public List <PotentialQuestions> GetPotentialQuestions()
 {
     try
     {
         UserAccountSecurityManager resetter = new UserAccountSecurityManager();
         return(resetter.GetSecurityQuestionList());
     }
     catch (Exception e)
     {
         CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current);
     }
     return(new List <PotentialQuestions>());
 }
        public async Task <HttpResponseMessage> PostRegisterUser([FromBody] CreateUser user)
        {
            try
            {
                if (!ModelState.IsValid)
                {
                    return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Model State"));
                }
                if (String.IsNullOrWhiteSpace(user.PrimaryEmail))
                {
                    return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
                }

                if (!emailvalidator.IsMatch(user.PrimaryEmail))
                {
                    return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
                }
                if (!emailvalidator.IsMatch(user.ConfirmEmail.Trim()))
                {
                    return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
                }
                if (user.PrimaryEmail != user.ConfirmEmail)
                {
                    return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
                }

                if (new UserManager().GetUserDetail(user.PrimaryEmail) != null)
                {
                    return(Request.CreateResponse(HttpStatusCode.Conflict, "An account already exists for that email address"));
                }

                UserAccountSecurityManager resetter = new UserAccountSecurityManager();
                bool rval = resetter.CreateUserSendEmail(user);
                if (rval)
                {
                    return(Request.CreateResponse(HttpStatusCode.OK, "Created Successfully"));
                }
                else
                {
                    return(Request.CreateResponse(HttpStatusCode.InternalServerError, "Unknown error"));
                }
            }
            catch (CSETApplicationException ce)
            {
                return(Request.CreateResponse(HttpStatusCode.Conflict, ce.Message));
            }
            catch (Exception e)
            {
                return(CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current));
            }
        }
        public async Task <HttpResponseMessage> PostChangePassword([FromBody] ChangePassword changePass)
        {
            try
            {
                if (!ModelState.IsValid)
                {
                    return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Model State"));
                }
                if (!emailvalidator.IsMatch(changePass.PrimaryEmail.Trim()))
                {
                    return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
                }

                Login login = new Login()
                {
                    Email    = changePass.PrimaryEmail,
                    Password = changePass.CurrentPassword
                };
                LoginResponse resp = UserAuthentication.Authenticate(login);
                if (resp == null)
                {
                    return(Request.CreateResponse(HttpStatusCode.Conflict, "Current password is invalid. Try again or request a new temporary password."));
                }

                UserAccountSecurityManager resetter = new UserAccountSecurityManager();

                bool rval = await resetter.ChangePassword(changePass);

                if (rval)
                {
                    resp.PasswordResetRequired = false;
                    await db.SaveChangesAsync();

                    return(Request.CreateResponse(HttpStatusCode.OK, "Created Successfully"));
                }
                else
                {
                    return(Request.CreateResponse(HttpStatusCode.InternalServerError, "Unknown error"));
                }
            }
            catch (CSETApplicationException ce)
            {
                return(Request.CreateResponse(HttpStatusCode.Conflict, ce.Message));
            }
            catch (Exception e)
            {
                return(CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current));
            }
        }
Esempio n. 4
0
        public async Task <IHttpActionResult> GetSecurityQuestions([FromUri] string email, [FromUri] string appCode)
        {
            try
            {
                if (db.USERS.Where(x => String.Equals(x.PrimaryEmail, email)).FirstOrDefault() == null)
                {
                    return(Conflict());
                }


                var q = from b in db.USER_SECURITY_QUESTIONS
                        join c in db.USERS on b.UserId equals c.UserId
                        where c.PrimaryEmail == email
                        select new SecurityQuestions()
                {
                    SecurityQuestion1 = b.SecurityQuestion1,
                    SecurityQuestion2 = b.SecurityQuestion2
                };

                List <SecurityQuestions> questions = q.ToList();

                //note that you don't have to provide a security question
                //it will just reset if you don't
                if (questions.Count == 0 ||
                    (questions[0].SecurityQuestion1 == null && questions[0].SecurityQuestion2 == null))
                {
                    UserAccountSecurityManager resetter = new UserAccountSecurityManager();
                    bool rval = await resetter.ResetPassword(email, "Password Reset", appCode);

                    return(Ok(new List <SecurityQuestions>()));
                }


                return(Ok(questions));
            }
            catch (Exception e)
            {
                CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current);
                return(Content(HttpStatusCode.InternalServerError, e.Message));
            }
        }
        public async Task <IHttpActionResult> ResetPassword([FromBody] SecurityQuestionAnswer answer)
        {
            try
            {
                if (!ModelState.IsValid)
                {
                    return(BadRequest(ModelState));
                }
                if (!emailvalidator.IsMatch(answer.PrimaryEmail.Trim()))
                {
                    return(BadRequest());
                }

                if (IsSecurityAnswerCorrect(answer))
                {
                    UserAccountSecurityManager resetter = new UserAccountSecurityManager();
                    bool rval = await resetter.ResetPassword(answer.PrimaryEmail, "Password Reset", answer.AppCode);

                    if (rval)
                    {
                        return(StatusCode(HttpStatusCode.OK));
                    }
                    else
                    {
                        return(StatusCode(HttpStatusCode.InternalServerError));
                    }
                }

                // return Unauthorized();
                // returning a 401 (Unauthorized) gets caught by the JWT interceptor and dumps the user out, which we don't want.
                return(Conflict());
            }
            catch (Exception e)
            {
                return((IHttpActionResult)CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current));
            }
        }