Exemple #1
0
        // helper function to set cookies
        private void SetCookie(string cookieName, string cookieValue)
        {
            var cookieOption = new CookieOptions();

            cookieOption.Expires = DateTime.Now.AddDays(1);
            Response.Cookies.Append(cookieName, HashTool.HashString(cookieValue), cookieOption);
        }
Exemple #2
0
 public IActionResult GetForUser(int id)
 {
     // make sure the user isn't trying to get someone else's purchases
     if (HashTool.HashString(id.ToString()) == Request.Cookies["UserId"])
     {
         Purchase        purchase = new Purchase();
         List <Purchase> list     = purchase.ListForUserId(id);
         return(Ok(new { list }));
     }
     else
     {
         return(BadRequest(new { Message = "Something went wrong! Please log out and try again." }));
     }
 }
Exemple #3
0
        public IActionResult Create([FromBody] Purchase pur)
        {
            // make sure the user isn't trying to make a purchase on someone else's account
            if (HashTool.HashString(pur.UserId.ToString()) == Request.Cookies["UserId"])
            {
                // populate purchase
                Purchase purchase = new Purchase
                {
                    UserId    = pur.UserId,
                    ProductId = pur.ProductId
                };

                try
                {
                    // create purchase
                    int id = purchase.CreateFromCurrent(null);

                    if (id > -1)
                    {
                        // everything's good!
                        return(Ok());
                    }
                    else
                    {
                        // DB insert failed
                        return(BadRequest(new { Message = "An error occurred while creating your purchase. Please try again, or contact technical support for assistance." }));
                    }
                }
                catch (Exception ex)
                {
                    return(BadRequest(ex.Message));
                }
            }
            else
            {
                return(BadRequest(new { Message = "Something went wrong! Please log out and try again." }));
            }
        }
Exemple #4
0
        public IActionResult Login([FromBody] Customer cust)
        {
            // shouldn't happen, but just to be safe
            if (cust == null)
            {
                return(BadRequest(new { Message = "Something went wrong! Please reload the page and try again." }));
            }

            // get customer from DB
            Customer customer = new Customer(cust.Email);

            // is the password correct?
            if (customer.Password == HashTool.HashString(cust.Password))
            {
                // create JSON web token
                SymmetricSecurityKey secretKey         = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(AppConfig.JwtSecret));
                SigningCredentials   signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);

                JwtSecurityToken tokenOptions = new JwtSecurityToken(
                    issuer: "http://localhost:44334",
                    audience: "http://localhost:44334",
                    claims: new List <Claim>(),
                    expires: DateTime.Now.AddDays(1),
                    signingCredentials: signinCredentials
                    );

                string tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions);

                // set userid in a cookie so we can make sure authorized users aren't tampering with requests later
                SetCookie("UserId", customer.Id.ToString());

                return(Ok(new { Token = tokenString, customer.Id }));
            }
            else
            {
                return(BadRequest(new { Message = "Invalid email address/password combination." }));
            }
        }
Exemple #5
0
        public IActionResult Delete(int id)
        {
            // populate purchase from DB
            Purchase purchase = new Purchase(id);

            // only delete purchases associated to the logged in user
            if (HashTool.HashString(purchase.UserId.ToString()) != Request.Cookies["userId"])
            {
                return(BadRequest(new { Message = "Something went wrong! Please log out and try again." }));
            }

            try
            {
                // delete it
                purchase.Delete(null, id);

                return(Ok());
            }
            catch
            {
                return(BadRequest(new { Message = "An error occurred while deleting your purchase. Please try again, or contact technical support for assistance." }));
            }
        }
Exemple #6
0
        public async Task <IActionResult> CreateAsync([FromBody] Customer cust)
        {
            // populate customer
            Customer customer = new Customer
            {
                Name     = cust.Name,
                Email    = cust.Email,
                Password = HashTool.HashString(cust.Password)
            };

            try
            {
                // check if the email address supplied already exists, return error if so
                Customer customerCheck = new Customer(cust.Email);

                if (customerCheck.Id > -1)
                {
                    return(BadRequest(new { Message = "There is already an account in our system with this email address. Please log in or use a different email address to create your account." }));
                }

                // create the new customer
                int id = customer.CreateFromCurrent(null);

                if (id > -1)
                {
                    // it worked, so log them in
                    using (HttpClient client = new HttpClient())
                    {
                        // reset customer password to plain text, to be hashed by login screen
                        customer.Password = cust.Password;

                        // create URI for login request
                        StringContent content = new StringContent(JsonConvert.SerializeObject(customer), Encoding.UTF8, "application/json");
                        var           request = HttpContext.Request;
                        client.BaseAddress = new UriBuilder
                        {
                            Scheme = request.Scheme,
                            Host   = request.Host.Host,
                            Port   = request.Host.Port.Value
                        }.Uri;

                        // call login
                        using (var response = await client.PostAsync("/api/customers/login", content))
                        {
                            if (response.IsSuccessStatusCode)
                            {
                                string apiResponse = await response.Content.ReadAsStringAsync();

                                var createRes = JsonConvert.DeserializeObject <CreateCustomerResponse>(apiResponse);

                                // set userid in a cookie so we can make sure authorized users aren't tampering with requests later
                                SetCookie("UserId", customer.Id.ToString());

                                return(Ok(new { createRes.Token, createRes.Id }));
                            }
                            else
                            {
                                return(BadRequest(new { Message = "An error occurred while attempting to log you in. Please go to the login page and try again." }));
                            }
                        }
                    }
                }
                else
                {
                    return(BadRequest(new { Message = "An error occurred while creating your account. Please try again, or contact technical support for assistance." }));
                }
            }
            catch (Exception ex)
            {
                return(BadRequest(new { ex.Message }));
            }
        }