//WORKS
internal LogonResponseModel AuthenticateUser(LogonUserModel user)
{
var responseModel = new LogonResponseModel();
//1) Go to the db and get the userId
using (var db = new SAMEntities())
{
var authenticatedAccessCard = db.AccessCards.FirstOrDefault(x => x.UserId == user.UserId);
var authenticatedUser = db.Users.FirstOrDefault(x => x.Id == authenticatedAccessCard.UserId);
bool isAuthenticated = false;
if (authenticatedAccessCard != null)
{
//2) Go and check the challenge inputted == the stored challenge in the db
isAuthenticated = string.Equals(authenticatedUser.AuthenticationCode, user.ChallengeResponse);
responseModel.IsAuthenticated = isAuthenticated;
}
responseModel.SetAuthenticationUrl(isAuthenticated, authenticatedUser);
responseModel.SetUserId(authenticatedUser);
if (!isAuthenticated)
{
responseModel.SetErrorMessage("Invalid username or password");
eventLogger.LogEvent(authenticatedUser.Id, CrossCuttingConcerns.EventLog.EventType.User_Authentication, CrossCuttingConcerns.EventLog.EventSeverity.Error);
}
else
{
eventLogger.LogEvent(authenticatedUser.Id, CrossCuttingConcerns.EventLog.EventType.User_Authentication, CrossCuttingConcerns.EventLog.EventSeverity.Informational);
}
return(responseModel);
}
}
//WORKS
internal LogonResponseModel AuthoriseAccessCard()
{
var responseModel = new LogonResponseModel();
// Read Student UID from Card
var cardId = GetCardId();
using (var db = new SAMEntities())
{
var scannedCard = db.AccessCards.FirstOrDefault(x => x.CardId == cardId && x.CardType == (int)AccessCardTypes.Administrator);
if (scannedCard != null)
{
var authorisedUser = db.Users.FirstOrDefault(u => u.Id == scannedCard.UserId && u.IsAdmin);
// Authenticate User
if (authorisedUser == null)
{
responseModel.IsAuthorised = false;
responseModel.SetErrorMessage("Invalid combination of card and userId");
eventLogger.LogEvent(scannedCard.CardId, CrossCuttingConcerns.EventLog.EventType.User_Authentication, CrossCuttingConcerns.EventLog.EventSeverity.Error);
}
else
{
responseModel.IsAuthorised = true;
responseModel.SetUserId(authorisedUser);
}
responseModel.SetAuthorisationUrl(responseModel.IsAuthorised, authorisedUser);
}
else
{
throw new UnauthorizedAccessException("SAM does not recognize your card!");
}
}
return(responseModel);
}
//Individual records/Details
//internal UserModel StudentDetail()
//{
// var modeluser = new UserModel();
// using (var db = new SAMEntities())
// {
// var users = db.Users;
// users.(user =>
// {
// modeluser.Add(new UserModel
// {
// Username = user.Username.ToString(),
// FirstName = user.FirstName,
// LastName = user.LastName,
// Email = user.Email,
// CellPhone = user.CellPhone,
// });
// });
// }
// return modeluser;
//}
internal LogonResponseModel LogOn(LogonUserModel userModel)
{
//Step 1 Generate hash for password
var responseModel = new LogonResponseModel();
var hash = userModel.Password.GenerateHash();
//Step2 : validate against dbHash
using (var db = new SAMEntities())
{
var usr = db.Users.FirstOrDefault(u => u.Username == userModel.Username && u.PasswordHash == hash);
responseModel.SetRedirectUrl(usr);
if (usr == null)
{
responseModel.SetErrorMessage("Invalid username or password");
}
else
{
responseModel.IsAuthorised = true;
responseModel.SetUsername(usr.Username);
}
return(responseModel);
}
}