private ActionResult SetPassword()
{
JObject POST = this.GetJsonPostObjectFromRequest();
if (POST["username"] != null &&
POST["newPassword"] != null &&
POST["username"].ToString() != "" &&
POST["username"].ToString() != " " &&
POST["newPassword"].ToString() != "" &&
POST["newPassword"].ToString() != " ")
{
string username = _context.SQLEscape(POST["username"].ToString());
string newPassword = Crypto.HashPassword(Crypto.SHA256(POST["newPassword"].ToString()));
//Check if user was found
fv_users finalUser = null;
try
{
finalUser = _context.fv_users.Single(m => m.u_name == username);
}
catch (InvalidOperationException) { }
if (finalUser == null)
{
Response.StatusCode = 400;
return(Content($"Could not find the user to update password: {username}."));
}
//updating the user
finalUser.u_password = newPassword;
_context.fv_users.AddOrUpdate(finalUser);
try
{
_context.SaveChanges();
}
catch (Exception ex)
{
if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException)
{
Response.StatusCode = 400;
return(Content($"Could not set password for user {username}. SQL Execution failed."));
}
throw;
}
Response.StatusCode = 200;
return(Json(new { message = "Password set." }, JsonRequestBehavior.AllowGet));
}
else
{
Response.StatusCode = 400;
return(Content("Not all values are set."));
}
}
private ActionResult AddUser()
{
JObject POST = this.GetJsonPostObjectFromRequest();
if (Request.HttpMethod == "POST" &&
POST["id"] != null &&
POST["username"] != null &&
POST["firstname"] != null &&
POST["lastname"] != null &&
POST["isLocked"] != null &&
POST["password"] != null &&
POST["username"].ToString() != "" &&
POST["username"].ToString() != " " &&
POST["firstname"].ToString() != "" &&
POST["firstname"].ToString() != " " &&
POST["lastname"].ToString() != "" &&
POST["lastname"].ToString() != " " &&
POST["isLocked"].ToString() != "" &&
POST["isLocked"].ToString() != " " &&
POST["password"].ToString() != "" &&
POST["password"].ToString() != " " &&
POST["username"].ToString() != AdminCredentials.Username)
{
string username = _context.SQLEscape(POST["username"].ToString());
string firstname = _context.SQLEscape(POST["firstname"].ToString());
string lastname = _context.SQLEscape(POST["lastname"].ToString());
bool isLocked = Boolean.Parse(_context.SQLEscape(POST["isLocked"].ToString()));
string password = Crypto.HashPassword(Crypto.SHA256(POST["password"].ToString()));
if (!username.Contains(" "))
{
fv_users user = new fv_users()
{
u_name = username,
u_password = password,
u_isLocked = isLocked ? 1:0,
u_firstName = firstname,
u_lastName = lastname
};
var newUser = _context.fv_users.Add(user);
_context.AddNewYearForUser(DateTime.Today.Year, username, false);
_context.AddNewYearForUser((DateTime.Today.Year + 1), username, false);
try
{
_context.SaveChanges();
}
catch (Exception ex)
{
if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException)
{
Response.StatusCode = 400;
return(Content("Could not create a new user. SQL Execution failed."));
}
throw;
}
NewUser userResult = new NewUser()
{
id = POST["id"].ToString(),
username = newUser.u_name,
origianlUsername = newUser.u_name,
firstname = newUser.u_firstName,
lastname = newUser.u_lastName,
isLocked = newUser.u_isLocked,
years = new int[] { DateTime.Today.Year, DateTime.Today.Year + 1 }
};
Response.StatusCode = 200;
return(Json(userResult, JsonRequestBehavior.AllowGet));
}
else
{
Response.StatusCode = 400;
return(Content("Username should not contain whitespaces."));
}
}
else
{
Response.StatusCode = 400;
return(Content("Not all values are set."));
}
}
private ActionResult UpdateUser()
{
JObject POST = this.GetJsonPostObjectFromRequest();
if (POST["username"] != null &&
POST["firstname"] != null &&
POST["lastname"] != null &&
POST["isLocked"] != null &&
POST["username"].ToString() != "" &&
POST["username"].ToString() != " " &&
POST["firstname"].ToString() != "" &&
POST["firstname"].ToString() != " " &&
POST["lastname"].ToString() != "" &&
POST["lastname"].ToString() != " " &&
POST["username"].ToString() != AdminCredentials.Username)
{
string username = _context.SQLEscape(POST["username"].ToString());
string firstname = _context.SQLEscape(POST["firstname"].ToString());
string lastname = _context.SQLEscape(POST["lastname"].ToString());
bool isLocked = _context.SQLEscape(POST["isLocked"].ToString()) == "0";
//Check if user was found
fv_users finalUser = null;
try
{
finalUser = _context.fv_users.Single(m => m.u_name == username);
}
catch (InvalidOperationException) { }
if (finalUser == null)
{
Response.StatusCode = 400;
return(Content($"Could not find the user to update {username}."));
}
//updating the user
finalUser.u_firstName = firstname;
finalUser.u_lastName = lastname;
finalUser.u_isLocked = isLocked ? 1 : 0;
_context.fv_users.AddOrUpdate(finalUser);
try
{
_context.SaveChanges();
}
catch (Exception ex)
{
if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException)
{
Response.StatusCode = 400;
return(Content($"Could not update the user {username}. SQL Execution failed."));
}
throw;
}
Response.StatusCode = 200;
return(Json(new
{
username = finalUser.u_name,
firstname = finalUser.u_firstName,
lastname = finalUser.u_lastName,
isLocked = finalUser.u_isLocked != 0
},
JsonRequestBehavior.AllowGet));
}
else
{
Response.StatusCode = 400;
return(Content("Not all values are set."));
}
}
private ActionResult RemoveUser()
{
JObject POST = this.GetJsonPostObjectFromRequest();
if (POST["username"] != null)
{
string username = _context.SQLEscape(POST["username"].ToString());
//Check if view was found
List <fv_views> views = null;
try
{
views = _context.fv_views.Where(m => m.v_u_name == username).ToList();
}
catch (InvalidOperationException) { }
if (views != null)
{
_context.fv_views.RemoveRange(views);
//Deleting Years
var years = _context.GetYearsForUser(username);
bool errorWhileDeletingYears = false;
foreach (int year in years)
{
if (!_context.RemoveYearByYearAndUsername(year, username, false))
{
errorWhileDeletingYears = true;
}
}
if (!errorWhileDeletingYears)
{
//Check if user was found
fv_users finalUser = null;
try
{
finalUser = _context.fv_users.Single(m => m.u_name == username);
}
catch (InvalidOperationException) { }
if (finalUser == null)
{
Response.StatusCode = 400;
return(Content($"Could not find the user to delete {username}."));
}
//Deleting the user
_context.fv_users.Remove(finalUser);
try
{
_context.SaveChanges();
}
catch (Exception ex)
{
if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException)
{
Response.StatusCode = 400;
return(Content($"Could not delete user {username}. SQL Execution failed."));
}
throw;
}
Response.StatusCode = 200;
return(Json(new { message = "User deleted." },
JsonRequestBehavior.AllowGet));
}
else
{
Response.StatusCode = 400;
return(Content($"Could not delete years for the user {username}."));
}
}
else
{
Response.StatusCode = 400;
return(Content($"Could not delete views for the user {username}."));
}
}
else
{
Response.StatusCode = 400;
return(Content("Username is not set."));
}
}
