public async Task <IActionResult> GetUser()
{
if (ModelState.IsValid)
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(BadRequest("User does not exist"));
}
// Reshape the users details to the DTO model
var userReturned = new UserReadDTO
{
FirstName = user.FirstName,
LastName = user.LastName,
Email = user.Email,
Photo = user.Photo,
DateCreated = user.DateCreated
};
// Return to http response
return(Ok(userReturned));
}
return(BadRequest("Invalid Request"));
}
public dynamic Registry([FromBody] UserRegistryModel userRegistry)
{
if (ModelState.IsValid)
{
UserWriteDTO user = new UserWriteDTO();
user.UserID = Guid.NewGuid();
user.UserName = userRegistry.UserName;
user.Email = userRegistry.Email;
user.Password = BCryptUtil.HashPassword(userRegistry.Password);
Task <Services.Entities.CustomResponse> task = _userService.RegistryAsync(user);
if (task.Result.status)
{
UserReadDTO user_return = new UserReadDTO(user.UserID.ToString(), user.UserName, user.Email);
return(new
{
status = true,
code = ReturnCodes.DataCreateFailed,
message = "Đăng Ký Thành Công",
data = user_return
});
}
}
return(new
{
status = false,
code = ReturnCodes.DataCreateFailed,
message = "Đăng Ký Không Thành Công"
});
}
public void UpdateToken_UserIDValueLengthEqual0_ActualFalse()
{
//Arrange
string UserID = "";
UserReadDTO userReadDTO = new UserReadDTO
{
UserID = UserID,
Email = "*****@*****.**",
UserName = "******"
};
Utilities.JWT.TokenResponse tokens = TokenUtil.GenerateTokens(userReadDTO, tokenProviderOption);
DTO.ReadDTO.TokenReadDTO tokenReadDTO = new DTO.ReadDTO.TokenReadDTO
{
AccessToken = tokens.AccessToken,
AccessTokenExpriesIn = tokens.AccessTokenExpiresIn,
RefreshToken = tokens.RefreshToken,
RefreshTokenExpriesIn = tokens.RefreshTokenExpiresIn,
};
//Act
var status = userService.UpdateToken(UserID, tokenReadDTO).Result.status;
//Assert
Assert.AreEqual(false, status);
}
public void UpdateUserInfor_UserIsNotExist_ActualFalse()
{
//Arrange
UserReadDTO userReadDTO = new UserReadDTO
{
UserID = Guid.NewGuid().ToString(),
Email = "*****@*****.**",
UserName = "******"
};
Utilities.JWT.TokenResponse tokens = TokenUtil.GenerateTokens(userReadDTO, tokenProviderOption);
DTO.ReadDTO.TokenReadDTO tokenReadDTO = new DTO.ReadDTO.TokenReadDTO
{
AccessToken = tokens.AccessToken,
AccessTokenExpriesIn = tokens.AccessTokenExpiresIn,
RefreshToken = tokens.RefreshToken,
RefreshTokenExpriesIn = tokens.RefreshTokenExpiresIn,
};
//Act
var status = userService.UpdateUserInfor(userReadDTO).Result.status;
//Assert
Assert.AreEqual(status, false);
}
public async Task <ActionResult <UserReadDTO> > CreateUser([FromBody] UserCreateDTO userCreateDto)
{
if (userCreateDto == null)
{
return(BadRequest());
}
var model = new User
(
userCreateDto.Email,
userCreateDto.Firstname,
userCreateDto.Lastname,
userCreateDto.Username,
userCreateDto.Role,
userCreateDto.Password,
userCreateDto.Salt
);
await _userService.AddUser(model);
var userReadDto = new UserReadDTO
{
UserId = model.UserId,
Email = model.Email,
Role = model.Role,
Username = model.Username,
Firstname = model.Firstname,
Lastname = model.Lastname,
};
return(CreatedAtRoute(nameof(GetUser), new { Id = userReadDto.UserId }, userReadDto));
}
public void UpdateUserInfor_NullUserID_ActualFalse()
{
//Arrange
UserReadDTO userReadDTO = new UserReadDTO {
UserID = null,
Email = "*****@*****.**",
UserName = "******"
};
Utilities.JWT.TokenResponse tokens = TokenUtil.GenerateTokens(userReadDTO, tokenProviderOption);
DTO.ReadDTO.TokenReadDTO tokenReadDTO = new DTO.ReadDTO.TokenReadDTO
{
AccessToken = tokens.AccessToken,
AccessTokenExpriesIn = tokens.AccessTokenExpiresIn,
RefreshToken = tokens.RefreshToken,
RefreshTokenExpriesIn = tokens.RefreshTokenExpiresIn,
};
//Act
var status = userService.UpdateUserInfor(userReadDTO).Result.status;
//Assert
Assert.AreEqual(status, false);
}
public async Task <dynamic> Update([FromBody] UserUpdateModel userUpdateModel)
{
string accessToken = Request.Headers[HeaderNames.Authorization];
string token = accessToken.Split("Bearer ")[1];
UserReadDTO userRead = TokenUtil.GetSubFromToken(token);
if (ModelState.IsValid)
{
userRead.UserName = userUpdateModel.UserName;
Services.Entities.CustomResponse updateUserInforTask = await _userService.UpdateUserInfor(userRead);
if (updateUserInforTask.status)
{
return(new
{
status = true,
code = ReturnCodes.DataUpdateSucceeded,
message = updateUserInforTask.message,
data = updateUserInforTask.userReadDTO
});
}
}
return(new
{
status = false,
code = ReturnCodes.DataUpdateFailed,
message = "Có Lỗi Xảy Ra Khi Cố Gắng Cập Nhật Dữ Liệu"
});
}
private string GenerateJSONWebToken(UserReadDTO userInfo)
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, userInfo.id.ToString()),
new Claim(JwtRegisteredClaimNames.Email, userInfo.email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Exp, DateTime.Now.AddMinutes(60).ToString())
};
var token = new JwtSecurityToken(
issuer: _config["Jwt:Issuer"],
audience: _config["Jwt:Issuer"],
claims,
expires: DateTime.Now.AddMinutes(60),
signingCredentials: credentials
);
var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
return(encodedToken);
}
public async Task <dynamic> ChangePassword([FromBody] UserChangePasswordModel userChangePasswordModel)
{
string accessToken = Request.Headers[HeaderNames.Authorization];
string token = accessToken.Split("Bearer ")[1];
UserReadDTO userRead = TokenUtil.GetSubFromToken(token);
if (ModelState.IsValid)
{
Services.Entities.CustomResponse UpdatePassword_Task = await _userService.UpdatePassword(userRead.UserID, userChangePasswordModel.OldPassword, userChangePasswordModel.NewPassword);
return(new
{
status = UpdatePassword_Task.status,
code = 200,
message = UpdatePassword_Task.message
});
}
return(new
{
status = false,
code = ReturnCodes.DataUpdateFailed,
message = "Có Lỗi Xảy Ra Khi Cố Gắng Thay Đổi Mật Khẩu"
});
}
public dynamic Create(PostModel postModel)
{
string accessToken = Request.Headers[HeaderNames.Authorization];
string token = accessToken.Split("Bearer ")[1];
UserReadDTO userRead = TokenUtil.GetSubFromToken(token);
if (ModelState.IsValid)
{
PostWriteDTO postWrite = new PostWriteDTO
{
TitlePost = postModel.Title,
SummaryPost = postModel.Summary,
ContentPost = postModel.Content,
EncodeImage = postModel.EncodeImage,
UserID = userRead.UserID
};
if (_postService.Create(postWrite).Result.status)
{
return(new
{
status = true,
code = ReturnCodes.DataCreateSucceeded,
message = "Thêm Post Thành Công"
});
}
}
return(new
{
status = false,
code = ReturnCodes.DataCreateFailed,
message = "Có Lỗi Xảy Ra"
});
}
public IActionResult Create(UserReadDTO userReadDTO)
{
var userModel = _mapper.Map <User>(userReadDTO);
if (_libreria.ValidUser(userModel))
{
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, userModel.Email),
new Claim(JwtRegisteredClaimNames.Nbf, new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds().ToString()),
new Claim(JwtRegisteredClaimNames.Exp, new DateTimeOffset(DateTime.Now.AddDays(1)).ToUnixTimeSeconds().ToString()),
};
var token = new JwtSecurityToken(
new JwtHeader(
new SigningCredentials(
new SymmetricSecurityKey(Encoding.UTF8.GetBytes("PalabraSecretaMuyLarga")),
SecurityAlgorithms.HmacSha256
)
),
new JwtPayload(claims)
);
var output = new {
Access_Token = new JwtSecurityTokenHandler().WriteToken(token),
Email = userModel.Email
};
return(Ok(output));
}
else
{
return(BadRequest());
}
}
public static string GenerateRegisterPage(UserReadDTO user = null)
{
StringBuilder sb = new StringBuilder();
sb.Append("<h2>Sign Up</h2>");
sb = addNotifications(sb);
sb.Append(@"<form method=post action=sign_up>
<dl>
<dt>Username:
<dd><input type=text name=Username size=30>
<dt>E-Mail:
<dd><input type=text name=Email size=30>
<dt>Password:
<dd><input type=password name=Password1 size=30>
<dt>Password <small>(repeat)</small>:
<dd><input type=password name=Password2 size=30>
</dl>
<div class=actions><input type=submit value=""Sign Up""></div>
</form>");
string toReturn = Layout(
title: "Sign Up",
body: sb.ToString(),
user
);
clearNotifications();
return(toReturn);
}
/*Update User Infor*/
public async Task <CustomResponse> UpdateUserInfor(UserReadDTO userReadDTO)
{
if (userReadDTO == null)
{
return(new CustomResponse(false, "User Read DTO is null"));
}
if (userReadDTO.isValueNull())
{
return(new CustomResponse(false, "User Read DTO value is null"));
}
try
{
User userWillUpdate = db.Users.Where(u => u.UserID.Equals(new Guid(userReadDTO.UserID))).FirstOrDefault();
if (userWillUpdate != null)
{
userWillUpdate.UserName = userReadDTO.UserName;
await db.SaveChangesAsync();
}
else
{
return(new CustomResponse(false, "User is not exist"));
}
}
catch (Exception e)
{
return(new CustomResponse(false, e.Message));
}
return(new CustomResponse(userReadDTO, true, "Update Thành Công"));
}
public IEnumerable <UserReadDTO> GetAllUser(int page)
{
// Get the users details from the database
var model = _userManager.Users.Skip(5 * (page - 1)).Take(5);
// Declare a list to be returned
var users = new List <UserReadDTO>();
// Reshape the users details to the DTO model
foreach (var item in model)
{
// Construct the DTO values here
var user = new UserReadDTO
{
FirstName = item.FirstName,
LastName = item.LastName,
Email = item.Email,
Photo = item.Photo,
DateCreated = item.DateCreated
};
// Add to the list to return
users.Add(user);
}
return(users);
}
internal static string Generate404Page(UserReadDTO user)
{
return(@"<!DOCTYPE HTML PUBLIC ""-//W3C//DTD HTML 3.2 Final//EN"">
<title>404 Not Found</title>
<h1>Not Found</h1>
<p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
");
}
public static string GenerateResetToken(UserReadDTO user, TokenProviderOption UserTokenOption)
{
DateTime now = DateTime.Now;
var resetJwt = new JwtSecurityToken(UserTokenOption.Issuer, UserTokenOption.Audience, claims: GetTokenClaims(user, now), notBefore: now, expires: now.Add(UserTokenOption.ResetExpiration), signingCredentials: UserTokenOption.SigningCredentials);
var encodedResetJwt = new JwtSecurityTokenHandler().WriteToken(resetJwt);
return(encodedResetJwt);
}
public static string Layout(
string title = "Welcome",
string body = "",
UserReadDTO user = null,
string[] flashes = default
)
{
StringBuilder sb = new StringBuilder();
sb.Append($@"<!doctype html>
<head>
<title>{title} | MiniTwit</title>
<link rel=stylesheet type=text/css href=""/static/css/style.css"">
<meta name=""viewport"" content=""width=device-width, initial-scale=1.0"">
</head>
<body>
<div class=page>
<h1>MiniTwit</h1>
<div class=navigation>");
if (user is null)
{
sb.Append(@"
<a href=""public"">public timeline meme</a> |
<a href=""sign_up"">sign up</a> |
<a href=""login"">sign in</a>");
}
else
{
sb.Append($@"
<a href=""/"">my timeline</a> |
<a href=""/public"">public timeline</a> |
<form method=post action=/logout style=""display: inline-block""><button class=nav_a type=submit>sign out [{user.username}]</button></form>");
}
sb.Append(@"</div>");
if (flashes != null && flashes.Length > 0)
{
sb.Append("<ul class=flashes>");
foreach (var message in flashes)
{
sb.Append($"<li>{message}</li>");
}
sb.Append("</ul>");
}
sb.Append($@"
<div class=body>
{body}
</div>
<div class=footer>
MiniTwit — Not A Flask Application
</div>
</div>
</body>
");
return(sb.ToString());
}
public static Claim[] GetTokenClaims(UserReadDTO user, DateTime dateTime)
{
return(new Claim[]
{
new Claim(JwtRegisteredClaimNames.Sub, JsonConvert.SerializeObject(user)),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTimeUtil.ToUnixEpochDate(dateTime).ToString(), ClaimValueTypes.Integer64)
});
}
public void UpdateToken_TokenNotExist_ActualFalse()
{
//Arrange
db.Users.RemoveRange(db.Users);
db.Tokens.RemoveRange(db.Tokens);
string UserID = Guid.NewGuid().ToString();
UserReadDTO userReadDTO = new UserReadDTO
{
UserID = UserID,
Email = "*****@*****.**",
UserName = "******"
};
Utilities.JWT.TokenResponse tokens = TokenUtil.GenerateTokens(userReadDTO, tokenProviderOption);
DTO.ReadDTO.TokenReadDTO tokenReadDTO = new DTO.ReadDTO.TokenReadDTO
{
AccessToken = tokens.AccessToken,
AccessTokenExpriesIn = tokens.AccessTokenExpiresIn,
RefreshToken = tokens.RefreshToken,
RefreshTokenExpriesIn = tokens.RefreshTokenExpiresIn,
};
User user = new User
{
UserID = new Guid(UserID),
Email = "*****@*****.**",
UserName = "******",
HashPassword = BCryptUtil.HashPassword("123456"),
isAuthenticated = false
};
db.Users.Add(user);
db.SaveChanges();
Token token = new Token
{
AccessToken = tokenReadDTO.AccessToken,
AccessTokenExpriesIn = tokenReadDTO.AccessTokenExpriesIn,
RefreshToken = tokenReadDTO.RefreshToken,
RefreshTokenExpriesIn = tokenReadDTO.RefreshTokenExpriesIn,
UserID = user.UserID
};
db.Tokens.Add(token);
db.SaveChanges();
//Act
var status = userService.UpdateToken(Guid.NewGuid().ToString(), tokenReadDTO).Result.status;
//Assert
Assert.AreEqual(false, status);
}
private async Task <UserReadDTO> AuthenticateUser(UserLoginDTO userLoginDTO)
{
UserReadDTO userReadDTO = null;
var userFromDB = await _repository.GetUserByEmail(userLoginDTO.email);
if (userFromDB != null && BCrypt.Net.BCrypt.Verify(userLoginDTO.password, userFromDB.password))
{
userReadDTO = _mapper.Map <UserReadDTO>(userFromDB);
}
return(userReadDTO);
}
private Claim[] GetClaims(UserReadDTO User)
{
Claim[] Claims = new Claim[1 + User.Roles.Count];
Claims[0] = new Claim(JwtRegisteredClaimNames.Sub, User.Id.ToString());
int Count = 1;
foreach (var Role in User.Roles)
{
Claims[Count++] = new Claim(ClaimTypes.Role, Role);
}
return(Claims);
}
public dynamic GetPosts()
{
string accessToken = Request.Headers[HeaderNames.Authorization];
string token = accessToken.Split("Bearer ")[1];
UserReadDTO userRead = TokenUtil.GetSubFromToken(token);
return(new
{
status = true,
code = ReturnCodes.DataGetSucceeded,
blogs = _postService.GetPosts(userRead.UserID).Result
});
}
public static string GenerateLoginPage(UserReadDTO user = null)
{
return(Layout(
title: "Sign In | MiniTwit",
body: @"<h2>Sign In</h2>
<form method=post action=login>
<dl>
<dt>Username:
<dd><input type=text name=Username size=30>
<dt>Password:
<dd><input type=password name=Password size=30>
</dl>
<div class=actions><input type=submit value=""Sign In""></div>
</form>", user: user));
}
public dynamic Remove([FromRoute] int PostID)
{
string accessToken = Request.Headers[HeaderNames.Authorization];
string token = accessToken.Split("Bearer ")[1];
UserReadDTO userRead = TokenUtil.GetSubFromToken(token);
Task <CustomResponse> remove_task = _postService.Remove(PostID, userRead.UserID);
return(new
{
status = remove_task.Result.status,
code = (remove_task.Result.status ? ReturnCodes.DataRemoveSucceeded : ReturnCodes.DataRemoveFailed),
message = remove_task.Result.message
});
}
private async Task CheckSessionForUser()
{
if (int.TryParse(sessionHelper.GetString("user_id"), out var userid))
{
var user = await UserRepo.ReadAsync(userid);
if (user is null)
{
PostLogout();
}
else
{
this.user = user;
}
}
}
public static TokenResponse GenerateTokens(UserReadDTO user, TokenProviderOption UserTokenOption)
{
DateTime now = DateTime.Now;
var accessJwt = new JwtSecurityToken(UserTokenOption.Issuer, UserTokenOption.Audience, claims: GetTokenClaims(user, DateTime.Now), notBefore: DateTime.Now, expires: DateTime.Now.Add(UserTokenOption.AccessExpiration), signingCredentials: UserTokenOption.SigningCredentials);
var encodedAccessJwt = new JwtSecurityTokenHandler().WriteToken(accessJwt);
var refreshJwt = new JwtSecurityToken(UserTokenOption.Issuer, UserTokenOption.Audience, claims: GetTokenClaims(user, now), notBefore: now, expires: now.Add(UserTokenOption.RefreshExpiration), signingCredentials: UserTokenOption.SigningCredentials);
var encodedRefreshJwt = new JwtSecurityTokenHandler().WriteToken(refreshJwt);
return(new TokenResponse
{
AccessToken = encodedAccessJwt,
AccessTokenExpiresIn = (int)UserTokenOption.AccessExpiration.TotalSeconds,
RefreshToken = encodedRefreshJwt,
RefreshTokenExpiresIn = (int)UserTokenOption.RefreshExpiration.TotalSeconds
});
}
public static string GenerateLoginPage(UserReadDTO user = null)
{
StringBuilder sb = new StringBuilder();
sb.Append("<h2>Sign In</h2>");
sb = addNotifications(sb);
sb.Append(@"<form method=post action=login><dl><dt>Username:<dd><input type=text name=Username size=30><dt>Password:<dd><input type=password name=Password size=30></dl>
<div class=actions><input type=submit value=""Sign In""></div>
</form>");
string toReturn = Layout(
title: "Sign In",
body: sb.ToString()
, user: user);
clearNotifications();
return(toReturn);
}
public async Task <ActionResult <UserReadDTO> > Login(UserLoginDTO userLoginDTO)
{
try
{
UserReadDTO authenticatedUser = await AuthenticateUser(userLoginDTO);
if (authenticatedUser != null)
{
var tokenString = GenerateJSONWebToken(authenticatedUser);
return(Ok(new { token = tokenString }));
}
return(Unauthorized());
}
catch (Exception)
{
return(new StatusCodeResult(StatusCodes.Status500InternalServerError));
}
}
public async Task <ActionResult <User> > GetUser(int id)
{
var user = await _userService.GetUser(id);
if (user == null)
{
return(NotFound());
}
var model = new UserReadDTO()
{
UserId = user.UserId,
Firstname = user.Firstname,
Lastname = user.Lastname,
Email = user.Email
};
return(Ok(model));
}
public async Task <ActionResult <UserReadDTO> > GetUserByEmail(string email)
{
var user = await _userRepo.GetOneUserByEmail(email);
if (user != null)
{
//var userReadDTO = _mapper.Map<UserReadDTO>(user);
var userReadDTO = new UserReadDTO
{
UserId = user.UserId,
First = user.First,
Last = user.Last,
Email = user.Email,
NumPacksPurchased = user.NumPacksPurchased,
CurrencyAmount = user.CurrencyAmount,
};
return(Ok(userReadDTO));
}
return(NotFound());
}
