public IHttpActionResult Delete(long id) { string token = GetAuthToken(); IHttpActionResult validation = Validate(token, id); if (validation != null) { return(validation); } validation = ValidateUserCanBeDeleted(token); if (validation != null) { return(validation); } DataAccessSoapClient ws = new DataAccessSoapClient(); User target = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); if (target.Role != DataAccessWS.UserRole.BUYER) { return(NotFound()); } User removed = ws.RemoveUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); RestUser res = CreateRestUser(removed); res.href = ""; return(Ok(res)); }
private async Task <bool> authenticate(Message message) { string[] parts = message.Text.Split(new char[0]); if (parts.Length != 3) { await BotClient.SendTextMessageAsync(message.Chat.Id, "Authentication command format: /authenticate username password"); return(false); } else { DataAccessSoapClient ws = new DataAccessSoapClient(); string token = ws.Login(parts[1], parts[2], new DataAccessWS.UserRole[1] { DataAccessWS.UserRole.BUYER }); if (string.IsNullOrEmpty(token)) { await BotClient.SendTextMessageAsync(message.Chat.Id, "Invalid authentication data"); return(false); } else { await BotClient.SendTextMessageAsync(message.Chat.Id, "Auth token: " + token); return(true); } } }
// POST: api/Products public IHttpActionResult Post([FromBody] ProductData value) { string token = GetAuthToken(); IHttpActionResult userValidation = ValidateClientIsSeller(token); if (userValidation != null) { return(userValidation); } IHttpActionResult productValidation = ValidateProductData(value, token, false); if (productValidation != null) { return(productValidation); } DataAccessSoapClient ws = new DataAccessSoapClient(); var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; Product product = ws.CreateProduct(new DataAccessWS.Security { BinarySecurityToken = token }, value.CreateProduct()); return(Created( Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("GetProductById", new { id = product.Id }), CreateRestProduct(product))); }
private IHttpActionResult ValidateUserData(UserData User, User currentUser = null) { DataAccessSoapClient ws = new DataAccessSoapClient(); User[] users = ws.FindUsersByFilter(new UserSearchFilter { Email = User.email }); if (!string.IsNullOrEmpty(User.email) && users != null && users.Length > 0 && (currentUser == null || currentUser.Id != users[0].Id)) { return(BadRequest("Another user has already registered the email " + User.email)); } users = ws.FindUsersByFilter(new UserSearchFilter { IdDocument = User.document }); if (!string.IsNullOrEmpty(User.document) && users != null && users.Length > 0 && (currentUser == null || currentUser.Id != users[0].Id)) { return(BadRequest("Another user has already registered the document " + User.document)); } users = ws.FindUsersByFilter(new UserSearchFilter { Username = User.username }); if (!string.IsNullOrEmpty(User.username) && users != null && users.Length > 0 && (currentUser == null || currentUser.Id != users[0].Id)) { return(BadRequest("Another user has already registered the username " + User.username)); } return(null); }
public IHttpActionResult Delete(int id) { string token = GetAuthToken(); IHttpActionResult validation = ValidateOwnerProduct(token, id); if (validation != null) { return(validation); } validation = ValidateProductCanBeRemoved(id); if (validation != null) { return(validation); } DataAccessSoapClient ws = new DataAccessSoapClient(); var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; Product removed = ws.RemoveProduct(new DataAccessWS.Security { BinarySecurityToken = token }, id); RestProduct res = CreateRestProduct(removed); res.href = ""; return(Ok(res)); }
public IHttpActionResult Put(int id, [FromBody] ProductData value) { string token = GetAuthToken(); IHttpActionResult validation = ValidateOwnerProduct(token, id); if (validation != null) { return(validation); } validation = ValidateProductData(value, token, true); if (validation != null) { return(validation); } DataAccessSoapClient ws = new DataAccessSoapClient(); var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; Product target = ws.FindProduct(new DataAccessWS.Security { BinarySecurityToken = token }, id); assignProperties(target, value, token); target.Id = id; Product updated = ws.UpdateProduct(new DataAccessWS.Security { BinarySecurityToken = token }, target); return(Ok(CreateRestProduct(updated))); }
// POST: api/Authentication public IHttpActionResult Post(Authentication AuthData) { if (AuthData == null || !AuthData.IsComplete()) { return(BadRequest("Authentication data required but not provided")); } DataAccessSoapClient ws = new DataAccessSoapClient(); string token = ws.Login(AuthData.username, AuthData.password, new DataAccessWS.UserRole[2] { DataAccessWS.UserRole.BUYER, DataAccessWS.UserRole.SELLER }); if (string.IsNullOrEmpty(token)) { return(StatusCode(HttpStatusCode.Unauthorized)); } IdentityWSSoapClient idWS = new IdentityWSSoapClient(); IdentityData idData = idWS.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); User user = ws.FindUserByUsername(idData.Username); return(Ok(new AuthToken { Token = token, Username = idData.Username, Role = idData.Role.ToString(), Id = user.Id })); }
private bool ValidateUserExists(string token, long id) { DataAccessSoapClient dataWS = new DataAccessSoapClient(); User target = dataWS.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); return(target != null); }
private IHttpActionResult ValidateProductCanBeRemoved(long id) { DataAccessSoapClient dataWS = new DataAccessSoapClient(); int orders = dataWS.CountOrdersByProduct(id); if (orders > 0) { return(BadRequest("Product cannot be removed since some customers have purchased it")); } return(null); }
private bool ValidateProductExists(string token, long id) { DataAccessSoapClient dataWS = new DataAccessSoapClient(); var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; Product target = dataWS.FindProduct(new DataAccessWS.Security { BinarySecurityToken = token }, id); return(target != null); }
private bool ValidateClientIdentity(string token, long userId) { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); DataAccessSoapClient dataWS = new DataAccessSoapClient(); User target = dataWS.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, userId); return(identity != null && target != null && identity.Username.Equals(target.Username) && identity.Role.ToString().Equals(target.Role.ToString())); }
// GET: api/Categories public IHttpActionResult Get() { string token = GetAuthToken(); if (string.IsNullOrEmpty(token)) { return(Unauthorized()); } DataAccessSoapClient ws = new DataAccessSoapClient(); Category[] categories = ws.FindAllCategories(new Security { BinarySecurityToken = token }); return(Ok(categories.Select(c => new { Id = c.Id, Name = c.Name }))); }
// GET: api/Buyers public IHttpActionResult Get() { string token = GetAuthToken(); IHttpActionResult validateToken = ValidateToken(token); if (validateToken != null) { return(validateToken); } DataAccessSoapClient ws = new DataAccessSoapClient(); User[] buyers = ws.FindUsersByFilter(new UserSearchFilter { Roles = new DataAccessWS.UserRole[] { DataAccessWS.UserRole.BUYER } }); return(Ok(buyers.Select(b => CreateRestUser(b)))); }
private IHttpActionResult ValidateUserCanBeDeleted(string authToken) { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = authToken }); DataAccessSoapClient dataWS = new DataAccessSoapClient(); OrderData[] orders = dataWS.FindOrdersByUsername(new DataAccessWS.Security { BinarySecurityToken = authToken }, identity.Username); if (orders != null && orders.Length > 0) { return(BadRequest("User cannot be removed since he/she has registered orders")); } return(null); }
private async Task <bool> listOrders(Message message) { string[] parts = message.Text.Split(new char[0]); if (parts.Length != 2) { await BotClient.SendTextMessageAsync(message.Chat.Id, "Listorders command format: /listorders authToken"); return(false); } else { string authToken = parts[1]; IdentityWSSoapClient iWS = new IdentityWSSoapClient(); IdentityData identity = null; try { identity = iWS.GetIdentity(new identityWS.Security { BinarySecurityToken = authToken }); } catch (Exception ex) { await BotClient.SendTextMessageAsync(message.Chat.Id, "An error occurred " + ex.Message); return(false); } if (identity != null) { DataAccessSoapClient ws = new DataAccessSoapClient(); OrderData[] orders = ws.FindOrdersByUsername(new DataAccessWS.Security { BinarySecurityToken = authToken }, identity.Username); string response = ""; foreach (var o in orders) { response += "{" + o.OrderNumber + "} " + o.DateCreated.ToShortDateString() + " [" + o.State.ToString() + "]\n"; } await BotClient.SendTextMessageAsync(message.Chat.Id, response); return(true); } return(false); } }
// POST: api/Buyers public IHttpActionResult Post(UserData User) { if (User == null || !User.IsComplete()) { return(BadRequest("Missing user data")); } IHttpActionResult userValidation = ValidateUserData(User); if (userValidation != null) { return(userValidation); } DataAccessSoapClient ws = new DataAccessSoapClient(); User NewUser = ws.CreateUser(User.CreateBuyer()); return(Created(Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("GetBuyerById", new { id = NewUser.Id }), CreateRestUser(NewUser))); }
// GET: api/Products public IHttpActionResult Get() { string token = GetAuthToken(); IHttpActionResult validateToken = ValidateToken(token); if (validateToken != null) { return(validateToken); } Dictionary <String, String> query = ActionContext.Request.GetQueryNameValuePairs().ToDictionary(q => q.Key, q => q.Value); ProductSearchFilter filter = new ProductSearchFilter(); if (query.ContainsKey("Name")) { filter.Name = query["Name"]; } if (query.ContainsKey("Description")) { filter.Description = query["Description"]; } if (query.ContainsKey("PriceFrom")) { filter.PriceFrom = Double.Parse(query["PriceFrom"]); } if (query.ContainsKey("PriceTo")) { filter.PriceTo = Double.Parse(query["PriceTo"]); } if (query.ContainsKey("Category")) { filter.Category = query["Category"]; } DataAccessSoapClient ws = new DataAccessSoapClient(); var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; Product[] prods = ws.FindProductsByFilter(new DataAccessWS.Security { BinarySecurityToken = token }, filter); return(Ok(prods.Select(p => CreateRestProduct(p)))); }
private IHttpActionResult ValidateProductData(ProductData product, string token, bool editing) { if (product == null) { return(BadRequest("Product data is missing")); } if (!editing && !product.IsComplete()) { return(BadRequest("Product data missing some required field")); } if (product.Price != null && product.Price <= 0) { return(BadRequest("Product price must be a positive decimal number")); } if (product.Units != null && product.Units < 1) { return(BadRequest("Product units must be a positive integer")); } if (product.SellerId != null) { DataAccessSoapClient ws = new DataAccessSoapClient(); User seller = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, product.SellerId.Value); if (seller == null || seller.Role != DataAccessWS.UserRole.SELLER) { return(BadRequest("Seller with id " + product.SellerId.Value + " not found in the system")); } } if (product.CategoryId != null) { DataAccessSoapClient ws = new DataAccessSoapClient(); Category category = ws.FindCategory(new DataAccessWS.Security { BinarySecurityToken = token }, product.CategoryId.Value); if (category == null) { return(BadRequest("Category with id " + product.CategoryId.Value + " not found in the system")); } } return(null); }
public IHttpActionResult Get(long id) { string token = GetAuthToken(); IHttpActionResult validation = Validate(token, id); if (validation != null) { return(validation); } DataAccessSoapClient ws = new DataAccessSoapClient(); User user = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); if (user.Role != DataAccessWS.UserRole.BUYER) { return(NotFound()); } return(Ok(CreateRestUser(user))); }
private void assignProperties(Product product, ProductData data, string token) { if (!string.IsNullOrEmpty(data.Name)) { product.Name = data.Name; } if (!string.IsNullOrEmpty(data.Description)) { product.Description = data.Description; } if (data.Price != null) { product.Price = data.Price.Value; } if (data.Units != null) { product.Units = data.Units.Value; } if (data.Image != null) { product.image = data.Image; } if (data.SellerId != null) { product.seller_id = data.SellerId.Value; DataAccessSoapClient ws = new DataAccessSoapClient(); dynamic user = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, product.seller_id); product.seller = user; } if (data.CategoryId != null) { product.category_id = data.CategoryId.Value; DataAccessSoapClient ws = new DataAccessSoapClient(); dynamic category = ws.FindCategory(new DataAccessWS.Security { BinarySecurityToken = token }, product.category_id); product.category = category; } }
public IHttpActionResult Get(string username) { DataAccessSoapClient dataWS = new DataAccessSoapClient(); var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; string token = GetAuthToken(); IHttpActionResult validation = ValidateSeller(token, username); if (validation != null) { return(validation); } Product[] products = dataWS.FindProductsByFilter(new DataAccessWS.Security { BinarySecurityToken = token }, new ProductSearchFilter { Seller = username }); return(Ok(products.Select(p => CreateRestProduct(p)))); }
public IHttpActionResult Get(int id) { string token = GetAuthToken(); IHttpActionResult validation = ValidateToken(token); if (validation != null) { return(validation); } if (!ValidateProductExists(token, id)) { return(NotFound()); } DataAccessSoapClient ws = new DataAccessSoapClient(); var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; Product product = ws.FindProduct(new DataAccessWS.Security { BinarySecurityToken = token }, id); return(Ok(CreateRestProduct(product))); }
public IHttpActionResult Put(long id, [FromBody] UserData userData) { string token = GetAuthToken(); IHttpActionResult validation = Validate(token, id); if (validation != null) { return(validation); } if (userData == null) { return(BadRequest("Missing user data")); } DataAccessSoapClient ws = new DataAccessSoapClient(); User target = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); if (target.Role != DataAccessWS.UserRole.BUYER) { return(NotFound()); } IHttpActionResult userValidation = ValidateUserData(userData, target); if (userValidation != null) { return(userValidation); } User inputUser = userData.CreateBuyer(); inputUser.Id = id; User updated = ws.UpdateUser(new DataAccessWS.Security { BinarySecurityToken = token }, inputUser); return(Ok(CreateRestUser(updated))); }
private IHttpActionResult ValidateOwnerProduct(string token, long productId) { try { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); if (identity == null) { return(Unauthorized()); } DataAccessSoapClient dataWS = new DataAccessSoapClient(); var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; Product target = dataWS.FindProduct(new DataAccessWS.Security { BinarySecurityToken = token }, productId); if (target == null) { return(NotFound()); } User owner = dataWS.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, target.seller_id); if (!owner.Username.Equals(identity.Username)) { return(Unauthorized()); } } catch (FaultException ex) { return(BadRequest("Invalid security token")); } return(null); }