public object Login(string username, string password)
{
var user = uow.UserRepository.Get(u => u.username == username && u.password == password, includeProperties: "Groups,AdministeredCourses,EnrolledCourses").FirstOrDefault();
if (user != null)
{
var token = Guid.NewGuid();
user.Token = Utilities.Protect(token.ToString(), "auth");
user.Sessions = new List <UserSession>();
user.Sessions.Add(new UserSession {
DateCreated = DateTime.Now, Token = token
});
uow.Save();
user.AvailableCourses = GetUserAvailableCourses(user);
var u = UsersController.GetUserUIObject(user);
Nlog.Log(LogLevel.Info, $"User {username} successfully logged in.");
var userString = JsonConvert.SerializeObject(u);
//HttpContext.Current.Response.Cookies.Add(new HttpCookie("pprojects_user_token", Utilities.Protect(token.ToString(), "cookie")));
//HttpContext.Current.Response.Cookies.Add(new HttpCookie("pprojects_user", Utilities.Protect(userString, "cookie")));
return(u);
}
Nlog.Log(LogLevel.Info, $"Wrong username or password. User {username}, Pass: {password} Ip: {GetClientIp()}");
return(new HttpResponseMessage {
StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Neispravno korisničko ime ili lozinka")
});
}
public object UpdateUser(User user)
{
HttpResponseMessage message = new HttpResponseMessage {
StatusCode = HttpStatusCode.Unauthorized
};
if (CurrentUser.IsAdmin || CurrentUser.id == user.id)
{
if (ValidateUser(user, out message))
{
var u = uow.UserRepository.GetByID(user.id);
if (u != null)
{
var text = $"User data for {user.username} successfully changed. Changed by: {CurrentUser.username} - name={u.name}=>{user.name} surname={u.surname}=>{user.surname} email={u.email}=>{user.email} username={u.username}=>{user.username}";
u.name = user.name;
u.surname = user.surname;
u.email = user.email;
u.registrationCode = user.registrationCode;
u.username = user.username;
uow.Save();
Nlog.Log(LogLevel.Info, text);
}
return(user);
}
}
return(message);
}
public object CheckRecoveryCode(dynamic data)
{
var encryptedId = data.data;
try
{
if (encryptedId != null)
{
var sId = Utilities.Unprotect(encryptedId.ToString());
int id;
if (int.TryParse(sId, out id))
{
var user = uow.UserRepository.GetByID(id);
if (user != null)
{
return new { user.id, user.username }
}
;
}
}
}
catch (CryptographicException ex)
{
Nlog.Log(LogLevel.Error, ex, $"CheckRecoveryCode {data}");
}
Nlog.Log(LogLevel.Error, $"CheckRecoveryCode: recovery code error: {data}");
return(new HttpResponseMessage {
StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Greška u kodu za oporavak.")
});
}
public object UpdatePassword(PasswordChange obj)
{
HttpResponseMessage message;
try
{
if (ValidatePassword(obj, out message))
{
/*int id = -1;
* if (obj.id != null)
* {
* var sId = Utilities.Unprotect(obj.id);
* int.TryParse(sId, out id);
*
* }*/
int id = CurrentUser?.id ?? 0;
if (id == 0 && obj.code == null)
{
if (obj.id != null)
{
var sId = Utilities.Unprotect(obj.id);
int.TryParse(sId, out id);
}
}
var user = id > 0 ? uow.UserRepository.GetByID(id) : uow.UserRepository.Get(u => u.registrationCode == obj.code).FirstOrDefault();
if (user != null)
{
user.password = obj.password;
uow.Save();
Nlog.Log(LogLevel.Info, $"User {user?.username} successfully updated password.");
return(obj);
}
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
return(message);
}
catch (CryptographicException ex)
{
Nlog.Log(LogLevel.Error, ex, $"UpdatePassword. CurrentUser: {CurrentUser?.name} id: {obj.id}");
}
return(new HttpResponseMessage {
StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Greška u postavljanju lozinke.")
});
}
public object SendRecoveryLink(string email)
{
var user = uow.UserRepository.Get(u => u.email == email).FirstOrDefault();
if (user == null)
{
return new HttpResponseMessage {
StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Email ne postoji u bazi korisnika.")
}
}
;
var encryptedId = Utilities.Protect(user.id.ToString());
var link = Utilities.GetSiteUrl() + "/#/passrecovery/" + HttpUtility.UrlEncode(encryptedId);
var body = $"<a href=\"{link}\">Kliknite da biste otvorili stranicu za promjenu lozinke.</a>";
Nlog.Log(LogLevel.Info, $"User {email} requested recovery link.");
Utilities.SendMail(email, "Postavljanje nove lozinke za Portal za završne radove", body);
return($"Email s linkom za oporavak je poslan na adresu {email}.");
}
