private async Task <bool> CheckUserIsLoggedInSession(string userKey, string username)
{
var db = new IBAEntities1();
var record = db.C_records.FirstOrDefault(r => r.username == username);
var session = RecordSessionUtilities.ActiveSessionByUserId(db, record.id);
if (session == null)
{
return(false);
}
else if (userKey != session.session_token.ToString())
{
return(false);
}
else
{
TimeSpan timeDiff = session.session_expiry - DateTime.UtcNow;
var timeToAdd = RecordSessionUtilities.SlidingSessionExpiryInDays - timeDiff;
var newExpiry = session.session_expiry.Add(timeToAdd);
session.session_expiry = newExpiry;
db.SaveChanges();
}
return(true);
}
public async Task <LoginResponseModel> Put()
{
LoginResponseModel model = new LoginResponseModel();
try
{
var username = GetUserNameFromRequest(Request);
decimal[] usersAllowedToLogin = new decimal[] { 1, 4, 13, 27 };
var filteredRecords = Db.C_records.Where(r => usersAllowedToLogin.Contains(r.@class));
var record = filteredRecords.FirstOrDefault(r => r.username == username);
if (record == null || record.status != 1)
{
model.ResponseError.Code = 403;
model.ResponseError.Message = "User is not permitted to log in through the app.";
return(model);
}
//If the user logs in and they already have an active session, update the session
//expiry. Otherwise create a new session.
var session = RecordSessionUtilities.ActiveSessionByUserId(Db, record.id);
if (session == null)
{
session = new record_sessions
{
session_token = GenerateTokenForUser(),
C_records = record,
session_expiry = DateTime.UtcNow.Add(RecordSessionUtilities.SlidingSessionExpiryInDays),
client_platform = String.Join(" ", Request.Headers.UserAgent),
initial_logon = DateTime.UtcNow
};
Db.record_sessions.Add(session);
await Db.SaveChangesAsync();
}
else
{
var newExpiry = session.session_expiry.Add(RecordSessionUtilities.SlidingSessionExpiryInDays);
session.session_expiry = newExpiry;
await Db.SaveChangesAsync();
}
model.SessionToken = session.session_token;
model.Profile = GetProfile(record.id);
return(model);
}
catch (Exception e)
{
model.ResponseError.Code = 500;
model.ResponseError.Message = $"Exception {e} was thrown.";
return(model);
}
}
public LoginResponseModel PutV2()
{
LoginResponseModel model = new LoginResponseModel();
try
{
var username = GetUserNameFromRequest(Request);
var record = Db.C_records.FirstOrDefault(r => r.username == username);
if (record == null || record.status != 1 || !UserRights.V2LoginClasses.Contains(record.@class))
{
model.SetError(403, "User is not permitted to log in through the app.");
return(model);
}
//If the user logs in and they already have an active session, update the session
//expiry. Otherwise create a new session.
var session = RecordSessionUtilities.ActiveSessionByUserId(Db, record.id);
if (session == null)
{
session = new record_sessions
{
session_token = GenerateTokenForUser(),
C_records = record,
session_expiry = DateTime.UtcNow.Add(RecordSessionUtilities.SlidingSessionExpiryInDays),
client_platform = string.Join(" ", Request.Headers.UserAgent),
initial_logon = DateTime.UtcNow
};
Db.record_sessions.Add(session);
Db.SaveChanges();
}
else
{
var newExpiry = session.session_expiry.Add(RecordSessionUtilities.SlidingSessionExpiryInDays);
session.session_expiry = newExpiry;
Db.SaveChanges();
}
model.SessionToken = session.session_token;
model.Profile = GetProfile(record.id);
}
catch (Exception e)
{
model.SetError(500, $"Exception {e} was thrown.");
}
return(model);
}
public async Task <bool> Delete()
{
var username = GetUserNameFromRequest(Request);
var record = Db.C_records.FirstOrDefault(r => r.username == username);
if (record != null)
{
var session = RecordSessionUtilities.ActiveSessionByUserId(Db, record.id);
if (session != null)
{
session.logout_time = DateTime.UtcNow;
await Db.SaveChangesAsync();
}
}
return(true);
}
private static bool CheckUserIsLoggedInSession(string userKey)
{
using (var db = new IBAEntities1())
{
var session = RecordSessionUtilities.ActiveSessionByToken(db, userKey);
if (session == null)
{
return(false);
}
TimeSpan timeDiff = session.session_expiry - DateTime.UtcNow;
var timeToAdd = RecordSessionUtilities.SlidingSessionExpiryInDays - timeDiff;
var newExpiry = session.session_expiry.Add(timeToAdd);
session.session_expiry = newExpiry;
db.SaveChanges();
}
return(true);
}
public static RightsResponseModel GetUserSession(IBAEntities1 db, HttpRequestMessage request)
{
var result = new RightsResponseModel {
Session = RecordSessionUtilities.SessionByToken(db, request)
};
if (result.Session == null)
{
// should never happen after xauth but just incase !
result.SetError(HttpStatusCode.Forbidden, "you do not have an active Session");
return(result);
}
if (result.Session.C_records.status != 1)
{
result.SetError(HttpStatusCode.Forbidden, "User is Disabled");
}
return(result);
}
