/// <summary>
/// Method to create one user
/// </summary>
///
/// <param name="thisUser">
/// User performing operation
/// </param>
///
/// <param name="operatedUser">
/// User to create
/// </param>
///
/// <returns>
/// True to indicate success or error if failed
/// </returns>
public User SingleCreateUsers(User invokingUser, User operatedUser)
{
// Check permissions for user performing operation
bool permissionResult = _userManagementService.CheckPermission(invokingUser, operatedUser, "Create");
if (permissionResult)
{
StringCheckerService emailChecker = new StringCheckerService(operatedUser.Email);
StringCheckerService firstNameChecker = new StringCheckerService(operatedUser.FirstName);
StringCheckerService lastNameChecker = new StringCheckerService(operatedUser.LastName);
if (!firstNameChecker.isValidName() || !lastNameChecker.isValidName())
{
operatedUser.ErrorMessage = "Invalid names";
}
else if (emailChecker.isValidEmail())
{
if (_DataAccessService.GetUserByEmail(operatedUser.Email) != null)
{
operatedUser.ErrorMessage = "Email already registered";
}
else
{
_DataAccessService.CreateUser(operatedUser, true);
if ((_DataAccessService.GetUserByEmail(operatedUser.Email) == null) &&
(operatedUser.ErrorMessage == null))
{
operatedUser.ErrorMessage = "Email failed to register";
}
}
}
else
{
operatedUser.ErrorMessage = "Email malformed";
}
}
else
{
operatedUser.ErrorMessage = "Invalid permissions";
}
if (!operatedUser.ErrorMessage.Equals(""))
{
_loggingManager.Log("User Creation", operatedUser.ErrorMessage);
}
else
{
_loggingManager.Log("User Creation", "");
}
return(operatedUser);
}
/// <summary>
/// used to update user table values
/// </summary>
///
/// <param name="user">
/// User to edit, has the changed values
/// </param>
///
/// <param passwordCheck="passwordCheck">
/// do a password security check.
/// </param>
///
/// <returns></returns>
public bool UpdateUserPass(User user, bool passwordCheck)
{
//TODO: for this the authentication module's GetHashedPassword() method needs to be fixed for this to work.
bool idFound = CheckIDExistence(user.SystemID);
if (!idFound)
{
user.ErrorMessage = "System ID not found";
return(false);
}
else
{
if (passwordCheck)
{
StringCheckerService sc = new StringCheckerService(user.Password);
// Password is secured
if (sc.isSecurePassword())
{
DatabaseQuery dq = new DatabaseQuery();
MessageSalt msalt = new MessageSalt(user.Password, user.Salt);
msalt.GenerateHash();
user.Password = msalt.message;
user.Salt = msalt.salt;
dq.UpdateQuery("user_information", "hashed_password", user.Password, "userID", user.SystemID.ToString());
dq.UpdateQuery("user_information", "salt", user.Salt, "userID", user.SystemID.ToString());
return(true);
}
else
{
user.ErrorMessage = "Password is not secured";
return(false);
}
}
else
{
DatabaseQuery dq = new DatabaseQuery();
MessageSalt msalt = new MessageSalt(user.Password, user.Salt);
msalt.GenerateHash();
user.Password = msalt.message;
user.Salt = msalt.salt;
dq.UpdateQuery("user_information", "hashed_password", user.Password, "userID", user.SystemID.ToString());
dq.UpdateQuery("user_information", "salt", user.Salt, "userID", user.SystemID.ToString());
return(true);
}
}
}
public IActionResult UpdateUserProfile(ProfileUpdateInput userInput)
{
if (userInput == null || userInput == new ProfileUpdateInput(null, null, null, null, null, false))//this did not do its job.
{
return(StatusCode(StatusCodes.Status400BadRequest));
}
bool passwordCheck = _authenticationService.ComparePasswords(userInput.Email, userInput.Password);
if (!passwordCheck)
{
return(StatusCode(StatusCodes.Status400BadRequest));
}
User user = new User(userInput);//this holds the new password
user.SystemID = _userManagementManager.getIDByEmail(userInput.Email);
List <string> editedValues = new List <string>();
if (userInput.NewPassword != null)
{
editedValues.Add("Password");
}
StringCheckerService firstNameChecker = new StringCheckerService(userInput.FirstName);
StringCheckerService lastNameChecker = new StringCheckerService(userInput.LastName);
if (!firstNameChecker.isValidName() || !lastNameChecker.isValidName())
{
return(StatusCode(StatusCodes.Status400BadRequest));
}
editedValues.Add("FirstName");
editedValues.Add("LastName");
editedValues.Add("AccountStatus");
try
{
foreach (string i in editedValues)
{
_userManagementManager.SingleUpdateUser(doAsUser.systemAdmin(), user, i);
}
}
catch (ArgumentException)
{
return(StatusCode(StatusCodes.Status400BadRequest));
}
return(StatusCode(StatusCodes.Status200OK));
}
/// <summary>
/// Method to insert user into database
/// </summary>
///
/// <param name="user">
/// User to be created
/// </param>
///
/// <param name="passwordCheck">
/// Boolean to enable or disable password check
/// </param>
///
/// <returns>
/// true if user is inserted into database; false otherwise
/// </returns>
public bool CreateUser(User user, bool passwordCheck)
{
bool idFound = CheckIDExistence(user.SystemID);
if (idFound)
{
user.ErrorMessage = "ID already exists"; return(false);
}
bool emailFound = (GetUserByEmail(user.Email) != null);
if (emailFound)
{
user.ErrorMessage = "email already registered"; return(false);
}
else
{
if (passwordCheck)
{
StringCheckerService sc = new StringCheckerService(user.Password);
if (sc.isSecurePassword())
{
DatabaseQuery dq = new DatabaseQuery();
dq.InsertUserAcc(user);
return(true);
}
else
{
user.ErrorMessage = "Password is not secured";
return(false);
}
}
else
{
DatabaseQuery dq = new DatabaseQuery();
dq.InsertUserAcc(user);
return(true);
}
}
}
