/// <summary> /// Method to create one user /// </summary> /// /// <param name="thisUser"> /// User performing operation /// </param> /// /// <param name="operatedUser"> /// User to create /// </param> /// /// <returns> /// True to indicate success or error if failed /// </returns> public User SingleCreateUsers(User invokingUser, User operatedUser) { // Check permissions for user performing operation bool permissionResult = _userManagementService.CheckPermission(invokingUser, operatedUser, "Create"); if (permissionResult) { StringCheckerService emailChecker = new StringCheckerService(operatedUser.Email); StringCheckerService firstNameChecker = new StringCheckerService(operatedUser.FirstName); StringCheckerService lastNameChecker = new StringCheckerService(operatedUser.LastName); if (!firstNameChecker.isValidName() || !lastNameChecker.isValidName()) { operatedUser.ErrorMessage = "Invalid names"; } else if (emailChecker.isValidEmail()) { if (_DataAccessService.GetUserByEmail(operatedUser.Email) != null) { operatedUser.ErrorMessage = "Email already registered"; } else { _DataAccessService.CreateUser(operatedUser, true); if ((_DataAccessService.GetUserByEmail(operatedUser.Email) == null) && (operatedUser.ErrorMessage == null)) { operatedUser.ErrorMessage = "Email failed to register"; } } } else { operatedUser.ErrorMessage = "Email malformed"; } } else { operatedUser.ErrorMessage = "Invalid permissions"; } if (!operatedUser.ErrorMessage.Equals("")) { _loggingManager.Log("User Creation", operatedUser.ErrorMessage); } else { _loggingManager.Log("User Creation", ""); } return(operatedUser); }
/// <summary> /// used to update user table values /// </summary> /// /// <param name="user"> /// User to edit, has the changed values /// </param> /// /// <param passwordCheck="passwordCheck"> /// do a password security check. /// </param> /// /// <returns></returns> public bool UpdateUserPass(User user, bool passwordCheck) { //TODO: for this the authentication module's GetHashedPassword() method needs to be fixed for this to work. bool idFound = CheckIDExistence(user.SystemID); if (!idFound) { user.ErrorMessage = "System ID not found"; return(false); } else { if (passwordCheck) { StringCheckerService sc = new StringCheckerService(user.Password); // Password is secured if (sc.isSecurePassword()) { DatabaseQuery dq = new DatabaseQuery(); MessageSalt msalt = new MessageSalt(user.Password, user.Salt); msalt.GenerateHash(); user.Password = msalt.message; user.Salt = msalt.salt; dq.UpdateQuery("user_information", "hashed_password", user.Password, "userID", user.SystemID.ToString()); dq.UpdateQuery("user_information", "salt", user.Salt, "userID", user.SystemID.ToString()); return(true); } else { user.ErrorMessage = "Password is not secured"; return(false); } } else { DatabaseQuery dq = new DatabaseQuery(); MessageSalt msalt = new MessageSalt(user.Password, user.Salt); msalt.GenerateHash(); user.Password = msalt.message; user.Salt = msalt.salt; dq.UpdateQuery("user_information", "hashed_password", user.Password, "userID", user.SystemID.ToString()); dq.UpdateQuery("user_information", "salt", user.Salt, "userID", user.SystemID.ToString()); return(true); } } }
public IActionResult UpdateUserProfile(ProfileUpdateInput userInput) { if (userInput == null || userInput == new ProfileUpdateInput(null, null, null, null, null, false))//this did not do its job. { return(StatusCode(StatusCodes.Status400BadRequest)); } bool passwordCheck = _authenticationService.ComparePasswords(userInput.Email, userInput.Password); if (!passwordCheck) { return(StatusCode(StatusCodes.Status400BadRequest)); } User user = new User(userInput);//this holds the new password user.SystemID = _userManagementManager.getIDByEmail(userInput.Email); List <string> editedValues = new List <string>(); if (userInput.NewPassword != null) { editedValues.Add("Password"); } StringCheckerService firstNameChecker = new StringCheckerService(userInput.FirstName); StringCheckerService lastNameChecker = new StringCheckerService(userInput.LastName); if (!firstNameChecker.isValidName() || !lastNameChecker.isValidName()) { return(StatusCode(StatusCodes.Status400BadRequest)); } editedValues.Add("FirstName"); editedValues.Add("LastName"); editedValues.Add("AccountStatus"); try { foreach (string i in editedValues) { _userManagementManager.SingleUpdateUser(doAsUser.systemAdmin(), user, i); } } catch (ArgumentException) { return(StatusCode(StatusCodes.Status400BadRequest)); } return(StatusCode(StatusCodes.Status200OK)); }
/// <summary> /// Method to insert user into database /// </summary> /// /// <param name="user"> /// User to be created /// </param> /// /// <param name="passwordCheck"> /// Boolean to enable or disable password check /// </param> /// /// <returns> /// true if user is inserted into database; false otherwise /// </returns> public bool CreateUser(User user, bool passwordCheck) { bool idFound = CheckIDExistence(user.SystemID); if (idFound) { user.ErrorMessage = "ID already exists"; return(false); } bool emailFound = (GetUserByEmail(user.Email) != null); if (emailFound) { user.ErrorMessage = "email already registered"; return(false); } else { if (passwordCheck) { StringCheckerService sc = new StringCheckerService(user.Password); if (sc.isSecurePassword()) { DatabaseQuery dq = new DatabaseQuery(); dq.InsertUserAcc(user); return(true); } else { user.ErrorMessage = "Password is not secured"; return(false); } } else { DatabaseQuery dq = new DatabaseQuery(); dq.InsertUserAcc(user); return(true); } } }