public IHttpActionResult AddUserIndicesWithoutAuthorization(long id, List <string> tickers) { using (Models.ChallengeContext cc = new Models.ChallengeContext()) { Models.User user = cc.Users .FirstOrDefault(u => u.UserId == id); if (user == null) { return(BadRequest("user not found")); } else { try { List <Models.Index> indices = cc.Indices .Where(i => tickers.Contains(i.Ticker)) .ToList(); foreach (Models.Index index in indices) { if (!user.Indices.Contains(index)) { user.Indices.Add(index); } } cc.SaveChanges(); } catch (Exception e) { // terrible error handling return(InternalServerError(e)); } } return(Json(JsonObjects.Jsonify(user.Indices.ToList()))); } }
public IHttpActionResult GetIndexWithoutAuthorization(string username, string ticker) { using (Models.ChallengeContext cc = new Models.ChallengeContext()) { Models.User user = cc.Users .FirstOrDefault(u => u.Username.Equals(username)); if (user == null) { return(NotFound()); } else { Models.Index index; if (user.IsAdministrator) { // look for ticker in all indices index = cc.Indices .Where(i => i.Ticker.Equals(ticker)) .FirstOrDefault(); } else { // look for ticker in user's indices index = user.Indices .Where(i => i.Ticker.Equals(ticker)) .FirstOrDefault(); } if (index == null) { return(NotFound()); } return(Json(JsonObjects.Jsonify(index))); } } }
public IHttpActionResult GetAllIndicesWithoutAuthorization(string username) { List <Models.Index> results; using (Models.ChallengeContext cc = new Models.ChallengeContext()) { Models.User user = cc.Users .FirstOrDefault(u => u.Username.Equals(username)); if (user == null) { results = new List <Models.Index>(); } else { if (user.IsAdministrator) { // return all indices results = cc.Indices.ToList(); } else { // return user's indices results = user.Indices.ToList(); } } } return(Json(JsonObjects.Jsonify(results))); }
public IHttpActionResult AddUserIndices([FromUri] long id, [FromBody] List <string> tickers) { using (Models.ChallengeContext cc = new Models.ChallengeContext()) { // username in Thread.CurrentPrincipal.Identity.Name Models.User adminUser = cc.Users .FirstOrDefault(u => u.Username.Equals(Thread.CurrentPrincipal.Identity.Name)); if (adminUser == null || !adminUser.IsAdministrator) { return(Unauthorized()); } } return(AddUserIndicesWithoutAuthorization(id, tickers)); }
public IHttpActionResult ValidatePassword(dynamic loginInfo) { string username; string password; if (JsonObjects.IsStringNullOrEmpty(loginInfo, "username") || JsonObjects.IsStringNullOrEmpty(loginInfo, "password") ) { return(BadRequest(INVALID_LOGIN_DATA)); } try { username = loginInfo.username; password = loginInfo.password; } catch (Exception) { return(BadRequest(INVALID_LOGIN_DATA)); } // get user entity using (Models.ChallengeContext cc = new Models.ChallengeContext()) { Models.User user = cc.Users .FirstOrDefault((u) => u.Username.Equals(username)); if (user == null) { return(BadRequest(INVALID_USERNAME_OR_PASSWORD)); } byte[] hash = GetEncodedPassword(password, user.Salt); // get stored hash in bytes byte[] bUserPassword = Convert.FromBase64String(user.Password); if (hash.SequenceEqual(bUserPassword)) { // create and return a token string token = createToken(username); return(Ok(token)); } else { return(BadRequest(INVALID_USERNAME_OR_PASSWORD)); } } }
public IHttpActionResult GetUsers() { using (Models.ChallengeContext cc = new Models.ChallengeContext()) { // username in Thread.CurrentPrincipal.Identity.Name Models.User adminUser = cc.Users .FirstOrDefault(u => u.Username.Equals(Thread.CurrentPrincipal.Identity.Name)); if (adminUser == null || !adminUser.IsAdministrator) { return(Unauthorized()); } else { List <Models.User> results = cc.Users.ToList(); return(Json(JsonObjects.Jsonify(results))); } } }