public void ChangePassword(string token, string oldPassword, string newPassword)
{
if (oldPassword == newPassword)
{
throw new InvalidOperationException("Nelze použít původní heslo.");
}
using (var repository = new SnizPrestizRepository(true))
{
var tokenData = repository.Users.FindValidSessionByTokenWithUser(token);
if (tokenData == null)
{
throw new InvalidOperationException("Nelze změnit heslo. Nebyl nalezen platný token přihlášeného uživatele.");
}
if (tokenData.User.LocalAccount == null)
{
throw new InvalidOperationException("Nelze změnit heslo, protože nebyl nalezen lokální účet přihlášeného uživatele.");
}
tokenData.User.LocalAccount.Password = BCrypt.HashPassword(newPassword, BCrypt.GenerateSalt());
repository.SaveChanges();
}
}
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
if (value == null)
{
return(new ValidationResult("Login uživatele nemůže být null"));
}
if (!(value is string username))
{
return(new ValidationResult("Login uživatele není řetězec."));
}
if (username.Trim() == "")
{
return(new ValidationResult("Nebyl zadán login uživatele."));
}
using (var repository = new SnizPrestizRepository())
{
if (repository.Users.FindLocalAccountByUsername(username) != null)
{
return(new ValidationResult("Byl nalezen uživatel se stejným přihlašovacím jménem."));
}
}
return(ValidationResult.Success);
}
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
if (value == null)
{
return(new ValidationResult("ID kurzu nemůže být null"));
}
if (!(value is string course))
{
return(new ValidationResult("ID kurzu není řetězec."));
}
if (course.Trim() == "")
{
return(new ValidationResult("Nebylo zadáno ID Kurzu."));
}
using (var repository = new SnizPrestizRepository())
{
var exists = repository.Courses.ExistsCourse(course);
if (!exists)
{
return(new ValidationResult("Hledaný kurz neexistuje."));
}
}
return(ValidationResult.Success);
}
public bool IsAuthenticated(string token, HttpContext context)
{
using (var repository = new SnizPrestizRepository(false))
{
var session = repository.Users.FindValidSessionByToken(token);
return(session != null);
}
}
public Account GetLoggedAccount()
{
var token = GetAuthorizationToken();
using (var repository = new SnizPrestizRepository())
{
return(repository.Users.FindValidSessionByTokenWithUser(token).User);
}
}
public IActionResult GetPostLabels()
{
using (var repository = new SnizPrestizRepository(false))
{
var data = repository.Consts.GetLabels()
.AsEnumerable()
.Select(o => new Label(o))
.ToList();
return(Ok(data));
}
}
public IActionResult GetPost([PostExists] long postID)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
using (var repository = new SnizPrestizRepository())
{
var post = repository.Posts.FindPostById(postID);
return(Ok(new Post(post)));
}
}
public IActionResult GetCoursesList(bool openOnly, bool favouriteOnly)
{
var loggedUser = GetLoggedAccount();
using (var repository = new SnizPrestizRepository())
{
var data = repository.Courses.GetCoursesList(openOnly, favouriteOnly, loggedUser.ID)
.AsEnumerable()
.Select(o => new Course(o, loggedUser.ID))
.ToList();
return(Ok(data));
}
}
public IActionResult GetCourse([CourseExists] string code)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var loggedUser = GetLoggedAccount();
using (var repository = new SnizPrestizRepository())
{
var course = repository.Courses.FindCourseByCode(code);
return(Ok(new Course(course, loggedUser.ID)));
}
}
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
if (!(value is long id))
{
return(new ValidationResult("Příspěvek se zadaným ID neexistuje."));
}
using (var repository = new SnizPrestizRepository())
{
if (!repository.Posts.ExistsPost(id))
{
return(new ValidationResult("Příspěvek se zadaným ID neexistuje."));
}
}
return(ValidationResult.Success);
}
public IActionResult GetPostsOfCourse([CourseExists] string code, int[] label, int?from, int?to)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
using (var repository = new SnizPrestizRepository())
{
var posts = repository.Posts.GetPostsByCourse(code, label, from, to)
.AsEnumerable()
.Select(o => new SimplePost(o))
.ToList();
return(Ok(posts));
}
}
public IActionResult GetOpenYearsOfCourse([CourseExists] string code)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
using (var repository = new SnizPrestizRepository())
{
var course = repository.Courses.FindCourseByCode(code);
var data = course.OpenedCourses
.Select(o => new OpenedCourse(o))
.ToList();
return(Ok(data));
}
}
public void CreateUser(string username, string password)
{
using (var repository = new SnizPrestizRepository(true))
{
var localAccount = new LocalAccount()
{
Password = BCrypt.HashPassword(password, BCrypt.GenerateSalt()),
Username = username
};
var account = new Account()
{
LocalAccount = localAccount,
Flags = (int)AccountFlags.None
};
repository.Add(account);
repository.SaveChanges();
}
}
public IActionResult CreatePost([FromBody] CreatePostRequest request)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var loggedUser = GetLoggedAccount();
using (var repository = new SnizPrestizRepository(true))
{
var entity = request.ToEntity(loggedUser);
repository.Add(entity);
repository.SaveChanges();
entity.Author = loggedUser;
return(Ok(new Post(entity)));
}
}
public Session Authenticate(string username, string password)
{
using (var repository = new SnizPrestizRepository(true))
{
var user = repository.Users.FindLocalAccountByUsername(username);
if (user == null || !BCrypt.CheckPassword(password, user.Password))
{
return(null);
}
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(JwtConfig["Secret"]);
var tokenDescriptor = new SecurityTokenDescriptor()
{
Subject = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, user.ID.ToString())
}),
Expires = DateTime.UtcNow.AddDays(Convert.ToInt32(JwtConfig["ExpirationDateDays"])),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenData = tokenHandler.WriteToken(token);
var sessionData = new Session()
{
Token = tokenData,
User = user.Account,
Valid = 1
};
repository.Add(sessionData);
repository.SaveChanges();
return(sessionData);
}
}
public void RevokeToken(string token, Account loggedUser)
{
if (string.IsNullOrEmpty(token))
{
return;
}
using (var repository = new SnizPrestizRepository(true))
{
var tokenData = repository.Users.FindValidSessionByToken(token);
if (tokenData == null)
{
return;
}
if (tokenData.UserID != loggedUser.ID && !loggedUser.IsAdmin())
{
throw new InvalidOperationException("Tento token může smazat pouze uživatel, který jej založil, nebo administrátor.");
}
tokenData.Valid = 0;
repository.SaveChanges();
}
}
