/// <summary>
/// This method is responsible for getting a specific user from the helpdesk system
/// </summary>
/// <param name="id">The UserId of the specific user to be retrieved</param>
/// <returns>The response that indicates if the operation was a success,
/// and the details of the retrieved user if it was</returns>
public GetUserResponse GetUser(int id)
{
s_logger.Info("Getting user...");
GetUserResponse response = new GetUserResponse();
try
{
var dataLayer = new UsersDataLayer();
UserDTO user = dataLayer.GetUser(id);
if (user == null)
{
throw new NotFoundException("Unable to find user!");
}
response.User = user;
response.Status = HttpStatusCode.OK;
}
catch (NotFoundException ex)
{
s_logger.Error(ex, "Unable to find user!");
response.Status = HttpStatusCode.NotFound;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.NotFound, "Unable to find user!"));
}
catch (Exception ex)
{
s_logger.Error(ex, "Unable to get user!");
response.Status = HttpStatusCode.InternalServerError;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.InternalServerError, "Unable to get user!"));
}
return(response);
}
/// <summary>
/// This method is responsible for retrieving all users from the helpdesk system
/// </summary>
/// <returns>The response that indicates if the operation was a success,
/// and the list of users</returns>
public GetUsersResponse GetUsers()
{
s_logger.Info("Getting users...");
GetUsersResponse response = new GetUsersResponse();
try
{
var dataLayer = new UsersDataLayer();
List <UserDTO> users = dataLayer.GetUsers();
response.Users = users;
response.Status = HttpStatusCode.OK;
}
catch (NotFoundException ex)
{
s_logger.Error(ex, "No users found!");
response.Status = HttpStatusCode.NotFound;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.NotFound, "No users found!"));
}
catch (Exception ex)
{
s_logger.Error(ex, "Unable to get users!");
response.Status = HttpStatusCode.InternalServerError;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.InternalServerError, "Unable to get users!"));
}
return(response);
}
public int getTotalRecords(UserCriteria conditions)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
using (SqlConnection connection = sqlConnection.GetConnection())
{
return(UsersDataLayer.GetInstance().GetTotalRecords(connection, conditions));
}
}
public void TrackUserAction(UserLogInfo userLoginfo)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
using (SqlConnection connection = sqlConnection.GetConnection())
{
UsersDataLayer.GetInstance().TrackingUserBehavior(connection, userLoginfo);
}
}
public AuthenticateModelRespone SignIn(string _UserID, string _Password)
{
AuthenticateModelRespone ret = new AuthenticateModelRespone();
ret.isSuccess = false;
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
using (SqlConnection connection = sqlConnection.GetConnection())
{
DataTable dtLogin = UsersDataLayer.GetInstance().Get_UserPassword(connection, _UserID);
if (dtLogin.Rows.Count > 0)
{
var strPass = dtLogin.Rows[0][1].ToString();
//Have a Password
if (strPass.Length > 0)
{
string applicationId = EncryptionUtils.GetApplicationId();
string applicationName = EncryptionUtils.GetApplicationName();
strPass = EncryptionUtils.Decrypt(strPass, applicationName, applicationId).Trim();
//Corect Password
if (strPass.Equals(_Password))
{
DataTable dtLogin2 = UsersDataLayer.GetInstance().GetUserByUserId(connection, _UserID);
ret.isSuccess = true;
ret.name = dtLogin2.Rows[0][1].ToString();
ret.userID = dtLogin2.Rows[0][0].ToString();
ret.role = UsersDataLayer.GetInstance().GetRoleByUserId(connection, _UserID);
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(SerectContext.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.NameIdentifier, _UserID)
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
ret.token = tokenHandler.WriteToken(token);
return(ret);
}
}
}
ret.err.msgCode = "001";
ret.err.msgString = "Sai thông tin password và acccount";
return(ret);
}
}
public List <UserInfo> GetList(UserCriteria conditions)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
using (SqlConnection connection = sqlConnection.GetConnection())
{
List <UserInfo> ListUserInfo = UsersDataLayer.GetInstance().Getlist(connection, conditions);
return(ListUserInfo);
}
}
public void DeleteUser(string id)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
using (SqlConnection connection = sqlConnection.GetConnection())
{
UsersDataLayer.GetInstance().DeleteUser(connection, id);
UserGroupDataLayer.GetInstance().DeleteGroupOfUser(connection, id);
}
}
public void UpdateUserGroup(string id, UserGroupInfo _userGroup)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
UserInfo record = new UserInfo();
using (SqlConnection connection = sqlConnection.GetConnection())
{
UserInfo data = UsersDataLayer.GetInstance().GetUser(connection, id);
UserGroupDataLayer.GetInstance().UpdateUserGroup(connection, id, _userGroup);
}
}
public UserInfo GetDetail(string id)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
UserInfo record = new UserInfo();
using (SqlConnection connection = sqlConnection.GetConnection())
{
record = UsersDataLayer.GetInstance().GetUser(connection, id);
return(record);
}
}
public void ChangePassword(string _user, string pass)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
UserInfo record = new UserInfo();
using (SqlConnection connection = sqlConnection.GetConnection())
{
string applicationId = EncryptionUtils.GetApplicationId();
string applicationName = EncryptionUtils.GetApplicationName();
String password = EncryptionUtils.EncryptData(pass, applicationName, applicationId);
UsersDataLayer.GetInstance().ChangePass(connection, _user, password);
}
}
public void DeleteUsers(string ids)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
using (SqlConnection connection = sqlConnection.GetConnection())
{
string[] IDsarray = ids.Split(',');
foreach (string id in IDsarray)
{
UsersDataLayer.GetInstance().DeleteUser(connection, id);
}
}
}
public void CreateUser(UserInfo _user)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
UserInfo record = new UserInfo();
using (SqlConnection connection = sqlConnection.GetConnection())
{
string applicationId = EncryptionUtils.GetApplicationId();
string applicationName = EncryptionUtils.GetApplicationName();
_user.Password = EncryptionUtils.EncryptData(_user.Password, applicationName, applicationId);
UsersDataLayer.GetInstance().CreateUser(connection, _user);
}
}
/// <summary>
/// This method is responsible for updating a specific user's information, such
/// as their username and password
/// </summary>
/// <param name="id">The UserId of the user to be updated</param>
/// <param name="request">The user's new information</param>
/// <returns>The response that indicates if the update was successfull</returns>
public UpdateUserResponse UpdateUser(int id, UpdateUserRequest request)
{
s_logger.Info("Updating user...");
UpdateUserResponse response = new UpdateUserResponse();
try
{
response = (UpdateUserResponse)request.CheckValidation(response);
if (response.Status == HttpStatusCode.BadRequest)
{
return(response);
}
request.Password = HashText(request.Password);
var dataLayer = new UsersDataLayer();
if (dataLayer.GetUserByUsername(request.Username) != null && dataLayer.GetUserByUsername(request.Username).UserId != id)
{
throw new Exception("Unable to update user! User with username " + request.Username + "already exists!");
}
bool result = dataLayer.UpdateUser(id, request);
if (result == false)
{
throw new NotFoundException("Unable to find user!");
}
response.Result = result;
response.Status = HttpStatusCode.OK;
}
catch (NotFoundException ex)
{
s_logger.Error(ex, "Unable to find user!");
response.Status = HttpStatusCode.NotFound;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.NotFound, "Unable to find user!"));
}
catch (Exception ex)
{
s_logger.Error(ex, "Unable to update user!");
response.Status = HttpStatusCode.Forbidden;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.Forbidden, "Unable to update user!"));
}
return(response);
}
/// <summary>
/// This method is responsible for adding a new user.
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public AddUserResponse AddUser(AddUserRequest request)
{
s_logger.Info("Adding user...");
AddUserResponse response = new AddUserResponse();
try
{
response = (AddUserResponse)request.CheckValidation(response);
if (response.Status == HttpStatusCode.BadRequest)
{
return(response);
}
if (string.IsNullOrEmpty(request.Password))
{
request.Password = request.Username;
}
request.Password = HashText(request.Password);
var dataLayer = new UsersDataLayer();
if (dataLayer.GetUserByUsername(request.Username) != null)
{
response.Status = HttpStatusCode.Forbidden;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.Forbidden, "Username already exists"));
return(response);
}
int?result = dataLayer.AddUser(request);
if (result == null)
{
throw new Exception("Unable to add user!");
}
response.UserId = (int)result;
response.Status = HttpStatusCode.OK;
}
catch (Exception ex)
{
s_logger.Error(ex, "Unable to add user!");
response.Status = HttpStatusCode.InternalServerError;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.InternalServerError, "Unable to add user!"));
}
return(response);
}
public void UpdateUser(string id, UserInfo _user)
{
SqlConnectionFactory sqlConnection = new SqlConnectionFactory();
UserInfo record = new UserInfo();
using (SqlConnection connection = sqlConnection.GetConnection())
{
UserInfo data = UsersDataLayer.GetInstance().GetUser(connection, id);
if (data.Password != _user.Password)
{
string applicationId = EncryptionUtils.GetApplicationId();
string applicationName = EncryptionUtils.GetApplicationName();
_user.Password = EncryptionUtils.EncryptData(_user.Password, applicationName, applicationId);
}
UsersDataLayer.GetInstance().UpdateUser(connection, id, _user);
}
}
/// <summary>
/// This is used to check that the user that is logged in is actually a valid user in the system
/// </summary>
/// <param name="username">The username of the user</param>
/// <param name="userId">The id of the user</param>
/// <returns>An indicator of whether or not the user is valid</returns>
public bool VerifyUser(string username, string userId)
{
bool result = false;
try
{
var dataLayer = new UsersDataLayer();
int userID = -1;
if (!int.TryParse(userId, out userID))
{
throw new Exception("Invalid user id received.");
}
UserDTO userFromID = dataLayer.GetUser(userID);
UserDTO userFromUsername = dataLayer.GetUserByUsername(username);
if (!(userFromID.UserId == userFromUsername.UserId && userFromID.Username == userFromUsername.Username && (!userFromID.FirstTime)))
{
s_logger.Warn("Unable to verify user.");
result = false;
}
else
{
result = true;
}
}
catch (NotFoundException ex)
{
s_logger.Warn(ex, "Unable to find user in system.");
}
catch (Exception ex)
{
s_logger.Error(ex, "Unable to perform log in attempt.");
}
return(result);
}
/// <summary>
/// This method is responsible for handling the deletion of a user from the system
/// </summary>
/// <param name="id">The id of the user to be deleted</param>
/// <returns>A response that indicates whether or not the deletion was successful</returns>
public DeleteUserResponse DeleteUser(int id, string currentUser)
{
var response = new DeleteUserResponse();
try
{
var dataLayer = new UsersDataLayer();
UserDTO user = dataLayer.GetUser(id);
if (user.Username == currentUser)
{
response.Status = HttpStatusCode.Forbidden;
return(response);
}
bool result = dataLayer.DeleteUser(id);
if (result)
{
response.Status = HttpStatusCode.OK;
}
}
catch (NotFoundException ex)
{
s_logger.Warn($"Unable to find the user with id [{id}]");
response.Status = HttpStatusCode.NotFound;
}
catch (Exception ex)
{
s_logger.Error(ex, "Unable to delete the user.");
response.Status = HttpStatusCode.InternalServerError;
}
return(response);
}
/// <summary>
/// This method is responsable for handling the validation and verification of the users login attempt
/// </summary>
/// <param name="request">the users login information</param>
/// <returns>The response which indicates if they are sucessful and the bearer token
/// they will use for authentication on success</returns>
public LoginResponse LoginUser(LoginRequest request)
{
s_logger.Info("Attempting to log in...");
LoginResponse response = new LoginResponse();
try
{
//Validate input
response = (LoginResponse)request.CheckValidation(response);
if (response.Status == HttpStatusCode.BadRequest)
{
return(response);
}
var dataLayer = new UsersDataLayer();
//Verify user exists
UserDTO user = dataLayer.GetUserByUsername(request.Username);
if (user == null)
{
response.Token = string.Empty;
response.Status = HttpStatusCode.BadRequest;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.BadRequest, "Unable to login username or password is incorrect"));
s_logger.Warn($"Unable to login as a username [ {request.Username} ], username or password is incorrect.");
return(response);
}
// Ensure that their password is correct
string hashedPassword = HashText(request.Password);
if (user.Password != hashedPassword)
{
response.Token = string.Empty;
response.Status = HttpStatusCode.BadRequest;
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.BadRequest, "Unable to login username or password is incorrect"));
s_logger.Warn($"Unable to login as a username [ {request.Username} ], username or password is incorrect.");
return(response);
}
// Generate users bearer token
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.AppSecret);
var tokenDescriptior = new SecurityTokenDescriptor()
{
Subject = new ClaimsIdentity(new Claim[] {
new Claim(ClaimTypes.Name, user.Username),
new Claim(ClaimTypes.Sid, user.UserId.ToString())
}),
Expires = DateTime.Now.AddHours(4),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha512Signature)
};
var rawToken = tokenHandler.CreateToken(tokenDescriptior);
var token = tokenHandler.WriteToken(rawToken);
response.Token = token;
if (user.FirstTime)
{
response.Status = HttpStatusCode.Accepted;
response.UserId = user.UserId;
return(response);
}
response.Status = HttpStatusCode.OK;
}
catch (Exception ex)
{
s_logger.Error(ex, "Unable to perform log in attempt.");
response = new LoginResponse
{
Token = string.Empty,
Status = HttpStatusCode.InternalServerError
};
response.StatusMessages.Add(new StatusMessage(HttpStatusCode.InternalServerError, "Unable to perform log in attempt."));
}
return(response);
}
/// <summary>
/// Used to get a Zip file of all of the database tables as CSVs
/// </summary>
public DatabaseExportResponse ExportDatabase()
{
var response = new DatabaseExportResponse();
try
{
FileProccessing proccessing = new FileProccessing();
DateTime now = DateTime.Now;
string exportName = $"databaseexport_{now.ToString("yyyyddMM_HHmmss")}";
string fullZipPath = proccessing.CreateZip(_appSettings.DatabaseBackupDestination, exportName);
if (string.IsNullOrEmpty(fullZipPath))
{
s_logger.Error("Unable to create empty zip");
response.Status = HttpStatusCode.InternalServerError;
return(response);
}
else
{
var helpdeskDataLayer = new HelpdeskDataLayer();
var unitDataLayer = new UnitsDataLayer();
var usersDataLayer = new UsersDataLayer();
var topicsDataLayer = new TopicsDataLayer();
var studentDataLayer = new StudentDatalayer();
var queueDataLayer = new QueueDataLayer();
var checkInDataLayer = new CheckInDataLayer();
DataTable helpdesks = helpdeskDataLayer.GetHelpdesksAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "helpdesks", helpdesks);
DataTable timespans = helpdeskDataLayer.GetTimeSpansAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "timespans", timespans);
DataTable helpdeskUnits = helpdeskDataLayer.GetHelpdeskUnitsAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "helpdeskunits", helpdeskUnits);
DataTable users = usersDataLayer.GetUsersAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "users", users);
DataTable units = unitDataLayer.GetUnitsAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "units", units);
DataTable topics = topicsDataLayer.GetTopicsAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "topics", topics);
DataTable students = studentDataLayer.GetStudentsAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "students", students);
DataTable queuesItems = queueDataLayer.GetQueueItemsAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "queueItems", queuesItems);
DataTable checkIns = checkInDataLayer.GetCheckInsAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "checkInHistory", checkIns);
DataTable checkInQueueItems = checkInDataLayer.GetCheckInQueueItemsAsDataTable();
proccessing.SaveToZIPAsCSV(fullZipPath, "checkinqueueitem", checkInQueueItems);
response.Path = fullZipPath;
response.Status = HttpStatusCode.OK;
}
}
catch (Exception ex)
{
s_logger.Error(ex, "Unable to generate database export");
response.Status = HttpStatusCode.InternalServerError;
}
return(response);
}