// POST: api/Authentication
        public IHttpActionResult Post(Authentication AuthData)
        {
            if (AuthData == null || !AuthData.IsComplete())
            {
                return(BadRequest("Authentication data required but not provided"));
            }
            DataAccessSoapClient ws = new DataAccessSoapClient();
            string token            = ws.Login(AuthData.username, AuthData.password, new DataAccessWS.UserRole[2] {
                DataAccessWS.UserRole.BUYER, DataAccessWS.UserRole.SELLER
            });

            if (string.IsNullOrEmpty(token))
            {
                return(StatusCode(HttpStatusCode.Unauthorized));
            }
            IdentityWSSoapClient idWS   = new IdentityWSSoapClient();
            IdentityData         idData = idWS.GetIdentity(new IdentityWS.Security {
                BinarySecurityToken = token
            });
            User user = ws.FindUserByUsername(idData.Username);

            return(Ok(new AuthToken {
                Token = token,
                Username = idData.Username,
                Role = idData.Role.ToString(),
                Id = user.Id
            }));
        }
        private bool CheckUserBuyer(string AuthToken)
        {
            IdentityWSSoapClient ws   = new IdentityWSSoapClient();
            IdentityData         Data = ws.GetIdentity(new Security {
                BinarySecurityToken = AuthToken
            });

            if (Data == null || Data.Role != UserRole.BUYER)
            {
                return(false);
            }
            return(true);
        }
Exemple #3
0
        private bool ValidateClientIdentity(string token, long userId)
        {
            IdentityWSSoapClient ws       = new IdentityWSSoapClient();
            IdentityData         identity = ws.GetIdentity(new IdentityWS.Security {
                BinarySecurityToken = token
            });
            DataAccessSoapClient dataWS = new DataAccessSoapClient();
            User target = dataWS.FindUser(new DataAccessWS.Security {
                BinarySecurityToken = token
            }, userId);

            return(identity != null && target != null &&
                   identity.Username.Equals(target.Username) && identity.Role.ToString().Equals(target.Role.ToString()));
        }
Exemple #4
0
        private IHttpActionResult ValidateUserCanBeDeleted(string authToken)
        {
            IdentityWSSoapClient ws       = new IdentityWSSoapClient();
            IdentityData         identity = ws.GetIdentity(new IdentityWS.Security {
                BinarySecurityToken = authToken
            });
            DataAccessSoapClient dataWS = new DataAccessSoapClient();

            OrderData[] orders = dataWS.FindOrdersByUsername(new DataAccessWS.Security {
                BinarySecurityToken = authToken
            }, identity.Username);
            if (orders != null && orders.Length > 0)
            {
                return(BadRequest("User cannot be removed since he/she has registered orders"));
            }
            return(null);
        }
        private async Task <bool> listOrders(Message message)
        {
            string[] parts = message.Text.Split(new char[0]);
            if (parts.Length != 2)
            {
                await BotClient.SendTextMessageAsync(message.Chat.Id, "Listorders command format: /listorders authToken");

                return(false);
            }
            else
            {
                string authToken              = parts[1];
                IdentityWSSoapClient iWS      = new IdentityWSSoapClient();
                IdentityData         identity = null;
                try
                {
                    identity = iWS.GetIdentity(new identityWS.Security {
                        BinarySecurityToken = authToken
                    });
                }
                catch (Exception ex)
                {
                    await BotClient.SendTextMessageAsync(message.Chat.Id, "An error occurred " + ex.Message);

                    return(false);
                }
                if (identity != null)
                {
                    DataAccessSoapClient ws     = new DataAccessSoapClient();
                    OrderData[]          orders = ws.FindOrdersByUsername(new DataAccessWS.Security {
                        BinarySecurityToken = authToken
                    }, identity.Username);
                    string response = "";
                    foreach (var o in orders)
                    {
                        response += "{" + o.OrderNumber + "} " + o.DateCreated.ToShortDateString() +
                                    " [" + o.State.ToString() + "]\n";
                    }
                    await BotClient.SendTextMessageAsync(message.Chat.Id, response);

                    return(true);
                }
                return(false);
            }
        }
Exemple #6
0
 private IHttpActionResult ValidateToken(string token)
 {
     if (string.IsNullOrEmpty(token))
     {
         return(Unauthorized());
     }
     try
     {
         IdentityWSSoapClient ws = new IdentityWSSoapClient();
         ws.GetIdentity(new IdentityWS.Security {
             BinarySecurityToken = token
         });
     }
     catch (FaultException ex)
     {
         return(BadRequest("Invalid security token"));
     }
     return(null);
 }
Exemple #7
0
 private IHttpActionResult ValidateClientIsSeller(string token)
 {
     try
     {
         IdentityWSSoapClient ws       = new IdentityWSSoapClient();
         IdentityData         identity = ws.GetIdentity(new IdentityWS.Security {
             BinarySecurityToken = token
         });
         if (identity != null && identity.Role != IdentityWS.UserRole.SELLER)
         {
             return(Unauthorized());
         }
     }
     catch (FaultException ex)
     {
         return(BadRequest("Invalid security token"));
     }
     return(null);
 }
Exemple #8
0
 private IHttpActionResult ValidateSeller(string token, string username)
 {
     try
     {
         IdentityWSSoapClient ws       = new IdentityWSSoapClient();
         IdentityData         identity = ws.GetIdentity(new IdentityWS.Security {
             BinarySecurityToken = token
         });
         if (identity == null)
         {
             return(Unauthorized());
         }
         if (!identity.Username.Equals(username))
         {
             return(Unauthorized());
         }
     }
     catch (FaultException ex)
     {
         return(BadRequest("Invalid security token"));
     }
     return(null);
 }
Exemple #9
0
 private IHttpActionResult ValidateOwnerProduct(string token, long productId)
 {
     try
     {
         IdentityWSSoapClient ws       = new IdentityWSSoapClient();
         IdentityData         identity = ws.GetIdentity(new IdentityWS.Security {
             BinarySecurityToken = token
         });
         if (identity == null)
         {
             return(Unauthorized());
         }
         DataAccessSoapClient dataWS = new DataAccessSoapClient();
         var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
         binding.MaxReceivedMessageSize = int.MaxValue;
         Product target = dataWS.FindProduct(new DataAccessWS.Security {
             BinarySecurityToken = token
         }, productId);
         if (target == null)
         {
             return(NotFound());
         }
         User owner = dataWS.FindUser(new DataAccessWS.Security {
             BinarySecurityToken = token
         }, target.seller_id);
         if (!owner.Username.Equals(identity.Username))
         {
             return(Unauthorized());
         }
     }
     catch (FaultException ex)
     {
         return(BadRequest("Invalid security token"));
     }
     return(null);
 }