/// <summary> /// Saves user settings. /// </summary> /// <param name="uid">The uid of user.</param> /// <param name="userSettings">The user settings to be saved.</param> public void SaveSettings(long uid, UserSettingsRequest userSettings) { UserSettingsEntry userSettingsEntry = new UserSettingsEntry(); userSettingsEntry.ChartBeginTime = userSettings.BeginDate; userSettingsEntry.ChartEndTime = userSettings.EndDate; userSettingsEntry.CookieUid = uid; ExplorerRepository.RemoveCorrespondanceEntries(userSettingsEntry); //userSettingsEntry.CurrencyCodes = ExplorerRepository.GetCodeEntries().Where(x => userSettings.CurrencyValues.Contains(x.Value)).ToList(); UserLanguageEntry newUserLanguageEntry = new UserLanguageEntry(); newUserLanguageEntry.Language = userSettings.Language.ToString(); ExplorerRepository.AddUserLanguage(newUserLanguageEntry); userSettingsEntry.Language = newUserLanguageEntry; ExplorerRepository.SaveUserSettings(userSettingsEntry); var correspCurrencyCodes = ExplorerRepository.GetCodeEntries().Where(x => userSettings.CurrencyValues.Contains(x.Value)).ToList(); foreach (CurrencyCodeEntry currencyCode in correspCurrencyCodes) { CorrespondanceEntry correspondanceEntry = new CorrespondanceEntry(); correspondanceEntry.UserSettings = userSettingsEntry; correspondanceEntry.CurrencyCode = currencyCode; ExplorerRepository.AddCorrespondenceEntry(correspondanceEntry); } }
public UserSettingsEntry LoadUserSettings(long uid) { UserSettingsEntry userSettingsEntry = _currencyDataContext.UserSettingsEntries.FirstOrDefault(x => x.CookieUid == uid); return(userSettingsEntry); }
public void SaveUserSettings(UserSettingsEntry userSettings) { //var all = _currencyDataContext.UserSettingsEntries.ToArray(); var langs = _currencyDataContext.UserLanguageEntries.ToArray(); UserSettingsEntry data = _currencyDataContext.UserSettingsEntries.FirstOrDefault(x => x.Equals(userSettings)); if (data == null) { _currencyDataContext.UserSettingsEntries.Add(userSettings); _currencyDataContext.SaveChanges(); } else { // BUG: Updating is not implemented. string sql = $"UPDATE UserSettingsEntry SET LanguageId = {userSettings.Language.Id} WHERE Id = {data.Id}"; _currencyDataContext.Database.ExecuteSqlCommand(sql); /*data.ChartBeginTime = userSettings.ChartBeginTime; * data.ChartEndTime = userSettings.ChartEndTime; * data.Language = userSettings.Language; * * //_currencyDataContext.Entry(data).State = EntityState.Modified; * * _currencyDataContext.Update(data); * * _currencyDataContext.SaveChanges();*/ // DANGEROUS! userSettings.Id = data.Id; } }
public void RemoveCorrespondanceEntries(UserSettingsEntry userSettingsEntry) { var existingEnties = _currencyDataContext.CorrespondanceEntries.Where( x => x.UserSettings.Equals(userSettingsEntry)).ToList(); _currencyDataContext.CorrespondanceEntries.RemoveRange(existingEnties); _currencyDataContext.SaveChanges(); }
public void SaveUserSettings(UserSettingsEntry userSettings) { var langs = _currencyDataContext.UserLanguageEntries.ToArray(); UserSettingsEntry data = _currencyDataContext.UserSettingsEntries.FirstOrDefault(x => x.Equals(userSettings)); if (data == null) { _currencyDataContext.UserSettingsEntries.Add(userSettings); _currencyDataContext.SaveChanges(); } else { string sql = $"UPDATE UserSettingsEntry SET LanguageId = {userSettings.Language.Id} WHERE Id = {data.Id}"; _currencyDataContext.Database.ExecuteSqlCommand(sql); // DANGEROUS! userSettings.Id = data.Id; } }
/// <summary> /// Loads user settings. /// </summary> /// <param name="uid">The uid of user.</param> /// <returns>User settings for specified user uid.</returns> public UserSettings LoadSettings(long uid) { UserSettings userSettings = null; var langs = ExplorerRepository.GetUserLanguages().ToList(); UserSettingsEntry userSettingsEntry = ExplorerRepository.LoadUserSettings(uid); if (userSettingsEntry != null) { userSettings = new UserSettings(); userSettings.Language = (CurrencyExplorerLanguage)Enum.Parse(typeof(CurrencyExplorerLanguage), userSettingsEntry.Language.Language); userSettings.TimePeriod = new ChartTimePeriod(userSettingsEntry.ChartBeginTime, userSettingsEntry.ChartEndTime); userSettings.Currencies = ExplorerRepository.GetCorrespondanceEntries(userSettingsEntry).Select(x => new CurrencyDataEntry() { DbCurrencyCodeEntry = x.CurrencyCode }); } return(userSettings); }
private void HandlePutRequest(HttpListenerContext ctx) { try { #region Input Validation if (!ctx.Request.HasEntityBody) { WriteBodyResponse(ctx, 400, "Bad Request", "No Body"); return; } ArchiveApiPutRequest req = JsonDataObjectUtil <ArchiveApiPutRequest> .ParseObject(ctx); if (!ValidatePutRequest(req)) { WriteBodyResponse(ctx, 400, "Bad Request", "Incorrect Format"); return; } #endregion MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", "Connection to database failed"); return; } #region Validate User OverallUser mappedUser = connection.GetUserById(req.UserId); if (mappedUser == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on on the server"); return; } if (!UserVerificationUtil.LoginTokenValid(mappedUser, req.LoginToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Login token was incorrect."); return; } CompanySettingsEntry isPublicSetting = connection.GetCompanySettingsWhere(req.CompanyId, "SettingKey=\"" + CompanySettingsKey.Public + "\"")[0]; bool isPublic = bool.Parse(isPublicSetting.SettingValue); if (!isPublic && mappedUser.Company != req.CompanyId) { WriteBodyResponse(ctx, 401, "Not Authorized", "Cannot access other company's private data"); return; } #endregion UserSettingsEntry numPredictionsRequested = JsonDataObjectUtil <List <UserSettingsEntry> > .ParseObject(mappedUser.Settings).FirstOrDefault(entry => entry.Key.Equals(UserSettingsEntryKeys.ArchiveQueryResults)); if (numPredictionsRequested == null) { WriteBodyResponse(ctx, 500, "Internal Server Error", "User did not contain a setting with a key " + UserSettingsEntryKeys.ArchiveQueryResults); return; } int numRequested = int.Parse(numPredictionsRequested.Value); #region Input sanitation string whereString = ""; bool addedWhere = false; if (req.Entry.Complaint != null) { if (!PerformSanitization(req.Entry.Complaint)) { return; } whereString += " Complaint like \"%" + req.Entry.Complaint + "%\""; addedWhere = true; } if (req.Entry.Problem != null) { if (!PerformSanitization(req.Entry.Problem)) { return; } if (addedWhere) { whereString += " and"; } whereString += " Problem like \"%" + req.Entry.Problem + "%\""; addedWhere = true; } if (req.Entry.Make != null) { if (!PerformSanitization(req.Entry.Make)) { return; } if (addedWhere) { whereString += " and"; } whereString += " Make like \"%" + req.Entry.Make + "%\""; addedWhere = true; } if (req.Entry.Model != null) { if (!PerformSanitization(req.Entry.Model)) { return; } if (addedWhere) { whereString += " and"; } whereString += " Model like \"%" + req.Entry.Model + "%\""; addedWhere = true; } if (req.Entry.Year != 0) { if (addedWhere) { whereString += " and"; } whereString += " Year =" + req.Entry.Year; addedWhere = true; } #endregion if (!addedWhere) { WriteBodyResponse(ctx, 400, "Bad Request", "No fields in the request's entry were filled"); return; } List <RepairJobEntry> entries = connection.GetDataEntriesWhere(req.CompanyId, whereString, true); JsonListStringConstructor retConstructor = new JsonListStringConstructor(); try { entries.ForEach(entry => retConstructor.AddElement(ConvertEntry(entry))); } catch (NullReferenceException) { WriteBodyResponse(ctx, 200, "OK", "[]", "application/json"); return; } WriteBodyResponse(ctx, 200, "OK", retConstructor.ToString(), "application/json"); bool PerformSanitization(string queryIn) { if (queryIn.Contains('`')) { WriteBodyResponse(ctx, 400, "Bad Request", "Request contained the single quote character, which is disallowed due to MySQL injection attacks"); return(false); } return(true); } } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", "Error occurred during processing of request: " + e.Message); } }
public IQueryable <CorrespondanceEntry> GetCorrespondanceEntries(UserSettingsEntry userSettingsEntry) { return(_currencyDataContext.CorrespondanceEntries.Where(x => x.UserSettings.Equals(userSettingsEntry))); }
private void HandlePostRequest(HttpListenerContext ctx) { try { #region Input Validation if (!ctx.Request.HasEntityBody) { WriteBodyResponse(ctx, 400, "Bad Request", "No Body"); return; } PredictApiPostRequest req = JsonDataObjectUtil <PredictApiPostRequest> .ParseObject(ctx); if (!ValidateGetRequest(req)) { WriteBodyResponse(ctx, 400, "Bad Request", "Incorrect Format"); return; } #endregion MySqlDataManipulator connection = new MySqlDataManipulator(); using (connection) { bool res = connection.Connect(MySqlDataManipulator.GlobalConfiguration.GetConnectionString()); if (!res) { WriteBodyResponse(ctx, 500, "Unexpected Server Error", "Connection to database failed"); return; } #region User Validation OverallUser mappedUser = connection.GetUserById(req.UserId); if (mappedUser == null) { WriteBodyResponse(ctx, 404, "Not Found", "User was not found on on the server"); return; } if (!UserVerificationUtil.LoginTokenValid(mappedUser, req.LoginToken)) { WriteBodyResponse(ctx, 401, "Not Authorized", "Login token was incorrect."); return; } #endregion #region Action Handling CompanySettingsEntry isPublicSetting = connection.GetCompanySettingsWhere(req.CompanyId, "SettingKey=\"" + CompanySettingsKey.Public + "\"")[0]; bool isPublic = bool.Parse(isPublicSetting.SettingValue); if (!isPublic && mappedUser.Company != req.CompanyId) { WriteBodyResponse(ctx, 401, "Not Authorized", "Cannot predict using other company's private data"); return; } List <UserSettingsEntry> userSettings = JsonDataObjectUtil <List <UserSettingsEntry> > .ParseObject(mappedUser.Settings); UserSettingsEntry predictionQueryResultsSetting = userSettings.Where(entry => entry.Key.Equals(UserSettingsEntryKeys.PredictionQueryResults)).First(); int numQueriesRequested = int.Parse(predictionQueryResultsSetting.Value); DatabaseQueryProcessor processor = new DatabaseQueryProcessor(); string ret = processor.ProcessQueryForSimilarQueries(req.Entry, connection, req.CompanyId, req.ComplaintGroupId, numQueriesRequested); WriteBodyResponse(ctx, 200, "OK", ret, "application/json"); #endregion } } catch (HttpListenerException) { //HttpListeners dispose themselves when an exception occurs, so we can do no more. } catch (Exception e) { WriteBodyResponse(ctx, 500, "Internal Server Error", "Error occurred during processing of request: " + e.Message); } }