public string Post([FromBody] TbIuser value) { //Check existing if (dbContext.TbIusers.Any(user => user.Username.Equals(value.Username))) { TbIuser user = dbContext.TbIusers.Where(user => user.Username.Equals(value.Username)).First(); //Calculate hash password from data of Client and compare with hash in server with salt. var client_post_hash_password = Convert.ToBase64String( Common.SaltHashPassword( Encoding.ASCII.GetBytes(value.Password), Convert.FromBase64String(user.Salt))); if (client_post_hash_password.Equals(user.Password)) { Response.StatusCode = StatusCodes.Status200OK; return(JsonConvert.SerializeObject(user)); } else { Response.StatusCode = StatusCodes.Status403Forbidden; return(JsonConvert.SerializeObject("Wrong Password")); } } else { Response.StatusCode = StatusCodes.Status403Forbidden; return(JsonConvert.SerializeObject("User is not existing in Database")); } }
/// <summary> /// Registration with username, password and Customer id. /// </summary> /// <param name="userRegisterDTO">User model</param> /// <returns> /// Returns the result message of the request. /// </returns> public HttpResponseMessage Post([FromBody] UserRegisterDTO userRegisterDTO) { var response = new HttpResponseMessage(HttpStatusCode.OK); //check User have existing in database if (!(northwindContext.TbIuser.Any(u => u.Username.Equals(userRegisterDTO.Username))) && !(northwindContext.TbIuser.Any(u => u.CustomerId.Equals(userRegisterDTO.CustomerId)))) { ValidatorResult validatorResult = UserValidator.IsValidUser(userRegisterDTO); if (!validatorResult.IsValid) { response.StatusCode = HttpStatusCode.PreconditionFailed; response.Content = new StringContent(JsonConvert.SerializeObject(validatorResult.ValidationMessage)); return(response); } TbIuser user = new TbIuser(); user.Username = userRegisterDTO.Username.Trim(); var customer = northwindContext.Customers.Find(userRegisterDTO.CustomerId); if (customer == null) { response.StatusCode = HttpStatusCode.PreconditionFailed; response.Content = new StringContent(JsonConvert.SerializeObject("Wrong CustomerId.")); return(response); } user.CustomerId = userRegisterDTO.CustomerId; user.Salt = Convert.ToBase64String(Common.GetRandomSalt(16)); user.Password = Convert.ToBase64String(Common.SaltHashPassword( Encoding.ASCII.GetBytes(userRegisterDTO.Password), Convert.FromBase64String(user.Salt))); user.FullName = userRegisterDTO.FullName.Trim(); //Add to DB try { northwindContext.Add(user); northwindContext.SaveChanges(); response.Content = new StringContent(JsonConvert.SerializeObject("Register successfully")); return(response); } catch (Exception e) { response.StatusCode = HttpStatusCode.InternalServerError; response.Content = new StringContent(JsonConvert.SerializeObject(e.Message)); return(response); } } else { response.StatusCode = HttpStatusCode.PreconditionFailed; response.Content = new StringContent(JsonConvert.SerializeObject("User is existing in Database.")); return(response); } }
public static UserForJson ConvertUserToJsonUser(TbIuser tbIuser) { UserForJson userForJson = new UserForJson( username: tbIuser.Username, password: tbIuser.Password, fullName: tbIuser.FullName, email: tbIuser.Email, phoneNumber: tbIuser.PhoneNumber, gender: tbIuser.Gender == Gender.Male?1: tbIuser.Gender == Gender.Female?2: tbIuser.Gender == Gender.Other?3:0, role: tbIuser.Role == Role.Administrator ? 1 : tbIuser.Role == Role.User ?2:0, salt: tbIuser.Salt, dateOfBirth: tbIuser.DateOfBirth.ToString() ); return(userForJson); }
public static TbIuser ConvertJsonUserToUser(UserForJson userForJson) { DateTime dateTime = new DateTime(); DateTime.TryParse(userForJson.DateOfBirth, out dateTime); TbIuser tbIuser = new TbIuser( username: userForJson.Username, password: userForJson.Password, fullName: userForJson.FullName, email: userForJson.Email, phoneNumber: userForJson.PhoneNumber, gender: userForJson.Gender == 1?Gender.Male: userForJson.Gender == 2?Gender.Female: userForJson.Gender == 3?Gender.Other:0, role: userForJson.Role == 1?Role.Administrator:userForJson.Role == 2?Role.User:0, salt: userForJson.Salt, dateOfBirth: dateTime ); return(tbIuser); }
public string Post([FromBody] UserForJson value) { //check User have existing in database if (!dbContext.TbIusers.Any(user => user.Username.Equals(value.Username))) { TbIuser tbIuser = UserConverter.ConvertJsonUserToUser(value); ValidatorResult validatorResult = UserValidator.IsValidUser(tbIuser); if (!validatorResult.IsValid) { return(JsonConvert.SerializeObject(validatorResult.ValidationMessage)); } TbIuser user = new TbIuser(); user.Username = tbIuser.Username; user.Email = tbIuser.Email; user.DateOfBirth = tbIuser.DateOfBirth; user.FullName = tbIuser.FullName; user.Gender = tbIuser.Gender; user.Role = Role.User; user.PhoneNumber = tbIuser.PhoneNumber; user.Salt = Convert.ToBase64String(Common.GetRandomSalt(16)); user.Password = Convert.ToBase64String(Common.SaltHashPassword( Encoding.ASCII.GetBytes(tbIuser.Password), Convert.FromBase64String(user.Salt))); //Add to DB try { dbContext.Add(user); dbContext.SaveChanges(); return(JsonConvert.SerializeObject("Register successfully")); } catch (Exception e) { return(JsonConvert.SerializeObject(e.Message)); } } else { return(JsonConvert.SerializeObject("User is existing in Database.")); } }
/// <summary> /// Login with username and password /// </summary> /// <param name="userLoginDTO">User model</param> /// <returns> /// Returns the result message of the request. /// </returns> public HttpResponseMessage Post([FromBody] UserLoginDTO userLoginDTO) { var response = new HttpResponseMessage(HttpStatusCode.OK); //Check existing if (northwindContext.TbIuser.Any(user => user.Username.Equals(userLoginDTO.Username))) { TbIuser user = northwindContext.TbIuser.Where(u => u.Username.Equals(userLoginDTO.Username)).FirstOrDefault(); //Calculate hash password from data of Client and compare with hash in server with salt. var client_post_hash_password = Convert.ToBase64String( Common.SaltHashPassword( Encoding.ASCII.GetBytes(userLoginDTO.Password), Convert.FromBase64String(user.Salt))); if (client_post_hash_password.Equals(user.Password)) { UserRegisterDTO userModel = new UserRegisterDTO() { FullName = user.FullName, Username = user.Username, Password = user.Password, CustomerId = user.CustomerId }; response.Content = new StringContent(JsonConvert.SerializeObject(userModel)); return(response); } else { response.StatusCode = HttpStatusCode.PreconditionFailed; response.Content = new StringContent(JsonConvert.SerializeObject("Wrong Password")); return(response); } } else { response.StatusCode = HttpStatusCode.Unauthorized; response.Content = new StringContent(JsonConvert.SerializeObject("User is not existing in Database")); return(response); } }
public static ValidatorResult IsValidUser(TbIuser user) { ValidatorResult validatorResult = new ValidatorResult(true); if (user == null) { validatorResult.IsValid = false; validatorResult.ValidationMessage = "The user is null."; return(validatorResult); } if (user.DateOfBirth == null) { validatorResult.IsValid = false; validatorResult.ValidationMessage = "The user date of birth is null."; return(validatorResult); } if (user.Email.Trim().Equals("")) { validatorResult.IsValid = false; validatorResult.ValidationMessage = "The user email is empty."; return(validatorResult); } if (user.FullName.Trim().Equals("")) { validatorResult.IsValid = false; validatorResult.ValidationMessage = "The user Full name is empty."; return(validatorResult); } if (user.PhoneNumber.Trim().Equals("")) { validatorResult.IsValid = false; validatorResult.ValidationMessage = "The user phone number is empty."; return(validatorResult); } if (user.Gender == 0) { validatorResult.IsValid = false; validatorResult.ValidationMessage = "The user gender is null."; return(validatorResult); } if (user.Username.Trim().Equals("")) { validatorResult.IsValid = false; validatorResult.ValidationMessage = "The user username is empty."; return(validatorResult); } if (user.Password.Trim().Equals("")) { validatorResult.IsValid = false; validatorResult.ValidationMessage = "The user password is empty."; return(validatorResult); } else if (user.Password.Trim().Length < 8) { validatorResult.IsValid = false; validatorResult.ValidationMessage = "The user password length is short.Password length must be at less 8 characters."; return(validatorResult); } return(validatorResult); }