public IHttpActionResult AddUserIndicesWithoutAuthorization(long id, List <string> tickers)
{
using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
Models.User user = cc.Users
.FirstOrDefault(u => u.UserId == id);
if (user == null)
{
return(BadRequest("user not found"));
}
else
{
try {
List <Models.Index> indices = cc.Indices
.Where(i => tickers.Contains(i.Ticker))
.ToList();
foreach (Models.Index index in indices)
{
if (!user.Indices.Contains(index))
{
user.Indices.Add(index);
}
}
cc.SaveChanges();
} catch (Exception e) {
// terrible error handling
return(InternalServerError(e));
}
}
return(Json(JsonObjects.Jsonify(user.Indices.ToList())));
}
}
public IHttpActionResult GetIndexWithoutAuthorization(string username, string ticker)
{
using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
Models.User user = cc.Users
.FirstOrDefault(u => u.Username.Equals(username));
if (user == null)
{
return(NotFound());
}
else
{
Models.Index index;
if (user.IsAdministrator)
{
// look for ticker in all indices
index = cc.Indices
.Where(i => i.Ticker.Equals(ticker))
.FirstOrDefault();
}
else
{
// look for ticker in user's indices
index = user.Indices
.Where(i => i.Ticker.Equals(ticker))
.FirstOrDefault();
}
if (index == null)
{
return(NotFound());
}
return(Json(JsonObjects.Jsonify(index)));
}
}
}
public IHttpActionResult GetAllIndicesWithoutAuthorization(string username)
{
List <Models.Index> results;
using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
Models.User user = cc.Users
.FirstOrDefault(u => u.Username.Equals(username));
if (user == null)
{
results = new List <Models.Index>();
}
else
{
if (user.IsAdministrator)
{
// return all indices
results = cc.Indices.ToList();
}
else
{
// return user's indices
results = user.Indices.ToList();
}
}
}
return(Json(JsonObjects.Jsonify(results)));
}
public IHttpActionResult AddUserIndices([FromUri] long id, [FromBody] List <string> tickers)
{
using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
// username in Thread.CurrentPrincipal.Identity.Name
Models.User adminUser = cc.Users
.FirstOrDefault(u => u.Username.Equals(Thread.CurrentPrincipal.Identity.Name));
if (adminUser == null || !adminUser.IsAdministrator)
{
return(Unauthorized());
}
}
return(AddUserIndicesWithoutAuthorization(id, tickers));
}
public IHttpActionResult ValidatePassword(dynamic loginInfo)
{
string username;
string password;
if (JsonObjects.IsStringNullOrEmpty(loginInfo, "username") ||
JsonObjects.IsStringNullOrEmpty(loginInfo, "password")
)
{
return(BadRequest(INVALID_LOGIN_DATA));
}
try {
username = loginInfo.username;
password = loginInfo.password;
} catch (Exception) {
return(BadRequest(INVALID_LOGIN_DATA));
}
// get user entity
using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
Models.User user = cc.Users
.FirstOrDefault((u) => u.Username.Equals(username));
if (user == null)
{
return(BadRequest(INVALID_USERNAME_OR_PASSWORD));
}
byte[] hash = GetEncodedPassword(password, user.Salt);
// get stored hash in bytes
byte[] bUserPassword = Convert.FromBase64String(user.Password);
if (hash.SequenceEqual(bUserPassword))
{
// create and return a token
string token = createToken(username);
return(Ok(token));
}
else
{
return(BadRequest(INVALID_USERNAME_OR_PASSWORD));
}
}
}
public IHttpActionResult GetUsers()
{
using (Models.ChallengeContext cc = new Models.ChallengeContext()) {
// username in Thread.CurrentPrincipal.Identity.Name
Models.User adminUser = cc.Users
.FirstOrDefault(u => u.Username.Equals(Thread.CurrentPrincipal.Identity.Name));
if (adminUser == null || !adminUser.IsAdministrator)
{
return(Unauthorized());
}
else
{
List <Models.User> results = cc.Users.ToList();
return(Json(JsonObjects.Jsonify(results)));
}
}
}
