public IActionResult AllStringInFormCsrfProtected() { var model = new AccountUserViewModel(); model.SearchText = "(None)"; return(View(model)); }
static void Main(string[] args) { ClientAuthentication.baseWebAddress = "http://*****:*****@itsligo.ie", "LBowles$1")) { Console.WriteLine("Successful login Token acquired {0} user status is {1}", ClientAuthentication.AuthToken, ClientAuthentication.AuthStatus.ToString()); try { AccountUserViewModel acuvm = ClientAuthentication.getItem <AccountUserViewModel>("api/AccountManager/getAccounts"); if (acuvm != null) { Console.WriteLine("Got {0} accounts for current logged in user {1}", acuvm.accounts.Count(), acuvm.AccountManagerName); // Get account list using current UserID List <Account> accounts = ClientAuthentication.getList <Account>("api/AccountManager/getAccountsForCurrentManager/" + acuvm.AccountManagerID); foreach (var item in accounts) { Console.WriteLine("Account Name {0}", item.AccountName); } } } catch (Exception ex) { Console.WriteLine("Error {0} --> {1}", ex.Message, ex.InnerException.Message); } Console.ReadKey(); } }
public IActionResult AllIntInForm() { var model = new AccountUserViewModel(); model.SearchText = "(None)"; return(View(model)); }
public IActionResult AllStringLineBreakSafeSecond() { var model = new AccountUserViewModel(); model.SearchText = "(None)"; return(View(model)); }
public IActionResult QueryStringKey() { var model = new AccountUserViewModel(); try { if (Request.Query.Keys.Count == 0) { model.SearchText = "(None)"; model.Foods = new List <FoodDisplayView>(); } else { var key = Request.Query.Keys.First(); model.SearchText = Request.Query[key]; var searchText = "SELECT * FROM FoodDisplayView WHERE " + key + " LIKE '%' + @Name + '%'"; model.Foods = _context.ExecSQL <FoodDisplayView>(searchText, new SqlParameter("@Name", Request.Query[key].ToString())); } return(View(model)); } catch { return(View(CreateModelForError(model.SearchText))); } }
public IActionResult FalsePositive_Calc(string foodId) { int calculated = 0; var model = new AccountUserViewModel(); DataTable dt = new DataTable(); try { calculated = (int)dt.Compute(foodId, ""); } catch { try { calculated = int.Parse(foodId); } catch { model.SearchText = "(Error)"; model.Foods = new List <FoodDisplayView>(); return(View(model)); } } model.SearchText = calculated.ToString(); model.Foods = _context.ExecSQL <FoodDisplayView>("SELECT * FROM FoodDisplayView WHERE FoodID = @FoodId", new SqlParameter("@FoodID", calculated)); return(View(model)); }
public IActionResult StringInCookie() { AccountUserViewModel model; var previousSearchValue = HttpContext.Request.Cookies["FoodNameSearch"]; if (!string.IsNullOrEmpty(previousSearchValue)) { try { model = UnsafeModel(previousSearchValue); } catch { model = new AccountUserViewModel(); model.SearchText = "(None)"; } } else { model = new AccountUserViewModel(); model.SearchText = "(None)"; } return(View(model)); }
public IActionResult StringInCookie(string foodName) { try { var options = new CookieOptions(); options.Expires = DateTime.Now.AddYears(1); options.HttpOnly = false; options.SameSite = SameSiteMode.None; options.IsEssential = true; HttpContext.Response.Cookies.Append("FoodNameSearch", foodName, options); var searchText = "SELECT * FROM FoodDisplayView WHERE FoodName LIKE '%' + @FoodName + '%'"; var model = new AccountUserViewModel(); model.SearchText = foodName; model.Foods = _context.ExecSQL <FoodDisplayView>(searchText, new SqlParameter("@FoodName", foodName)); return(View(model)); } catch { return(View(CreateModelForError(foodName))); } }
public IActionResult IntInCookie(string foodGroupId) { ViewBag.AvailableValues = _context.FoodGroup.Select(g => new SearchItemViewModel() { Text = g.FoodGroupText, Value = g.FoodGroupId.ToString(), IsSelected = g.FoodGroupId.ToString() == foodGroupId }); try { var options = new CookieOptions(); options.Expires = DateTime.Now.AddYears(1); options.HttpOnly = false; options.SameSite = SameSiteMode.None; options.IsEssential = true; HttpContext.Response.Cookies.Append("FoodGroupIdSearch", foodGroupId, options); var searchText = "SELECT * FROM FoodDisplayView WHERE FoodGroupID = @FoodGroupID"; var model = new AccountUserViewModel(); model.SearchText = foodGroupId; model.Foods = _context.ExecSQL <FoodDisplayView>(searchText, new SqlParameter("@FoodGroupID", foodGroupId)); return(View(model)); } catch { return(View(CreateModelForError(foodGroupId))); } }
public IActionResult ValueShadowing(string foodName) { if (Request.Cookies["foodName"] != null) { foodName = Request.Cookies["foodName"]; } if (Request.Query.Keys.Contains("foodName")) { foodName = Request.Query["foodName"]; } var model = new AccountUserViewModel(); if (foodName != null && Request.Method != "GET") { model.SearchText = foodName; model.Foods = _context.ExecSQL <FoodDisplayView>("SELECT * FROM FoodDisplayView WHERE FoodName LIKE '%' + @FoodName + '%'", new SqlParameter("@FoodName", foodName)); } else { model.SearchText = "(None)"; model.Foods = new List <FoodDisplayView>(); } return(View(model)); }
private AccountUserViewModel CreateModelForError(string foodName) { var model = new AccountUserViewModel(); model.SearchText = "An error occurred searching for " + foodName; model.Foods = new List <FoodDisplayView>(); return(model); }
public IActionResult XSS(string foodName) { var model = new AccountUserViewModel(); model.SearchText = foodName; model.Foods = _dbContext.ExecSQL <FoodDisplayView>("SELECT * FROM FoodDisplayView WHERE FoodName LIKE '%' + @FoodName + '%'", new SqlParameter("@FoodName", foodName)); return(View(model)); }
private AccountUserViewModel CreateModel(string foodName) { var model = new AccountUserViewModel(); model.SearchText = foodName; model.Foods = _context.ExecSQL <FoodDisplayView>("SELECT * FROM FoodDisplayView WHERE FoodName LIKE '%' + @FoodName + '%'", new SqlParameter("@FoodName", foodName)); return(model); }
public IActionResult FileInclusion(AccountUserViewModel model) { var fullFilePath = _hostEnv.ContentRootPath + "\\wwwroot\\text\\" + model.SearchText; var fileContents = System.IO.File.ReadAllText(fullFilePath); ViewBag.FileContents = fileContents; return(View(model)); }
// 유저 정보 변경 - update public IActionResult UpdateUser(string id) { AccountUserViewModel viewModel = new AccountUserViewModel() { Email = id }; return(View(viewModel)); }
private AccountUserViewModel UnsafeModel_Int(string foodId) { var model = new AccountUserViewModel(); model.SearchText = foodId; var searchText = "SELECT * FROM FoodDisplayView WHERE FoodId = " + foodId; model.Foods = _context.ExecSQL <FoodDisplayView>(searchText, null); return(model); }
private AccountUserViewModel CreateUnsafeGenericModel(string foodName) { var model = new AccountUserViewModel(); model.SearchText = foodName; var searchText = "SELECT * FROM FoodDisplayView WHERE FoodName LIKE '%" + foodName + "%'"; model.Foods = _dbContext.ExecSQL <FoodDisplayView>(searchText, null); return(model); }
// 유저 정보 수정 public AccountUser UpdateUser(AccountUserViewModel model) { AccountUser accountUser = context.AccountUsers.Where(a => a.UserName == model.Email).FirstOrDefault(); if (accountUser != null) { accountUser.Email = model.Email; accountUser.Address = model.Address; accountUser.PhoneNumber = model.PhoneNumber; } return(accountUser); }
public async Task <IActionResult> Invite(Guid?VendorId, bool IsVendor = false) { var model = new AccountUserViewModel(); model.IsVendor = IsVendor; if (IsVendor) { model.systemPermission = SystemPermissions.Vendor; } model.VendorId = VendorId; await PopulateDropDownVendors(model); return(View(model)); }
public IActionResult AllIntInQSQuoteEscaped(string foodId) { try { var escaped = foodId.Replace("'", "''"); var model = new AccountUserViewModel(); model.SearchText = escaped; var query = "SELECT * FROM FoodDisplayView WHERE FoodID = " + foodId; model.Foods = _context.ExecSQL <FoodDisplayView>(query, null); return(View(model)); } catch { return(View(CreateModelForError(foodId))); } }
public async Task <IActionResult> Edit() { //Get current user var currentUser = await _userManager.GetUserAsync(User); //Populate view model AccountUserViewModel model = new AccountUserViewModel(); model.Email = currentUser.Email; model.FirstName = currentUser.FirstName; model.LastName = currentUser.LastName; model.Password = string.Empty; model.RePassword = string.Empty; return(View(model)); }
public IActionResult StoredXSS() { var user = _authManager.GetLoggedInUser(); if (user == null) { return(NotFound($"Unable to load user.")); } var foodGroup = user.FavoriteFoodGroup == null ? "(Not set)" : user.FavoriteFoodGroup; var model = new AccountUserViewModel(); model.SearchText = foodGroup; model.Foods = _dbContext.ExecSQL <FoodDisplayView>("SELECT * FROM FoodDisplayView WHERE FoodGroup LIKE '%' + @FoodGroup + '%'", new SqlParameter("@FoodGroup", foodGroup)); return(View(model)); }
public IActionResult MD5Hash(string foodName) { var model = new AccountUserViewModel(); model.SearchText = foodName; model.Foods = _context.ExecSQL <FoodDisplayView>("SELECT * FROM FoodDisplayView WHERE FoodName LIKE '%' + @FoodName + '%'", new SqlParameter("@FoodName", foodName)); using (var hash = MD5.Create()) { var foodNameAsBytes = System.Text.Encoding.UTF8.GetBytes(foodName); var hashedBytes = hash.ComputeHash(foodNameAsBytes); var hashedAsString = System.Text.Encoding.UTF8.GetString(hashedBytes); Response.Cookies.Append("FoodNameHash", hashedAsString); } return(View(model)); }
public IActionResult FalsePositive_Error(string foodName) { try { if (foodName.Contains("'")) { throw new Exception("String cannot have an apostrophe"); } var model = new AccountUserViewModel(); model.Foods = _context.ExecSQL <FoodDisplayView>("SELECT * FROM FoodDisplayView WHERE FoodName LIKE '%' + @FoodName + '%'", new SqlParameter("@FoodName", foodName)); return(View(model)); } catch { return(View(CreateModelForError("An error occurred"))); } }
public async Task <IActionResult> Register(AccountUserViewModel model) { //Check if passwords match if (model.Password != model.RePassword) { //Display error ModelState.AddModelError(string.Empty, "Password does not match."); return(View()); } //Create new user using information from view model var newUser = new User() { UserName = model.Email, Email = model.Email, FirstName = model.FirstName, LastName = model.LastName }; //Use User Manager to create new user var userCreationResult = await _userManager.CreateAsync(newUser, model.Password); if (!userCreationResult.Succeeded) //user creation failed { //Display all errors from failure adn display foreach (var error in userCreationResult.Errors) { ModelState.AddModelError(string.Empty, error.Description); } return(View()); } //Send email confirmation var emailConfirmationToken = await _userManager.GenerateEmailConfirmationTokenAsync(newUser); //create confirmation token var tokenVerificationURL = Url.Action("VerifyEmail", "Account", new { id = newUser.Id, token = emailConfirmationToken }, Request.Scheme); //get url //Send email await _messageService.Send(model.Email, "Verify your email", $"Click <a href=\"{tokenVerificationURL}\">here</a> to verify your email"); //Show page telling user to check email return(Content("Check your email for a verification link")); }
public IActionResult AllStringLineBreakSafeSecond(string foodName, string foodGroup) { try { var model = new AccountUserViewModel(); model.SearchText = $"Food Name: {foodName}, Food Group: {foodGroup}"; var searchText = @"SELECT * FROM FoodDisplayView WHERE FoodName LIKE '%" + foodName + "%' OR " + "FoodGroup LIKE '%' + @FoodGroup + '%'"; model.Foods = _context.ExecSQL <FoodDisplayView>(searchText, new SqlParameter("@FoodGroup", foodGroup)); return(View(model)); } catch { return(View(CreateModelForError(foodName))); } }
public IActionResult IntInCookie() { AccountUserViewModel model; var previousSearchValue = HttpContext.Request.Cookies["FoodGroupIdSearch"]; if (!string.IsNullOrEmpty(previousSearchValue)) { try { ViewBag.AvailableValues = _context.FoodGroup.Select(g => new SearchItemViewModel() { Text = g.FoodGroupText, Value = g.FoodGroupId.ToString(), IsSelected = g.FoodGroupId.ToString() == previousSearchValue }); model = new AccountUserViewModel(); model.SearchText = previousSearchValue; var searchText = "SELECT * FROM FoodDisplayView WHERE FoodGroupId = " + previousSearchValue; model.Foods = _context.ExecSQL <FoodDisplayView>(searchText, null); } //Let's make sure that we can't lock ourselves out of the page catch { ViewBag.AvailableValues = _context.FoodGroup.Select(g => new SearchItemViewModel() { Text = g.FoodGroupText, Value = g.FoodGroupId.ToString(), IsSelected = false }); model = new AccountUserViewModel(); model.SearchText = "(None)"; } } else { ViewBag.AvailableValues = _context.FoodGroup.Select(g => new SearchItemViewModel() { Text = g.FoodGroupText, Value = g.FoodGroupId.ToString(), IsSelected = false }); model = new AccountUserViewModel(); model.SearchText = "(None)"; } return(View(model)); }
private async Task PopulateDropDownVendors(AccountUserViewModel model) { var vendors = await _accountCtx.Vendors.Where(x => x.AccountId == CommonAccount.Id).Select(m => new SelectListItem { Text = m.Name, Value = m.Id.ToString(), }).ToListAsync(); model.Vendors.AddRange(vendors); var permissionslist = Enum.GetValues(typeof(SystemPermissions)).Cast <SystemPermissions>().Where(x => x != SystemPermissions.Administrator).Select(v => new SelectListItem { Text = v.ToString(), Value = ((int)v).ToString() }).ToList(); model.SystemPermissions.AddRange(permissionslist); }
//This is here to see if SAST scanners will pick it up private AccountUserViewModel UnsafeModel_Format_Query(string foodName) { var query = string.Format("SELECT * FROM FoodDisplayView WHERE FoodName LIKE '%{0}%'", foodName); var model = new AccountUserViewModel(); model.SearchText = foodName; using (var connection = new SqlConnection(_config.GetConnectionString("DefaultConnection"))) { var command = connection.CreateCommand(); command.CommandText = query; connection.Open(); var foods = new List <FoodDisplayView>(); using (var reader = command.ExecuteReader()) { while (reader.Read()) { var newFood = new FoodDisplayView(); newFood.FoodID = reader.GetInt32(0); newFood.FoodGroupID = reader.GetInt32(1); newFood.FoodGroup = reader.GetString(2); newFood.FoodName = reader.GetString(3); newFood.Calories = reader.GetNullableInt(4); newFood.Protein = reader.GetNullableDouble(5); newFood.Fat = reader.GetNullableDouble(6); newFood.Carbohydrates = reader.GetNullableDouble(7); foods.Add(newFood); } } model.Foods = foods; connection.Close(); } return(model); }
public async Task <IActionResult> Edit(AccountUserViewModel model) { //Check if passwords match if (model.Password != model.RePassword) { //Display error ModelState.AddModelError("Password", "Passwords do not match."); return(View(model)); } //Get current user var currentUser = await _userManager.GetUserAsync(User); if (currentUser == null) //user not found { throw new InvalidOperationException(); } //Check if confirmation password is correct var passwordCheck = await _userManager.CheckPasswordAsync(currentUser, model.Password); if (!passwordCheck) //password incorrect { //Display error ModelState.AddModelError("Password", "Incorrect password."); return(View(model)); } //Update current user data currentUser.Email = model.Email; currentUser.UserName = model.Email; currentUser.FirstName = model.FirstName; currentUser.LastName = model.LastName; //Use user manager to update user await _userManager.UpdateAsync(currentUser); //Redirect to home page return(RedirectToAction("Index", "Home")); }