public async Task <HttpResponseMessage> DeleteUserAppUser(dynamic data) { int userId = data.userId; int appId = data.appId; using (var userapps = new userappsEntities()) { try { userapps.ChangeTracker.DetectChanges(); var appUser = userapps.appusers.Where(usra => usra.appid == appId && usra.appid == appId).FirstOrDefault(); if (appUser != null) { userapps.appusers.Remove(appUser); await userapps.SaveChangesAsync(); } } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, String.Format("Database error. Exception:{1}", ex.Message))); } } return(Request.CreateResponse <string>(HttpStatusCode.OK, "App user deleted successfully.")); }
public async Task <HttpResponseMessage> SingleUserApp(dynamic data) { string appName = data.appName; if (String.IsNullOrEmpty(appName)) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Please supply a valid user application name.s")); } return(await Task <HttpResponseMessage> .Run(() => { using (var userApps = new userappsEntities()) { var sysApp = userApps.apps.Where(a => a.appname.ToLower().Equals(appName.ToLower())).FirstOrDefault(); if (sysApp != null) { return Request.CreateResponse <app>(sysApp); } else { return Request.CreateResponse(HttpStatusCode.OK, "No such user app available."); } } })); }
public async Task <HttpResponseMessage> RemoveOtpUser(dynamic authData) { if (ReferenceEquals(null, authData.userId) || Equals(0, authData.userId)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "The userId value cannot be null or zero.")); } if (ReferenceEquals(null, authData.appId) || Equals(0, authData.appId)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "The appId value cannot be null or zero.")); } Logging.Logger logger = new Logging.Logger(LogName); try { int userId = authData.userId; int appId = authData.appId; using (var userApps = new userappsEntities()) { userApps.ChangeTracker.DetectChanges(); var user = userApps.OTPUsers.Where(otpu => otpu.appid == appId && otpu.userid == userId).FirstOrDefault(); if (user != null) { userApps.OTPUsers.Remove(user); await userApps.SaveChangesAsync(); var value = new { Message = "Otp user successfully removed", UserId = userId, AppId = appId }; var ser = await JsonConvert.SerializeObjectAsync(value); await logger.StoreNewLogMessage(new Logging.Message(String.Format("REMOVETOPUSERSUCCESS {0} for appId {1} generated." , userId, appId), LogName)); return(Request.CreateResponse <string>(ser)); } else { var value = new { Message = "Otp user does not exist.", UserId = userId, AppId = appId }; var ser = await JsonConvert.SerializeObjectAsync(value); logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "RemoveOtpUser", "OTP User does not exist."), LogName)).Wait(); return(Request.CreateResponse <string>(ser)); } } } catch (Exception ex) { logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "RemoveOtpUser", ex.ToString()), LogName)).Wait(); return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, "Database Error")); } }
public async Task <HttpResponseMessage> AddExternalUser(dynamic data) { int appId = data.appId; string password = data.password; string userName = data.userName; #region checkParameters if (appId <= 0) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Application id cannot be 0 or negative.")); } if (string.IsNullOrEmpty(userName)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Username cannot be null or empty.")); } if (string.IsNullOrEmpty(password)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Password cannot be null or empty.")); } #endregion //Generate authentication data UserAppAuthenticationManager authManger = new Security.UserAppAuthenticationManager(); using (var userApps = new userappsEntities()) { userApps.ChangeTracker.DetectChanges(); try { var userExists = userApps.users.Any(uau => uau.username.ToLower().Equals(userName.ToLower()) && uau.appid == appId); if (userExists) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User already exists.")); } var pwd = await authManger.GeneratePasswordSalt(userName, password); var user = new user() { username = userName, password = pwd, appid = appId }; userApps.users.Add(user); await userApps.SaveChangesAsync(); return(Request.CreateResponse <user>(user)); } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.ToString())); } } }
public async Task <bool> PostDeActiviatePromoCode(dynamic data) { if (data == null) { throw new HttpResponseException(HttpStatusCode.BadRequest); } using (userappsEntities ctx = new userappsEntities()) { try { ctx.ChangeTracker.DetectChanges(); var userId = (string)data.userId; var promoCode = (string)data.promoCode; var code = ctx.promotioncodes.Where(x => x.promocode.Equals(promoCode) && x.userid == userId).FirstOrDefault(); if (code == null) { return(false); } code.IsActive = false; await ctx.SaveChangesAsync(); return(true); } catch (Exception ex) { return(false); } } }
/// <summary> /// Sets the otp counter valid. /// </summary> /// <param name="userId">The user identifier.</param> /// <param name="appId">The application identifier.</param> /// <returns></returns> private async Task <bool> SetOtpCounterValid(int userId, int appId, long counter) { Logging.Logger logger = new Logging.Logger(LogName); using (var userApps = new userappsEntities()) { userApps.ChangeTracker.DetectChanges(); var otpData = userApps.OTPUsers.Where(usrOtp => usrOtp.userid == userId && usrOtp.appid == appId).FirstOrDefault(); if (otpData != null) { otpData.seqvalid = true; otpData.otpcounter = counter; otpData.otpcreated = DateTime.UtcNow; await userApps.SaveChangesAsync(); return(true); } else { return(false); } } }
public async Task <systemappuser> GetSystemAppUserApiKeys(IncomingData appData) { int userId = appData.systemuserid; int sysappid = appData.appid; if (userId == 0 || userId <= 0) { throw new ArgumentException("You have to pass a systemapp id.", "sysappid"); } if (sysappid == null || sysappid <= 0) { throw new ArgumentException("You have to pass a a valid username", "userId"); } return(await Task.Run <systemappuser>(() => { try { using (var systemapps = new userappsEntities()) { using (var system = new Model.exgripEntities()) { var user = system.UserProfiles.Where(u => u.UserId == userId).FirstOrDefault(); var sysApp = systemapps.systemapps.Where(app => app.id == sysappid).FirstOrDefault(); if ((user != null) && (sysApp != null)) { var systemAppUser = systemapps.systemappusers.Where(sysusr => sysusr.appid == sysappid && sysusr.systemuserid == userId).FirstOrDefault(); if (systemAppUser != null) { return new systemappuser() { apptoken = systemAppUser.apptoken, appSecret = systemAppUser.appSecret }; } else { return null; } } else { return null; } } } } catch (Exception ex) { throw new HttpResponseException(HttpStatusCode.InternalServerError); } })); }
public HttpResponseMessage ListAllUserApps(dynamic data) { string userName = data.userName; if (String.IsNullOrEmpty(userName)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Username cannot be null. Please supply a username.")); } using (var userApps = new userappsEntities()) { using (var system = new exgripEntities()) { if (!String.IsNullOrEmpty(userName)) { var currentUser = system.UserProfiles.Where(usr => usr.UserName.ToLower().Equals( userName.ToLower())).FirstOrDefault(); if (currentUser == null) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User does not exist.")); } else { var appsByUser = userApps.apps.Where(app => app.systemuserid == currentUser.UserId); if (appsByUser == null) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User has no apps.")); } else { if (appsByUser.Count() >= 1) { return(Request.CreateResponse <List <app> >(appsByUser.ToList())); } else { var usrApp = appsByUser.FirstOrDefault(); if (usrApp == null) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User has no apps so far.")); } return(Request.CreateResponse <app>(usrApp)); } } } } } } return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "No userapps available")); }
/// <summary> /// Validates the system application token. /// </summary> /// <param name="token">The token.</param> /// <param name="secret">The secret.</param> /// <returns></returns> /// <exception cref="System.ArgumentException"> /// Username cannot be null or empty.;username /// or /// Password cannot be null or empty.;password /// </exception> public async Task <bool> ValidateSystemAppToken(string token, string secret) { #region CheckParameters if (String.IsNullOrEmpty(token)) { throw new ArgumentException("Token cannot be null or empty.", "token"); } if (String.IsNullOrEmpty(secret)) { throw new ArgumentException("Secret cannot be null or empty", "secret"); } #endregion var tokenValue = await DecryptTokenSystemApp(token, secret); TaskCompletionSource <bool> tks = new TaskCompletionSource <bool> (); if (!String.IsNullOrEmpty(tokenValue)) { var values = tokenValue.Split(new string[] { ";#;" }, StringSplitOptions.RemoveEmptyEntries); if (values == null) { tks.SetResult(false); } else { if (values.Count() > 1) { using (var sysUsers = new userappsEntities()) { var userName = sysUsers.systemappusers.Where(sau => sau.apptoken.Equals(token) && sau.appSecret.Equals(secret)).FirstOrDefault(); if (!(userName == null)) { tks.SetResult(true); } else { tks.SetResult(false); } } } } } else { tks.SetResult(false); } return(tks.Task.Result); }
public async Task <HttpResponseMessage> RemoveExternalUser(dynamic data) { int userId = data.userId; string extUserName = data.extUserName; int appId = data.appId; #region checkParameters if (userId <= 0) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "External User id cannot be 0 or negative.")); } if (appId <= 0) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User app id cannot be 0 or negative.")); } if (string.IsNullOrEmpty(extUserName)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "External Username cannot be null or empty.")); } #endregion //Generate authentication data UserAppAuthenticationManager authManger = new Security.UserAppAuthenticationManager(); using (var userApps = new userappsEntities()) { userApps.ChangeTracker.DetectChanges(); try { var extUser = userApps.users.Where(uau => uau.iduser == userId && uau.username.ToLower().Equals(extUserName.ToLower()) && uau.appid == appId).FirstOrDefault(); if (extUser != null) { userApps.users.Remove(extUser); await userApps.SaveChangesAsync(); return(Request.CreateResponse <user>(extUser)); } else { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "External App user does not exist")); } } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.ToString())); } } }
public async Task <HttpResponseMessage> DeleteUserApp(int appId) { if (appId <= 0) { throw new ArgumentException("Application id cannot be 0 or negative.", "appId"); } using (var userapps = new userappsEntities()) { userapps.ChangeTracker.DetectChanges(); var userApp = userapps.apps.Where(app => app.idapps == appId).FirstOrDefault(); if (userApp == null) { Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Application id is invalid."); } else { //First delete all connections between apps and app users var appUsers = userapps.users.Where(aus => aus.appid == userApp.idapps); try { if (appUsers != null) { if (appUsers.Count() > 0) { foreach (var appUsr in appUsers) { userapps.users.Remove(appUsr); await userapps.SaveChangesAsync(); } } } var userapp = userapps.appusers.Where(ua => ua.appid == userApp.idapps).FirstOrDefault(); if (userapp != null) { userapps.appusers.Remove(userapp); await userapps.SaveChangesAsync(); } } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, String.Format("Database error. Exception:{1}", ex.Message))); } } } return(Request.CreateResponse <string>(HttpStatusCode.OK, "User Appplication was deleted successfully.")); }
private Task <string> DecryptTokenSystemApp(string token, string secret) { #region CheckParameters if (String.IsNullOrEmpty(token)) { throw new ArgumentException("Username cannot be null or empty.", "username"); } if (String.IsNullOrEmpty(secret)) { throw new ArgumentException("Password cannot be null or empty.", "password"); } #endregion systemappuser encryptedSoup; using (var userapps = new userappsEntities()) { encryptedSoup = userapps.systemappusers.Where(uapp => uapp.appSecret.Equals( secret) && uapp.apptoken.Equals(token) ).FirstOrDefault(); } TaskCompletionSource <string> tks = new TaskCompletionSource <string> (); if (encryptedSoup == null) { tks.SetResult(string.Empty); return(tks.Task); } var privTest = new System.Security.Cryptography.X509Certificates.X509Certificate2( @"Certificates\private_key.pfx", "01fjsjgSzn6V2iMMpDPO"); RSACryptoServiceProvider cryptoProvidor2 = ( RSACryptoServiceProvider ) privTest.PrivateKey; byte[] decryptedTokenBytes = cryptoProvidor2.Decrypt( Convert.FromBase64String(encryptedSoup.securitySoup), true); var decrypt = Encoding.UTF8.GetString(decryptedTokenBytes); if (decrypt != null) { tks.SetResult(decrypt); return(tks.Task); } else { tks.SetResult(string.Empty); return(tks.Task); } }
private Task <bool> ValidateAppUser(int appId, int systemUserId) { #region CheckParameters if (appId <= 0) { throw new ArgumentException("Application id cannot be zero or negative", "appId"); } if (systemUserId <= 0) { throw new ArgumentException("User id cannot be zero or negative.", "systemUserId"); } #endregion TaskCompletionSource <bool> tks = new TaskCompletionSource <bool> (); using (var userapps = new userappsEntities()) { userapps.ChangeTracker.DetectChanges(); using (var sysUsers = new exgripEntities()) { sysUsers.ChangeTracker.DetectChanges(); var sysUser = sysUsers.UserProfiles.Where(usr => usr.UserId == systemUserId).FirstOrDefault(); if (sysUser == null) { tks.SetResult(false); } else { var sysApp = userapps.systemapps.Where(sa => sa.id == appId).FirstOrDefault(); if (sysApp == null) { tks.SetResult(false); } else { var sysAppUsr = userapps.systemappusers.Any(sau => sau.appid == sysApp.id && sau.systemuserid == sysUser.UserId); tks.SetResult(sysAppUsr); } } } } return(tks.Task); }
public HttpResponseMessage ListAllSystemApps() { using (var userApps = new userappsEntities()) { var sysApps = userApps.systemapps.ToList(); if (sysApps != null) { if (sysApps.Count > 0) { return(Request.CreateResponse <List <systemapp> >(sysApps)); } } return(Request.CreateResponse(HttpStatusCode.OK, "No system apps could be found.")); } }
public async Task <HttpResponseMessage> GenerateNewSecret(int userId, int appId) { Logging.Logger logger = new Logging.Logger(LogName); try { using (var userApps = new userappsEntities()) { userApps.ChangeTracker.DetectChanges(); var otpUser = userApps.OTPUsers.Where(otpu => otpu.appid == appId && otpu.userid == userId).FirstOrDefault(); if (otpUser != null) { byte[] secret; OTP.Helper.RandomHelper.GenerateRandomByteArray(20, out secret); var serialized = await JsonConvert.SerializeObjectAsync(secret); otpUser.secret = serialized; await userApps.SaveChangesAsync(); await logger.StoreNewLogMessage(new Logging.Message(String.Format("SECRETSUCCESS {0} for appId {1} generated." , userId, appId), LogName)); return(Request.CreateResponse <string>(serialized)); } else { await logger.StoreNewLogMessage(new Logging.Message(String.Format("SECRETGENERROR {0} for appId {1}" , userId, appId), LogName)); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Application user has no OTP access")); } } } catch (Exception ex) { logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "GenereteNewSecret", ex.ToString()), LogName)).Wait(); return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, "Database Error")); } }
/// <summary> /// Validates the application user. /// </summary> /// <param name="username">The username.</param> /// <param name="password">The password.</param> /// <returns></returns> /// <exception cref="System.ArgumentException"> /// Username cannot be null or empty.;username /// or /// Password cannot be null or empty.;password /// </exception> private Task <bool> ValidateAppUser(string username, string password, string passwordOrig) { #region CheckParameters if (String.IsNullOrEmpty(username)) { throw new ArgumentException("Username cannot be null or empty.", "username"); } if (String.IsNullOrEmpty(password)) { throw new ArgumentException("Password cannot be null or empty.", "password"); } #endregion TaskCompletionSource <bool> tks = new TaskCompletionSource <bool> (); using (var sysUser = new exgripEntities()) { var user = sysUser.UserProfiles.Where(u => u.UserName.ToUpper().Equals( username.ToUpper()) ).FirstOrDefault(); if (user == null) { tks.SetResult(false); } else { using (var userapps = new userappsEntities()) { var appUserExists = userapps.apps.Any(ua => ua.systemuserid == user.UserId); if (appUserExists) { tks.SetResult(true); } else { tks.SetResult(false); } } } } return(tks.Task); }
public async Task <HttpResponseMessage> CreateUserApp(dynamic data) { int systemuserid = data.systemuserid; string appName = data.appName; app newApp = null; using (var uapps = new userappsEntities()) { using (var sysuser = new exgripEntities()) { if (sysuser.UserProfiles.Any(u => u.UserId == systemuserid)) { if (!uapps.apps.Any(a => a.appname.ToLower().Equals(appName.ToLower()))) { try { uapps.ChangeTracker.DetectChanges(); newApp = new app() { appname = appName, systemuserid = systemuserid }; uapps.apps.Add(newApp); await uapps.SaveChangesAsync(); } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.ToString())); } } } else { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Systemuser does not exist")); } } } return(Request.CreateResponse <app>(newApp)); }
/// <summary> /// Updates the server counter. /// </summary> /// <param name="value">The value.</param> /// <param name="userId">The user identifier.</param> /// <param name="appId">The application identifier.</param> /// <returns></returns> private async Task <bool> UpdateServerCounter(long value, int userId, int appId) { Logging.Logger logger = new Logging.Logger(LogName); try { using (var userApps = new userappsEntities()) { userApps.ChangeTracker.DetectChanges(); var counter = userApps.OTPUsers.Where(otp => otp.appid == appId && otp.userid == userId).FirstOrDefault(); if (counter != null) { counter.otpcounter = value - 1; counter.otpcreated = DateTime.UtcNow; await userApps.SaveChangesAsync(); await logger.StoreNewLogMessage(new Logging.Message( String.Format("SUCESS. COUNTER UPDATE ON SERVER. User:{0}, App:{1}", userId, appId), LogName)); return(true); } else { return(false); } } } catch (Exception ex) { logger.StoreNewLogMessage(new Logging.Message( String.Format("Error during UpdateCounter. User:{0}, App:{1}, Error:{2}", userId, appId, ex.ToString()), LogName)).Wait(); return(false); } }
/// <summary> /// Sets the otp counter invalid. /// </summary> /// <param name="userId">The user identifier.</param> /// <param name="appId">The application identifier.</param> /// <returns></returns> private async Task <bool> SetOtpCounterInvalid(int userId, int appId) { Logging.Logger logger = new Logging.Logger(LogName); try { using (var userApps = new userappsEntities()) { userApps.ChangeTracker.DetectChanges(); var otpData = userApps.OTPUsers.Where(usrOtp => usrOtp.userid == userId && usrOtp.appid == appId).FirstOrDefault(); if (otpData != null) { otpData.seqvalid = false; otpData.otpcreated = DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(20)); await userApps.SaveChangesAsync(); await logger.StoreNewLogMessage(new Logging.Message(String.Format("SETOTPCOUNTERINVALIDSUCCESS by user {0} for appId {1}" , userId, appId), LogName)); return(true); } else { await logger.StoreNewLogMessage(new Logging.Message(String.Format("SETOTPCOUNTERINVALIDERROR by user {0} for appId {1}" , userId, appId), LogName)); return(false); } } } catch (Exception ex) { logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "SetOtpCounterInvalid", ex.ToString()), LogName)).Wait(); return(false); } }
public async Task <HttpResponseMessage> ListSystemApp(dynamic appValue) { var appName = (string)appValue; return(await Task <HttpResponseMessage> .Run(() => { using (var userApps = new userappsEntities()) { var sysApp = userApps.systemapps.Where(a => a.appname.ToLower().Equals(appName.ToLower())).FirstOrDefault(); if (sysApp != null) { return Request.CreateResponse <systemapp>(sysApp); } else { return Request.CreateResponse(HttpStatusCode.OK, "No such system app available."); } } })); }
/// <summary> /// Gets the database otp counter value. /// </summary> /// <param name="userId">The user identifier.</param> /// <param name="appId">The application identifier.</param> /// <returns></returns> private async Task <long> GetDbOtpCounterValue(int userId, int appId) { return(await Task.Run <long> (() => { Logging.Logger logger = new Logging.Logger(LogName); try { using (var userApps = new userappsEntities()) { var counter = userApps.OTPUsers.Where(otp => otp.appid == appId && otp.userid == userId).FirstOrDefault(); if (counter != null) { logger.StoreNewLogMessage(new Logging.Message(String.Format("GETDBCOUNTERVALUESUCCESS by user {0} for appId {1}" , userId, appId), LogName)).Wait(); return counter.otpcounter; } else { logger.StoreNewLogMessage(new Logging.Message(String.Format("GETDBCOUNTERVALUEERROR by user {0} for appId {1} Error:{2}" , userId, appId, "user not found"), LogName)).Wait(); return -1; } } } catch (Exception ex) { logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "GetDBOtpCounter", ex.ToString()), LogName)).Wait(); return -1; } })); }
/// <summary> /// Gets the current user otp secret. /// </summary> /// <param name="userId">The user identifier.</param> /// <param name="appId">The application identifier.</param> /// <returns></returns> private async Task <byte[]> GetCurrentUserOtpSecret(int userId, int appId) { return(await Task.Run <byte[]> (() => { using (var userApps = new userappsEntities()) { Logging.Logger logger = new Logging.Logger(LogName); try { var counter = userApps.OTPUsers.Where(otp => otp.appid == appId && otp.userid == userId).FirstOrDefault(); if (counter != null) { var secretBytes = JsonConvert.DeserializeObject <byte[]>(counter.secret); logger.StoreNewLogMessage(new Logging.Message(String.Format("GETCURRENTUSERTOPSECRETSUCCESS by user {0} for appId {1}" , userId, appId), LogName)).Wait(); return secretBytes; } else { logger.StoreNewLogMessage(new Logging.Message(String.Format("GETCURRENTUSERTOPSECRETERROR by user {0} for appId {1} Error {2}" , userId, appId, "User not found"), LogName)).Wait(); return null; } } catch (Exception ex) { logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "GetCurrentUserOtpSecret", ex.ToString()), LogName)).Wait(); return null; } } })); }
public async Task <HttpResponseMessage> AddUserAppUser(dynamic data) { using (var userapps = new userappsEntities()) { //Generate authentication data UserAppAuthenticationManager authManger = new Security.UserAppAuthenticationManager(); int systemuserid = data.systemuserid; int appid = data.appId; var user = await authManger.IssueToken(systemuserid, appid); if (user != null) { return(Request.CreateResponse(HttpStatusCode.OK, user)); } else { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, String.Format("Database error. Could not create application user."))); } } }
public async Task <bool> PostCreateNewStack(dynamic data) { const string APP_KEY = "X-AppKey"; const string APP_SECRET = "X-Token"; systemappuser user = null; UserProfile profile = null; if (Request.Headers.Contains(APP_KEY) && Request.Headers.Contains(APP_SECRET)) { string appKey = Request.Headers.GetValues(APP_KEY).First(); string appSecret = Request.Headers.GetValues(APP_SECRET).First(); using (var sysapps = new userappsEntities()) { user = sysapps.systemappusers.Where(usr => usr.appSecret.Equals(appSecret) && usr.apptoken.Equals(appKey)).FirstOrDefault(); if (user == null) { return(false); } else { using (var exgrip = new exgripEntities()) { profile = exgrip.UserProfiles.Where(up => up.UserId == user.systemuserid).FirstOrDefault(); if (profile == null) { return(false); } } } } } else { return(false); } int betaCount = 500; WordGenerator gen = new WordGenerator(); var timeZone = (string)data.timeZone; var dateString = (string)data.dateString; var dateStringFrom = (string)data.dateStringFrom; var codeLink = (string)data.codeLink; var userId = profile.AlternateUserId; var count = (int)data.count; DateTime outDate; var parseResult = DateTime.TryParse(dateString, out outDate); if (!parseResult) { return(false); } DateTime outDate2; var parseResult2 = DateTime.TryParse(dateStringFrom, out outDate2); if (!parseResult2) { return(false); } if (count > betaCount) { return(false); } using (userappsEntities ctx = new userappsEntities()) { try { var customerTime = TimeZoneInfo.ConvertTime(new DateTime(outDate.Year, outDate.Month, outDate.Day, outDate.Hour, outDate.Minute, outDate.Second), DateHelpers.GetTimeZoneInfoForTzdbId(timeZone), DateHelpers.GetTimeZoneInfoForTzdbId(timeZone)); var customerTime2 = TimeZoneInfo.ConvertTime(new DateTime(outDate2.Year, outDate2.Month, outDate2.Day, outDate2.Hour, outDate2.Minute, outDate2.Second), DateHelpers.GetTimeZoneInfoForTzdbId(timeZone), DateHelpers.GetTimeZoneInfoForTzdbId(timeZone)); if ((customerTime2.Ticks > customerTime.Ticks)) { return(false); } var reedemedVouchers = ctx.promotioncodes.Where(x => x.userid == userId && x.redeemed == true && x.ismulticode == false).ToList(); var allOnetimes = ctx.promotioncodes.Where(x => x.userid == userId && x.ismulticode == false).ToList(); if ((count + allOnetimes.Count()) > betaCount) { throw new HttpResponseException(System.Net.HttpStatusCode.BadRequest); } if ((allOnetimes.Count() == betaCount) && (reedemedVouchers.Count < betaCount) && (reedemedVouchers.Count != 0)) { return(false); } else { ctx.Configuration.AutoDetectChangesEnabled = false; ctx.Configuration.ValidateOnSaveEnabled = false; for (int i = 1; i <= count; i++) { var word = gen.RandomString(7); promotioncode code = new promotioncode(); code.created = TimeZoneInfo.ConvertTimeFromUtc(DateTime.UtcNow, DateHelpers.GetTimeZoneInfoForTzdbId(timeZone)); code.validfrom = customerTime2; code.validuntil = customerTime; code.redeemed = false; code.promocode = word; code.userid = userId; code.ismulticode = false; code.timezone = timeZone; code.GetCodeLink = codeLink; code.IsActive = true; ctx.promotioncodes.Add(code); } await ctx.SaveChangesAsync(); return(true); } } catch (Exception ex) { return(false); } } }
public async Task <bool> PostActivatePromoCode(dynamic data) { if (data == null) { throw new HttpResponseException(HttpStatusCode.BadRequest); } using (userappsEntities ctx = new userappsEntities()) { ctx.ChangeTracker.DetectChanges(); ctx.Configuration.AutoDetectChangesEnabled = true; ctx.Configuration.LazyLoadingEnabled = false; try { var userId = (string)data.userId; var promoCode = (string)data.promoCode; var code = ctx.promotioncodes.Where(x => x.promocode.Equals(promoCode) && x.userid == userId).FirstOrDefault(); if (code == null) { return(false); } var customerTimeZone = DateHelpers.GetTimeZoneInfoForTzdbId(code.timezone); var validFrom = TimeZoneInfo.ConvertTime(new DateTime(code.validfrom.Value.Year, code.validfrom.Value.Month, code.validfrom.Value.Day, code.validfrom.Value.Hour, code.validfrom.Value.Minute, code.validfrom.Value.Second), customerTimeZone, customerTimeZone); var validTo = TimeZoneInfo.ConvertTime(new DateTime(code.validuntil.Value.Year, code.validuntil.Value.Month, code.validuntil.Value.Day, code.validuntil.Value.Hour, code.validuntil.Value.Minute, code.validuntil.Value.Second), customerTimeZone, customerTimeZone); if ((validFrom <= validTo) && (validTo > (DateTime.UtcNow + customerTimeZone.GetUtcOffset(validTo)))) { if (code.redeemed.HasValue) { if (code.redeemed.Value) { code.IsActive = false; await ctx.SaveChangesAsync(); return(true); } } code.IsActive = true; await ctx.SaveChangesAsync(); } else { return(false); } return(true); } catch (Exception ex) { return(false); } } }
public async Task <HttpResponseMessage> LoginUser(dynamic data) { Logging.Logger logger = new Logging.Logger(LogName); //Generate authentication data UserAppAuthenticationManager authManger = new Security.UserAppAuthenticationManager(); using (var userApps = new userappsEntities()) { userApps.ChangeTracker.DetectChanges(); try { int appId = data.appId; string password = data.password; string userName = data.userName; #region checkParameters if (appId <= 0) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Application id cannot be 0 or negative.")); } if (string.IsNullOrEmpty(userName)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Username cannot be null or empty.")); } if (string.IsNullOrEmpty(password)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Password cannot be null or empty.")); } #endregion var userAppUser = userApps.users.Where(uau => uau.username.ToLower().Equals(userName.ToLower()) && uau.appid == appId).FirstOrDefault(); if (userAppUser != null) { // var userHashValue = String.Format("{0}{1}",userName,DateTime.Now.ToLongDateString()); var pwdMatch = authManger.DoesPasswordMatch(userAppUser.password, password); if (pwdMatch) { await logger.StoreNewLogMessage(new Logging.Message(String.Format("UAPPLOGINSUCCESS for user {0}." , userName), LogName)); var Message = new LoginStatus() { Message = "SUCCESS" }; return(Request.CreateResponse(HttpStatusCode.OK, Message, Configuration.Formatters.JsonFormatter)); } else { await logger.StoreNewLogMessage(new Logging.Message(String.Format("UAPPLOGINERRO for user {0} Message: {1}." , userName, "Wrong login data."), LogName)); var Message = new LoginStatus() { Message = "FAILURE" }; return(Request.CreateResponse(HttpStatusCode.OK, Message, Configuration.Formatters.JsonFormatter)); } } else { await logger.StoreNewLogMessage(new Logging.Message(String.Format("UAPPLOGINERRO for user {0} Message: {1}." , userName, "No such app user."), LogName)); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User does not exist.")); } } catch (Exception ex) { logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "LoginUserApp", ex.ToString()), LogName)).Wait(); return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.ToString())); } } }
/// <summary> /// Issues the token. /// </summary> /// <param name="username">The username.</param> /// <param name="password">The password.</param> /// <param name="systemuserid">The systemuserid.</param> /// <param name="appId">The application identifier.</param> /// <returns></returns> /// <exception cref="System.ArgumentException"> /// Username cannot be null or empty.;username /// or /// Password cannot be null or empty.;password /// or /// Userid cannot be zero or negative.;systemuserid /// or /// Appid cannot be zero or negative.;appId /// </exception> public async Task <User> IssueToken(int systemuserid, int appId) { #region CheckParameters //if ( String.IsNullOrEmpty ( username ) ) //{ // throw new ArgumentException ( "Username cannot be null or empty.", "username" ); //} //if ( String.IsNullOrEmpty ( password ) ) //{ // throw new ArgumentException ( "Password cannot be null or empty.", "password" ); //} if (systemuserid <= 0) { throw new ArgumentException("Userid cannot be zero or negative.", "systemuserid"); } if (appId <= 0) { throw new ArgumentException("Appid cannot be zero or negative.", "appId"); } #endregion TaskCompletionSource <User> tks = new TaskCompletionSource <User> (); using (var userapps = new userappsEntities()) { using (var sysuser = new exgripEntities()) { userapps.ChangeTracker.DetectChanges(); //Check if app exeists var currentApp = userapps.apps.Where(a => a.idapps == appId && a.systemuserid == systemuserid).FirstOrDefault(); var currentUser = sysuser.UserProfiles.Where(usr => usr.UserId == systemuserid).FirstOrDefault(); var password = Membership.GeneratePassword(15, 5); if (currentUser == null) { tks.SetResult(null); return(tks.Task.Result); } if (currentApp != null) { var encrptedPassword = await GeneratePasswordSalt(currentUser.UserName, password); var user = await EncryptToken(currentUser.UserName, encrptedPassword, password, true); userapps.appusers.Add(new appuser() { appSecret = user.Secret, apptoken = user.Token, appid = currentApp.idapps, securitySoup = user.SecSoup }); try { await userapps.SaveChangesAsync(); } catch (Exception ex) { } tks.SetResult(user); } else { try { var encrptedPassword = await GeneratePasswordSalt(currentUser.UserName, password); var user = await EncryptToken(currentUser.UserName, encrptedPassword, password); //Update existing user var existingUser = userapps.appusers.Where(ua => ua.appid == currentApp.idapps).FirstOrDefault(); existingUser.appSecret = user.Secret; existingUser.apptoken = user.Token; existingUser.securitySoup = user.SecSoup; await userapps.SaveChangesAsync(); tks.SetResult(user); } catch (Exception ex) { throw; } } } } return(tks.Task.Result); }
/// <summary> /// Determines whether [is current otp valid] [the specified user id]. /// </summary> /// <param name="userId">The user id.</param> /// <param name="appId">The app id.</param> /// <returns></returns> private async Task <OtpCheckData> IsCurrentOtpValid(int userId, int appId) { Logging.Logger logger = new Logging.Logger(LogName); try { using (var userApps = new userappsEntities()) { var counter = userApps.OTPUsers.Where(otp => otp.appid == appId && otp.userid == userId).FirstOrDefault(); if (counter == null) { return(new OtpCheckData() { QuerySuccess = false, SeqValid = false }); } TimeSpan result = DateTime.UtcNow - counter.otpcreated; var secret = await GetCurrentUserOtpSecret(userId, appId); var otpAlgo = new Core.Crypto.OTPAlgo((ulong)counter.otpcounter, secret); var currentOtp = otpAlgo.GetCurrentOTP(); if (counter != null) { if (result.TotalMinutes > TimeDiffAllowed) { await logger.StoreNewLogMessage(new Logging.Message( String.Format("OTPCHECKSUCCES by user {0} for appId {1} for counter {2}" , userId, appId, "counter invalid"), LogName)); return(new OtpCheckData() { QuerySuccess = true, SeqValid = false, CurrentOtp = currentOtp, PassedTime = result.TotalMinutes }); } else { await logger.StoreNewLogMessage(new Logging.Message(String.Format("OTPCHECKSUCCES by user {0} for appId {1} for counter {2}" , userId, appId, "valid"), LogName)); return(new OtpCheckData() { QuerySuccess = true, SeqValid = true, CurrentOtp = currentOtp, PassedTime = result.TotalMinutes }); } } else { await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "GetCurrentTopServer", "Counter not found"), LogName)); return(new OtpCheckData() { QuerySuccess = false, SeqValid = false }); } } } catch (Exception ex) { logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "IsCurrentOtpValid", ex.ToString()), LogName)).Wait(); return(new OtpCheckData() { QuerySuccess = false, SeqValid = false, CurrentOtp = string.Empty, PassedTime = 0 }); } }
public async Task <bool> PostCreateNewMultiUserCode(dynamic data) { const string APP_KEY = "X-AppKey"; const string APP_SECRET = "X-Token"; systemappuser user = null; UserProfile profile = null; if (Request.Headers.Contains(APP_KEY) && Request.Headers.Contains(APP_SECRET)) { string appKey = Request.Headers.GetValues(APP_KEY).First(); string appSecret = Request.Headers.GetValues(APP_SECRET).First(); using (var sysapps = new userappsEntities()) { user = sysapps.systemappusers.Where(usr => usr.appSecret.Equals(appSecret) && usr.apptoken.Equals(appKey)).FirstOrDefault(); if (user == null) { return(false); } else { using (var exgrip = new exgripEntities()) { profile = exgrip.UserProfiles.Where(up => up.UserId == user.systemuserid).FirstOrDefault(); if (profile == null) { return(false); } } } } } else { return(false); } WordGenerator gen = new WordGenerator(); var userId = profile.AlternateUserId; var timeZone = (string)data.timeZone; var amountOfUsers = (int)data.count; var dateString = (string)data.dateString; var dateStringFrom = (string)data.dateStringFrom; var codeLink = (string)data.codeLink; var count = (int)data.count; int betacount = 200; if (string.IsNullOrEmpty(userId) || string.IsNullOrWhiteSpace(userId)) { return(false); } if (string.IsNullOrEmpty(timeZone) || string.IsNullOrWhiteSpace(timeZone)) { return(false); } if (amountOfUsers <= 0) { return(false); } DateTime outDate; var parseResult = DateTime.TryParse(dateString, out outDate); if (!parseResult) { return(false); } DateTime outDate2; var parseResult2 = DateTime.TryParse(dateStringFrom, out outDate2); if (!parseResult2) { return(false); } if (DateHelpers.GetTimeZoneInfoForTzdbId(timeZone) == null) { return(false); } if (!string.IsNullOrWhiteSpace(codeLink)) { Uri uriResult; bool result = Uri.TryCreate(codeLink, UriKind.Absolute, out uriResult); if (!result) { return(false); } } if (amountOfUsers == 0 || amountOfUsers <= 0 || amountOfUsers > int.MaxValue) { return(false); } using (userappsEntities ctx = new userappsEntities()) { try { var customerTime = TimeZoneInfo.ConvertTime(new DateTime(outDate.Year, outDate.Month, outDate.Day, outDate.Hour, outDate.Minute, outDate.Second), DateHelpers.GetTimeZoneInfoForTzdbId(timeZone), DateHelpers.GetTimeZoneInfoForTzdbId(timeZone)); var customerTime2 = TimeZoneInfo.ConvertTime(new DateTime(outDate2.Year, outDate2.Month, outDate2.Day, outDate2.Hour, outDate2.Minute, outDate2.Second), DateHelpers.GetTimeZoneInfoForTzdbId(timeZone), DateHelpers.GetTimeZoneInfoForTzdbId(timeZone)); var allMultiCodes = ctx.promotioncodes.Where(x => x.userid == userId && x.ismulticode == true).ToList(); if ((allMultiCodes.Count()) > betacount) { throw new HttpResponseException(System.Net.HttpStatusCode.BadRequest); } if (count > 2000000) { throw new HttpResponseException(System.Net.HttpStatusCode.BadRequest); } if ((customerTime2.Ticks > customerTime.Ticks)) { return(false); } var word = gen.RandomString(7); promotioncode code = new promotioncode(); code.created = TimeZoneInfo.ConvertTimeFromUtc(DateTime.UtcNow, DateHelpers.GetTimeZoneInfoForTzdbId(timeZone)); code.redeemed = false; code.promocode = word; code.userid = userId; code.timezone = timeZone; code.multicodequantity = amountOfUsers; code.validfrom = customerTime2; code.validuntil = customerTime; code.GetCodeLink = codeLink; code.IsActive = true; code.ismulticode = true; ctx.promotioncodes.Add(code); await ctx.SaveChangesAsync(); return(true); } catch (Exception ex) { return(false); } } }
public async Task <HttpResponseMessage> AddNewOtpUser(dynamic authData) { if (ReferenceEquals(null, authData.userId) || Equals(0, authData.userId)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "The userId value cannot be null or zero.")); } if (ReferenceEquals(null, authData.appId) || Equals(0, authData.appId)) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "The appId value cannot be null or zero.")); } Logging.Logger logger = new Logging.Logger(LogName); int userId = authData.userId; int appId = authData.appId; byte[] secret; OTP.Helper.RandomHelper.GenerateRandomByteArray(20, out secret); var serialized = await JsonConvert.SerializeObjectAsync(secret); try { using (var userApps = new userappsEntities()) { userApps.ChangeTracker.DetectChanges(); if (userApps.appusers.Any(usr => usr.appid == appId && usr.idappusers == userId)) { if (!userApps.OTPUsers.Any(otp => otp.userid == userId && otp.appid == appId)) { var otpUser = userApps.OTPUsers.Add(new OTPUser() { userid = userId, appid = appId, secret = serialized, seqvalid = true, otpcounter = 1, otpcreated = DateTime.UtcNow }); await userApps.SaveChangesAsync(); var value = new { Message = "User successfully added." }; var ser = await JsonConvert.SerializeObjectAsync(value); await logger.StoreNewLogMessage(new Logging.Message(String.Format("ADDUSERSUCCESS {0} for appId {1} generated." , userId, appId), LogName)); return(Request.CreateResponse <string>(ser)); } else { var value = new { Message = "User already exists" }; var ser = await JsonConvert.SerializeObjectAsync(value); logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "AddNewOtpUser", "User already exists."), LogName)).Wait(); return(Request.CreateResponse <string>(ser)); } } else { var value = new { Message = "User is not an appuser." }; logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "AddNewOtpUser", "User is not an app user"), LogName)).Wait(); var ser = await JsonConvert.SerializeObjectAsync(value); return(Request.CreateResponse <string>(ser)); } } } catch (Exception ex) { logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}" , "AddNewOtpUser", ex.ToString()), LogName)).Wait(); return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, "Database Error")); } }