public CardModel <User> Save([FromBody] CardModel <User> card)
{
if (card?.Member == null)
{
throw new ArgumentNullException(nameof(card));
}
var existUser = _repository.Find(new { login = card.Member.Login });
if (existUser != null && existUser.Id != card.Member.Id)
{
throw new PawnshopApplicationException("Пользователь с выбранным именем уже существует.");
}
var existIdentityNumber = _repository.Find(new { login = card.Member.IdentityNumber });
if (existIdentityNumber != null && existIdentityNumber.Id != card.Member.Id)
{
var error = String.Concat("Пользователь с таким ИИН уже существует: ", existIdentityNumber.Fullname);
throw new PawnshopApplicationException(error);
}
using (var transaction = _repository.BeginTransaction())
{
if (card.Member.Id > 0)
{
_repository.Update(card.Member);
}
else
{
card.Member.OrganizationId = _sessionContext.OrganizationId;
card.Member.CreateDate = DateTime.Now;
card.Member.ExpireDate = DateTime.Now.Date;
_repository.Insert(card.Member);
/*** TODO Нормальный механизм активации пользователя через электронную почту ***/
string hash;
string salt;
_saltedHash.GetHashAndSaltString("123456", out hash, out salt);
_repository.SetPasswordAndSalt(card.Member.Id, hash, salt, 0);
}
var dbRoles = _memberRepository.Roles(card.Member.Id, false);
var rolesAdd = card.Roles.Diff(dbRoles);
var rolesDel = dbRoles.Diff(card.Roles);
var dbGroups = _memberRepository.Groups(card.Member.Id, MemberRelationType.Direct);
var groupsAdd = card.Groups.Diff(dbGroups);
var groupsDel = dbGroups.Diff(card.Groups);
_memberRepository.InsertRoles(card.Member.Id, rolesAdd);
_memberRepository.DeleteRoles(card.Member.Id, rolesDel);
_memberRepository.InsertGroups(card.Member.Id, groupsAdd);
_memberRepository.DeleteGroups(card.Member.Id, groupsDel);
transaction.Commit();
}
return(card);
}
public IUserAuth UpdateUserAuth(IUserAuth existingUser, IUserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(mongoDatabase, newUser, existingUser);
var hash = existingUser.PasswordHash;
var salt = existingUser.Salt;
if (password != null)
{
var saltedHash = new SaltedHash();
saltedHash.GetHashAndSaltString(password, out hash, out salt);
}
// If either one changes the digest hash has to be recalculated
var digestHash = existingUser.DigestHa1Hash;
if (password != null || existingUser.UserName != newUser.UserName)
{
var digestHelper = new DigestAuthFunctions();
digestHash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
}
newUser.Id = existingUser.Id;
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.DigestHa1Hash = digestHash;
newUser.CreatedDate = existingUser.CreatedDate;
newUser.ModifiedDate = DateTime.UtcNow;
SaveUser(newUser);
return(newUser);
}
public IUserAuth UpdateUserAuth(IUserAuth existingUser, IUserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(newUser, existingUser);
var hash = existingUser.PasswordHash;
var salt = existingUser.Salt;
if (password != null)
{
var saltedHash = new SaltedHash();
saltedHash.GetHashAndSaltString(password, out hash, out salt);
}
newUser.Id = existingUser.Id;
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = existingUser.CreatedDate;
newUser.ModifiedDate = DateTime.UtcNow;
using (var nhSession = GetCurrentSessionFn(sessionFactory))
{
nhSession.Save(new UserAuthNHibernate(newUser));
}
return(newUser);
}
public async Task Seed()
{
string hashedPassword, salt;
var hasher = new SaltedHash();
hasher.GetHashAndSaltString("p@ssw0rd", out hashedPassword, out salt);
await new AddUserCommandHandler().HandleAsync(new AddUserCommand()
{
Email = "*****@*****.**",
FirstName = "Abdul Jabbar",
LastName = "Zaffar",
HashedPassword = hashedPassword,
PasswordSalt = salt,
Role = (int)Role.Admin
});
await new AddUserCommandHandler().HandleAsync(new AddUserCommand()
{
Email = "*****@*****.**",
FirstName = "Abdul Qudoos",
LastName = "Chaudhry",
HashedPassword = hashedPassword,
PasswordSalt = salt,
Role = (int)Role.Admin
});
}
public UserAuth UpdateUserAuth(UserAuth existingUser, UserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(newUser, existingUser);
var hash = existingUser.PasswordHash;
var salt = existingUser.Salt;
if (password != null)
{
var saltedHash = new SaltedHash();
saltedHash.GetHashAndSaltString(password, out hash, out salt);
}
newUser.Id = existingUser.Id;
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = existingUser.CreatedDate;
newUser.ModifiedDate = DateTime.UtcNow;
Session.Save(new UserAuthPersistenceDto(newUser));
return(newUser);
}
public UserAuth CreateUserAuth(UserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(newUser);
var saltedHash = new SaltedHash();
string salt;
string hash;
saltedHash.GetHashAndSaltString(password, out hash, out salt);
var digestHelper = new DigestAuthFunctions();
newUser.DigestHA1Hash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = DateTime.UtcNow;
newUser.ModifiedDate = newUser.CreatedDate;
using (var session = _documentStore.OpenSession())
{
session.Store(newUser);
session.SaveChanges();
}
return(newUser);
}
// Return Id = Hash ; Name = Salt
public ListModel PasswordGenerate(string password)
{
var PasswordHasher = new SaltedHash();
string salt;
string hash;
PasswordHasher.GetHashAndSaltString(password, out hash, out salt);
return(new ListModel()
{
Id = hash, Name = salt
});
}
public UserAuth CreateUserAuth(UserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(newUser);
var saltedHash = new SaltedHash();
string salt;
string hash;
saltedHash.GetHashAndSaltString(password, out hash, out salt);
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = DateTime.UtcNow;
newUser.ModifiedDate = newUser.CreatedDate;
Session.Save(new UserAuthPersistenceDto(newUser));
return(newUser);
}
public void UpdatePassword([FromBody] PasswordModel model)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
ModelState.Validate();
string password, salt;
_userRepository.GetPasswordAndSalt(_sessionContext.UserId, out password, out salt);
var verified = _saltedHash.VerifyHashString(model.OldPassword, password, salt);
if (!verified)
{
throw new PawnshopApplicationException("Пароль указан не верно.");
}
_saltedHash.GetHashAndSaltString(model.NewPassword, out password, out salt);
_userRepository.SetPasswordAndSalt(_sessionContext.UserId, password, salt, _options.ExpireDay);
}
public IUserAuth CreateUserAuth(IUserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(mongoDatabase, newUser);
var saltedHash = new SaltedHash();
string salt;
string hash;
saltedHash.GetHashAndSaltString(password, out hash, out salt);
var digestHelper = new DigestAuthFunctions();
newUser.DigestHa1Hash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = DateTime.UtcNow;
newUser.ModifiedDate = newUser.CreatedDate;
SaveUser(newUser);
return(newUser);
}
public UserAuth UpdateUserAuth(UserAuth existingUser, UserAuth newUser, string password = null)
{
ValidateNewUserWithoutPassword(newUser);
AssertNoExistingUser(newUser, existingUser);
var hash = existingUser.PasswordHash;
var salt = existingUser.Salt;
if (password != null)
{
var saltedHash = new SaltedHash();
saltedHash.GetHashAndSaltString(password, out hash, out salt);
}
// If either one changes the digest hash has to be recalculated
var digestHash = existingUser.DigestHA1Hash;
if (password != null || existingUser.UserName != newUser.UserName)
{
var digestHelper = new DigestAuthFunctions();
digestHash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
}
newUser.Id = existingUser.Id;
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.DigestHA1Hash = digestHash;
newUser.CreatedDate = existingUser.CreatedDate;
newUser.ModifiedDate = DateTime.UtcNow;
using (var session = _documentStore.OpenSession())
{
session.Store(newUser);
session.SaveChanges();
}
return(newUser);
}
public IUserAuth UpdateUserAuth(IUserAuth existingUser, IUserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(mongoDatabase, newUser, existingUser);
var hash = existingUser.PasswordHash;
var salt = existingUser.Salt;
if (password != null)
{
var saltedHash = new SaltedHash();
saltedHash.GetHashAndSaltString(password, out hash, out salt);
}
// If either one changes the digest hash has to be recalculated
var digestHash = existingUser.DigestHa1Hash;
if (password != null || existingUser.UserName != newUser.UserName)
{
var digestHelper = new DigestAuthFunctions();
digestHash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
}
newUser.Id = existingUser.Id;
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.DigestHa1Hash = digestHash;
newUser.CreatedDate = existingUser.CreatedDate;
newUser.ModifiedDate = DateTime.UtcNow;
SaveUser(newUser);
return newUser;
}
public IUserAuth CreateUserAuth(IUserAuth newUser, string password)
{
ValidateNewUser(newUser, password);
AssertNoExistingUser(mongoDatabase, newUser);
var saltedHash = new SaltedHash();
string salt;
string hash;
saltedHash.GetHashAndSaltString(password, out hash, out salt);
var digestHelper = new DigestAuthFunctions();
newUser.DigestHa1Hash = digestHelper.CreateHa1(newUser.UserName, DigestAuthProvider.Realm, password);
newUser.PasswordHash = hash;
newUser.Salt = salt;
newUser.CreatedDate = DateTime.UtcNow;
newUser.ModifiedDate = newUser.CreatedDate;
SaveUser(newUser);
return newUser;
}
public System.Web.Http.Results.OkNegotiatedContentResult <ResponseModel> ChangePassword([FromBody] ChangePasswordModel changePasswordModel)
{
try
{
SaltedHash SH = new SaltedHash();
string strHash = "";
string strSalt = "";
byte[] hash = null;
byte[] salt = null;
ResponseModel response = new ResponseModel();
// See if this is a temporary password
if (IsTemporaryPassword(changePasswordModel) == true)
{
// Dont check for a valid login
}
else if (IsValidLogin(changePasswordModel.LoginId, changePasswordModel.OldPassword) == false)
{
response.Code = "error";
response.Message = "Invalid Login or Password";
return(Ok(content: response));
}
SH.GetHashAndSaltString(changePasswordModel.NewPassword, out strHash, out strSalt);
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
hash = encoding.GetBytes(strHash);
salt = encoding.GetBytes(strSalt);
SqlConnection myConnection = new SqlConnection();
myConnection.ConnectionString = System.Configuration.ConfigurationManager.AppSettings["DBConnection"];
SqlCommand sqlCmd = new SqlCommand();
sqlCmd.CommandText = "spChangePassword";
sqlCmd.CommandType = CommandType.StoredProcedure;
sqlCmd.Connection = myConnection;
SqlParameter parameter = new SqlParameter();
parameter.ParameterName = "@Login_Id";
parameter.SqlDbType = SqlDbType.VarChar;
parameter.Direction = ParameterDirection.Input;
parameter.Size = 50;
parameter.Value = changePasswordModel.LoginId;
sqlCmd.Parameters.Add(parameter);
parameter = new SqlParameter();
parameter.ParameterName = "@Hash";
parameter.SqlDbType = SqlDbType.VarBinary;
parameter.Direction = ParameterDirection.Input;
parameter.Size = 250;
parameter.Value = hash;
sqlCmd.Parameters.Add(parameter);
parameter = new SqlParameter();
parameter.ParameterName = "@Salt";
parameter.SqlDbType = SqlDbType.VarBinary;
parameter.Direction = ParameterDirection.Input;
parameter.Size = 250;
parameter.Value = salt;
sqlCmd.Parameters.Add(parameter);
parameter = new SqlParameter();
parameter.ParameterName = "@Results";
parameter.SqlDbType = SqlDbType.VarChar;
parameter.Size = 50;
parameter.Direction = ParameterDirection.Output;
sqlCmd.Parameters.Add(parameter);
myConnection.Open();
sqlCmd.ExecuteNonQuery();
if (parameter.Value.ToString().Equals("0"))
{
response.Code = "success";
response.Message = "Your Password Has Been Changed Successfully";
}
else
{
response.Code = "error";
response.Message = "Invalid Login or Password";
}
myConnection.Close();
return(Ok(content: response));
}
catch (Exception ex)
{
ExceptionModel.SaveException(ex.Message, System.Reflection.MethodBase.GetCurrentMethod().DeclaringType.ToString(), System.Reflection.MethodInfo.GetCurrentMethod().Name);
return(null);
}
}
/// <summary>
/// this function will do a inital for all tables
/// </summary>
public static void InitDbTable(string user, bool GainPermission = false, bool support_schema = false)
{
var dbConn = BasicModelBase.ServiceAppHost.TryResolve <IDbConnection>();
#region DanhMuc
if (support_schema)
{
CreateSchemaIfNotExists(dbConn, "DanhMuc", GainPermission, user);
}
dbConn.CreateTableIfNotExists <DanhMuc_HanhChinh>();
#endregion
#region CMS
if (support_schema)
{
CreateSchemaIfNotExists(dbConn, "System", GainPermission, user);
CreateSchemaIfNotExists(dbConn, "CMS", GainPermission, user);
}
// User Management
dbConn.CreateTableIfNotExists <ABUserAuth>();
dbConn.CreateTableIfNotExists <ABUserOAuthProvider>();
dbConn.CreateTableIfNotExists <UsersActivation>();
// language
dbConn.CreateTableIfNotExists <Language>();
// for sites
dbConn.CreateTableIfNotExists <Website>();
dbConn.CreateTableIfNotExists <Site_ContactusConfig>(); //dbConn.CreateTable<Site_ContactusConfig>(overwrite: true);
//dbConn.CreateTableIfNotExists<Site_Lang_Dis>();
dbConn.CreateTableIfNotExists <Site_MemberGroup>();
dbConn.CreateTableIfNotExists <Site_MemberGroupDetail>();
dbConn.CreateTableIfNotExists <SiteTopic>();
dbConn.CreateTableIfNotExists <SiteTopicLanguage>();
dbConn.CreateTableIfNotExists <SiteSetting>();
dbConn.CreateTableIfNotExists <Settings>();
dbConn.CreateTableIfNotExists <SiteNewsletter>();
dbConn.CreateTableIfNotExists <Site_MaillingListTemplate>();
dbConn.CreateTableIfNotExists <Site_ContactUs>();
dbConn.CreateTableIfNotExists <Testimonial>();
dbConn.CreateTableIfNotExists <SocialAccount>();
dbConn.CreateTableIfNotExists <Site_Banner>();
dbConn.CreateTableIfNotExists <Site_FlashHeader>();
// navigation
dbConn.CreateTableIfNotExists <Navigation>();
// news
dbConn.CreateTableIfNotExists <Site_News_Category>();
dbConn.CreateTableIfNotExists <Site_News>();
// blog
dbConn.CreateTableIfNotExists <Site_Blog_Category>();
dbConn.CreateTableIfNotExists <Site_Blog>();
// system
dbConn.CreateTableIfNotExists <Country>();
dbConn.CreateTableIfNotExists <Theme>();
dbConn.CreateTableIfNotExists <Language_Translation>();
dbConn.CreateTableIfNotExists <MailQueue>();
dbConn.CreateTableIfNotExists <Exceptions>();
#endregion
#region SMS
if (support_schema)
{
CreateSchemaIfNotExists(dbConn, "SMS", GainPermission, user);
}
dbConn.CreateTableIfNotExists <SMSTemplateModel>();
#endregion
#region Products & Category
if (support_schema)
{
CreateSchemaIfNotExists(dbConn, "Products", GainPermission, user);
}
dbConn.CreateTableIfNotExists <Product_Category>(); /* dbConn.CreateTable<Product_Category>(overwrite:true); */
dbConn.CreateTableIfNotExists <Product>();
dbConn.CreateTableIfNotExists <Product_Images>();
dbConn.CreateTableIfNotExists <ProductCategoryImage>();
dbConn.CreateTableIfNotExists <ProductCategoryMaterial>();
dbConn.CreateTableIfNotExists <ProductCategoryMaterialDetail>();
// product price
dbConn.CreateTableIfNotExists <Price>();
// option
dbConn.CreateTableIfNotExists <Product_Option>();
dbConn.CreateTableIfNotExists <OptionInProduct>();
// Payment
dbConn.CreateTableIfNotExists <PayPalStandardPaymentSettings>();
// Coupon
dbConn.CreateTableIfNotExists <CouponPromo>();
// order
dbConn.CreateTableIfNotExists <AddressModel>();
dbConn.CreateTableIfNotExists <Order>();
dbConn.CreateTableIfNotExists <Order_History>();
dbConn.CreateTableIfNotExists <Order_ProductOptionUsing>();
dbConn.CreateTableIfNotExists <Order_ProductionJobSheet>();
dbConn.CreateTableIfNotExists <Order_UploadFilesTicket>();
// extra shipping
dbConn.CreateTableIfNotExists <Country_State_ExtraShipping>();
#endregion
#region Report
if (support_schema)
{
CreateSchemaIfNotExists(dbConn, "Reports", GainPermission, user);
}
dbConn.CreateTableIfNotExists <StaffActivity>();
#endregion
#region Extra Shipping
#endregion
#region Init System
if (dbConn.Count <ABUserAuth>(m => m.ActiveStatus) == 0)
{
// add default user
ABUserAuth u = new ABUserAuth()
{
UserName = "******", ActiveStatus = true, CreatedDate = DateTime.Now, DisplayName = "Trung Click4Corp", Email = "*****@*****.**", FirstName = "Imm", LastName = "Dang", FullName = "Imm Dang", Gender = "Male", Language = "EN", Roles = new global::System.Collections.Generic.List <string>()
};
var PasswordHasher = new SaltedHash();
string salt;
string hash;
PasswordHasher.GetHashAndSaltString("123absoft.vn", out hash, out salt);
u.PasswordHash = hash;
u.Salt = salt;
u.Roles.Add(RoleEnum.Administrator.ToString());
dbConn.Insert <ABUserAuth>(u);
u.Id = (int)dbConn.GetLastInsertId();
if (dbConn.Count <Website>() == 0)
{
Website w = new Website()
{
CreatedBy = u.Id, CreatedOn = DateTime.Now, Domain = new global::System.Collections.Generic.List <string>(), Name = "ABSoft CMS Site"
};
w.Domain.Add("localhost");
dbConn.Insert <Website>(w);
}
}
#endregion
}
private void button4_Click(object sender, EventArgs e)
{
if (!LoadCustomer())
{
MessageBox.Show("Can load load data file");
return;
}
if (!ConnectDB())
{
MessageBox.Show("Can not load db");
return;
}
//if (!ConnectToAccess())
//{
// MessageBox.Show("Can not load access file");
// return;
//}
var countries = Db.Select <Country>();
var count = 0;
tSQL.Text = "";
tInserted.Text = "0";
tDuplicated.Text = "0";
foreach (var cus in customer)
{
// check existing
if (Db.Select <ABUserAuth>(x => x.Where(m => m.Email == cus.email).Limit(1)).Count > 0)
{
UpdateInfo("User " + cus.email + " already existed");
tDuplicated.Text = (int.Parse(tDuplicated.Text) + 1).ToString();
continue;
}
var c = new ABUserAuth();
c.ActiveStatus = true;
c.Addr = cus.address;
// date
try
{
c.BirthDate = DateTime.Parse(cus.dob);
}
catch
{
c.BirthDate = DateTime.MinValue;
}
c.City = cus.city;
var country = countries.Where(x => x.Code == cus.country).FirstOrDefault();
if (country != null)
{
c.Country = country.Code;
}
else
{
c.Country = "MY";
}
c.CreatedDate = DateTime.Now;
c.DisplayName = cus.firstname + " " + cus.lastname;
c.Email = cus.email;
c.FirstName = cus.firstname;
c.FullName = c.DisplayName;
c.Gender = "male";
c.GroupId = 0;
c.Id = 0;
c.LastName = cus.lastname;
c.MailAddress = cus.email;
c.Permissions = new List <string>();
c.Roles = new List <string>();
c.Roles.Add("Customer");
c.Phone = cus.phone;
c.PostalCode = cus.postcode;
c.PrimaryEmail = cus.email;
c.States = cus.state;
c.UserName = cus.email;
// password
var PasswordHasher = new SaltedHash();
string salt;
string hash;
PasswordHasher.GetHashAndSaltString(cus.password, out hash, out salt);
c.PasswordHash = hash;
c.Salt = salt;
// then insert
Db.Insert <ABUserAuth>(c);
Application.DoEvents();
count++;
tInserted.Text = (int.Parse(tInserted.Text) + 1).ToString();
tSQL.Text = string.Format("Inserted customer {0} {1} {2} - {3:0.00}% ", cus.firstname, cus.lastname, cus.email, (double)count / (double)customer.Count * 100) + "\r\n" + tSQL.Text;
Application.DoEvents();
Application.DoEvents();
}
UpdateInfo("Finish " + DateTime.Now.ToString());
}
