /*int id = -1; * if (obj.id != null) * { * var sId = Utilities.Unprotect(obj.id); * int.TryParse(sId, out id); * * }*/ int id = CurrentUser?.id ?? 0; if (id == 0 && obj.code == null) { if (obj.id != null) { var sId = Utilities.Unprotect(obj.id); int.TryParse(sId, out id); } } var user = id > 0 ? uow.UserRepository.GetByID(id) : uow.UserRepository.Get(u => u.registrationCode == obj.code).FirstOrDefault(); if (user != null) { user.password = obj.password; uow.Save(); Nlog.Log(LogLevel.Info, $"User {user?.username} successfully updated password."); return(obj); } return(new HttpResponseMessage(HttpStatusCode.BadRequest)); } return(message); } catch (CryptographicException ex) { Nlog.Log(LogLevel.Error, ex, $"UpdatePassword. CurrentUser: {CurrentUser?.name} id: {obj.id}"); } return(new HttpResponseMessage { StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Greška u postavljanju lozinke.") }); }
public object SendRecoveryLink(string email) { var user = uow.UserRepository.Get(u => u.email == email).FirstOrDefault(); if (user == null) { return new HttpResponseMessage { StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Email ne postoji u bazi korisnika.") } } ; var encryptedId = Utilities.Protect(user.id.ToString()); var link = Utilities.GetSiteUrl() + "/#/passrecovery/" + HttpUtility.UrlEncode(encryptedId); var body = $"<a href=\"{link}\">Kliknite da biste otvorili stranicu za promjenu lozinke.</a>"; Nlog.Log(LogLevel.Info, $"User {email} requested recovery link."); Utilities.SendMail(email, "Postavljanje nove lozinke za Portal za završne radove", body); return($"Email s linkom za oporavak je poslan na adresu {email}."); }