public string AddUser(CSC425Context db) { var user = db.Users.Where(u => u.Username.ToLower().Equals(Username.ToLower())).FirstOrDefault(); if (user == null) { return(JsonConvert.SerializeObject(new ReturnCode(404, "Not Found", $"User: {Username} doesn't exist."))); } var nv = db.NoteViewers.Where(n => n.NoteId.Equals(this.NoteID) && n.UserId.Equals(user.UserId)).FirstOrDefault(); if (nv != null) { return(JsonConvert.SerializeObject(new ReturnCode(403, "Forbidden", $"User: {Username} is already allowed to view this note."))); } var noteviewer = new NoteViewers(); noteviewer.NoteId = this.NoteID; noteviewer.UserId = user.UserId; db.NoteViewers.Add(noteviewer); db.SaveChangesAsync(); return(JsonConvert.SerializeObject(new ReturnCode(200, "OK", $"User: {Username} added successfully."))); }
public string UsernameAndPasswordUpdate(CSC425Context db, String IPAddress) { // Check to make sure a user exists with the given name or email address var user = db.Users.Where(u => u.Username.ToLower().Equals(CurrentUsername.ToLower())).FirstOrDefault(); if (user == null) { return(JsonConvert.SerializeObject(new ReturnCode(404, "Not Found", "Username is invalid"))); } SendEmails email = new SendEmails(); var salt = Security.Generate(128); var secret = Security.Generate(64); // Change username/password user.Username = NewUsername; user.EmailAddress = NewEmailAddress; user.Password = Security.SHA256(Security.Pepper + Password + salt); user.Salt = salt; user.IsVerified = false; user.SecretKey = secret; db.SaveChangesAsync(); email.SendMessage(new System.Net.Mail.MailAddress(user.EmailAddress, user.Username), "Please verify your account on Rohzek's Note Service", $"Hello!\n\nPlease click this link to verify your account: https://rohzek.cf:8080/api/v1/verify?verification_code={user.SecretKey}"); return(JsonConvert.SerializeObject(new SessionIDHolder(user.Username, user.SessionId))); }
public string SessionIDOverride(CSC425Context db, String IPAddress) { // Check to make sure a user exists with the given name or email address var user = db.Users.Where(u => u.Username.ToLower().Equals(UsernameOrEmail.ToLower())).FirstOrDefault(); if (user == null) { user = db.Users.Where(u => u.EmailAddress.ToLower().Equals(UsernameOrEmail.ToLower())).FirstOrDefault(); if (user == null) { return(JsonConvert.SerializeObject(new ReturnCode(404, "Not Found", "Username or Email Address is invalid"))); } } // User is properly logged in if (user.SessionId.Equals(SessionID)) { return(JsonConvert.SerializeObject(new ReturnCode(200, "OK", $"{SessionID}"))); } // User failed log in user.SessionId = null; db.SaveChangesAsync(); return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", $"Incorrect SessionID"))); }
public string Delete() { CSC425Context db = new CSC425Context(); var apikey = Request.Query["api_key"].ToString(); var NoteID = Int32.Parse(Request.Query["noteid"].ToString()); var Username = Request.Query["username"].ToString(); var note = db.Notes.Where(n => n.NotesId.Equals(NoteID)).FirstOrDefault(); var user = db.Users.Where(u => u.Username.ToLower().Equals(Username.ToLower())).FirstOrDefault(); if (note == null) { return(JsonConvert.SerializeObject(new ReturnCode(404, "Not Found", "That note doesn't exist."))); } if (!note.UserId.Equals(user.UserId)) { return(JsonConvert.SerializeObject(new ReturnCode(403, "Forbidden", "That note doesn't belong to you."))); } var req = new NoteRequest(db, note, user); if (apikey.ToLower() != Security.APIKey) { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", "Bad API Key"))); } return(req.DeleteNote(db)); }
public string Put([FromBody] AllowedUserRequest user) { CSC425Context db = new CSC425Context(); var apikey = Request.Query["api_key"].ToString(); if (apikey.ToLower() != Security.APIKey) { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", "Bad API Key"))); } return(user.AddUser(db)); }
public string Post([FromBody] UserInfoRequest changes) { CSC425Context db = new CSC425Context(); var apikey = Request.Query["api_key"].ToString(); var remoteIPAddress = HttpContext.Features.Get <IHttpConnectionFeature>()?.RemoteIpAddress.ToString(); if (apikey.ToLower() != Security.APIKey) { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", "Bad API Key"))); } return(changes.UsernameAndPasswordUpdate(db, remoteIPAddress)); }
public string Post([FromBody] SignupRequest signup) { CSC425Context db = new CSC425Context(); var apikey = Request.Query["api_key"].ToString(); var remoteIPAddress = HttpContext.Features.Get <IHttpConnectionFeature>()?.RemoteIpAddress.ToString(); if (apikey.ToLower() != Security.APIKey) { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", "Bad API Key"))); } return(signup.Signup(db, remoteIPAddress)); }
public string Get() { CSC425Context db = new CSC425Context(); var remoteIPAddress = HttpContext.Features.Get <IHttpConnectionFeature>()?.RemoteIpAddress.ToString(); var secret = Request.Query["verification_code"].ToString(); if (secret.Length == 0) { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", "Verification error. Please contact an administrator."))); } return(new VerifyUserRequest(secret).AttemptVerification(db, remoteIPAddress)); }
public string Delete() { CSC425Context db = new CSC425Context(); var apikey = Request.Query["api_key"].ToString(); var NoteID = Int32.Parse(Request.Query["noteid"].ToString()); var Username = Request.Query["username"].ToString(); AllowedUserRequest user = new AllowedUserRequest(NoteID, Username); if (apikey.ToLower() != Security.APIKey) { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", "Bad API Key"))); } return(user.RemoveUser(db)); }
public string AttemptVerification(CSC425Context db, string IPAddress) { var user = db.Users.Where(u => u.SecretKey.Equals(Secret)).FirstOrDefault(); if (user == null) { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", $"Verification Code was incorrect."))); } user.IsVerified = true; user.SecretKey = null; user.VerificationIp = IPAddress; db.SaveChangesAsync(); // Maybe make this a little more fancy? We should be able to return an HTML page with this. return("Thank you. User was verified successfully."); }
public string Post([FromBody] LoginRequest login) { CSC425Context db = new CSC425Context(); var apikey = Request.Query["api_key"].ToString(); var remoteIPAddress = HttpContext.Features.Get <IHttpConnectionFeature>()?.RemoteIpAddress.ToString(); if (apikey.Length == 0) { return(login.SessionIDOverride(db, remoteIPAddress)); } if (apikey.ToLower() != Security.APIKey.ToLower()) { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", "Bad API Key"))); } return(login.AttemptLogin(db, remoteIPAddress)); }
public string Get() { CSC425Context db = new CSC425Context(); var apikey = Request.Query["api_key"].ToString(); var username = Request.Query["username"].ToString(); var search = Request.Query["search"].ToString(); if (apikey.ToLower() != Security.APIKey) { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", "Bad API Key"))); } if (search.Length > 0) { return(NoteRequest.GetNote(db, username, search)); } return(NoteRequest.GetNote(db, username)); }
public static string GetNote(CSC425Context db, string username, string search) { var results = GetAllowedNotes(db, username); var output = new List <NoteRequest>(); foreach (NoteRequest note in results) { if (Regex.IsMatch(note.ClassID, search, RegexOptions.IgnoreCase) || Regex.IsMatch(note.Note, search, RegexOptions.IgnoreCase) || Regex.IsMatch(note.NoteFileName, search, RegexOptions.IgnoreCase) || Regex.IsMatch(note.Extension, search, RegexOptions.IgnoreCase) || Regex.IsMatch(note.NoteDate.ToString(), search, RegexOptions.IgnoreCase) || Regex.IsMatch(note.UploadDate.ToString(), search, RegexOptions.IgnoreCase)) { output.Add(note); } } return(JsonConvert.SerializeObject(output)); }
public string AddNote(CSC425Context db) { var noteCreator = db.Users.Where(u => u.Username.ToLower().Equals(Username.ToLower())).FirstOrDefault(); if (NoteDate.Year == 0001) { this.NoteDate = DateTime.Now; } this.UploadDate = DateTime.Now; Notes note = new Notes(); note.UserId = noteCreator.UserId; note.ClassId = this.ClassID; note.Note = this.Note; note.NoteFile = this.NoteFile; note.NoteFileName = this.NoteFileName; note.Extension = this.Extension; note.NoteDate = this.NoteDate; note.UploadDate = this.UploadDate; foreach (string user in Users) { var allowedUser = db.Users.Where(u => u.Username.ToLower() == user.ToLower()).FirstOrDefault(); if (allowedUser != null) { NoteViewers nv = new NoteViewers(); nv.NoteId = note.NotesId; nv.UserId = allowedUser.UserId; note.NoteViewers.Add(nv); } } db.Notes.Add(note); db.SaveChangesAsync(); return(JsonConvert.SerializeObject(new ReturnCode(200, "OK", $"Note added successfully."))); }
public string Signup(CSC425Context db, String IPAddress) { var user = db.Users.Where(u => u.EmailAddress.ToLower().Equals(Email.ToLower())).FirstOrDefault(); if (user == null) { user = db.Users.Where(u => u.Username.ToLower().Equals(Username.ToLower())).FirstOrDefault(); if (user == null) { SendEmails email = new SendEmails(); var salt = Security.Generate(128); var secret = Security.Generate(64); var passwordToSave = Security.SHA256(Security.Pepper + Password + salt); // Create new user user = new Users(); user.Username = Username; user.EmailAddress = Email; user.Salt = salt; user.Password = passwordToSave; user.UserRole = "User"; user.CreationIp = IPAddress; user.VerificationIp = "0.0.0.0"; user.Use2Fa = false; user.LoginAttempts = 0; user.SecretKey = secret; db.Users.Add(user); db.SaveChangesAsync(); email.SendMessage(new System.Net.Mail.MailAddress(user.EmailAddress, user.Username), "Please verify your account on Rohzek's Note Service", $"Hello!\n\nPlease click this link to verify your account: http://rohzek.cf:8080/api/v1/verify?verification_code={user.SecretKey}"); return(JsonConvert.SerializeObject(new ReturnCode(100, "Continue", "User created successfully, awaiting email verification"))); } } return(JsonConvert.SerializeObject(new ReturnCode(409, "Conflict", $"User with username: {Username} and/or Email Address: {Email} already exists."))); }
public NoteRequest(CSC425Context db, Notes note, Users user) { Username = user.Username; NoteID = note.NotesId; ClassID = note.ClassId; Note = note.Note; NoteFile = note.NoteFile; NoteFileName = note.NoteFileName; Extension = note.Extension; NoteDate = note.NoteDate; UploadDate = note.UploadDate; var noteviewers = db.NoteViewers.Where(n => n.NoteId.Equals(NoteID)).ToList(); var list = new List <string>(); foreach (NoteViewers nv in noteviewers) { var usr = db.Users.Where(u => u.UserId.Equals(nv.UserId)).FirstOrDefault(); list.Add(user.Username); } Users = list.ToArray(); }
public string DeleteNote(CSC425Context db) { var noteviewers = db.NoteViewers.Where(n => n.NoteId.Equals(NoteID)).ToList(); if (noteviewers.Count > 0) { foreach (NoteViewers nv in noteviewers) { db.NoteViewers.Remove(nv); } } var note = db.Notes.Where(n => n.NotesId.Equals(NoteID)).FirstOrDefault(); if (note != null) { db.Notes.Remove(note); } db.SaveChangesAsync(); return(JsonConvert.SerializeObject(new ReturnCode(200, "OK", $"Note with ID {NoteID} deleted successfully."))); }
public string AttemptLogin(CSC425Context db, String IPAddress) { // Check to make sure a user exists with the given name or email address var user = db.Users.Where(u => u.Username.ToLower().Equals(UsernameOrEmail.ToLower())).FirstOrDefault(); if (user == null) { user = db.Users.Where(u => u.EmailAddress.ToLower().Equals(UsernameOrEmail.ToLower())).FirstOrDefault(); if (user == null) { return(JsonConvert.SerializeObject(new ReturnCode(404, "Not Found", "User with that name or email address does not exist"))); } } if (user.IsVerified) { if (user.LoginAttempts < 5) { // User exists, time to attempt log in // Check if password is correct var passwordToCheck = Security.SHA256(Security.Pepper + Password + user.Salt); if (user.Password.Equals(passwordToCheck)) { // Password is correct, Login successful Logins login = new Logins(); login.UsersID = user.UserId; login.Ipaddress = IPAddress; login.LoginDate = DateTime.Now; login.Used2Fa = false; db.Logins.Add(login); // Maybe replace this with JSON object that returns a session ID var sessionID = Security.Generate(32); user.SessionId = sessionID; user.LoginAttempts = 0; db.SaveChangesAsync(); return(JsonConvert.SerializeObject(new ReturnCode(200, "OK", $"{sessionID}"))); } // Failed attempt should increment the counter user.LoginAttempts = (user.LoginAttempts += 1); db.SaveChangesAsync(); return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", $"Password was incorrect"))); } else // If you've entered the failed password 6 times { // Sets up a timed lockout var lockout = 5; // Minutes to lock the account. var task = $"DROP EVENT IF EXISTS {user.Username}_Lockout; CREATE EVENT IF NOT EXISTS {user.Username}_Lockout " + $"ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL {lockout} MINUTE " + $"ON COMPLETION PRESERVE " + $"DO " + $"UPDATE CSC425.Users SET Users.LoginAttempts = 0 WHERE Users.Username = \"{user.Username}\";"; db.Database.ExecuteSqlRawAsync(task); return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", $"Too many failed login attempts. Account locked for {lockout} minutes. Try logging in later."))); } } else { return(JsonConvert.SerializeObject(new ReturnCode(401, "Unauthorized", $"Email Address not verified"))); } }
private static List <NoteRequest> GetAllowedNotes(CSC425Context db, string username) { // Get user account that's requesting notes var user = db.Users.Where(u => u.Username.ToLower().Equals(username.ToLower())).FirstOrDefault(); // Gets notes where you're an allowed viewer, or an owner. var viewers = db.NoteViewers.Where(u => (u.UserId.Equals(user.UserId))).ToList <NoteViewers>(); var oNotes = db.Notes.Where(u => u.UserId.Equals(user.UserId)); List <Notes> notes = new List <Notes>(); List <NoteRequest> output = new List <NoteRequest>(); // Allowed notes foreach (NoteViewers viewer in viewers) { notes.Add(db.Notes.Where(n => n.NotesId.Equals(viewer.NoteId)).FirstOrDefault()); } // Owner's notes foreach (Notes note in oNotes) { notes.Add(note); } // Sanitize the notes because we don't need a reference to each author's information going back with each one if (notes.Count > 0) { foreach (Notes note in notes) { var req = new NoteRequest(); var author = db.Users.Where(u => u.UserId.Equals(note.UserId)).FirstOrDefault(); req.Username = author.Username; req.NoteID = note.NotesId; req.ClassID = note.ClassId; req.Note = note.Note; req.NoteFile = note.NoteFile; req.NoteFileName = note.NoteFileName; req.Extension = note.Extension; req.NoteDate = note.NoteDate; req.UploadDate = note.UploadDate; var totalViewers = db.NoteViewers.Where(n => n.NoteId.Equals(note.NotesId)); var listOfViewers = new List <String>(); foreach (NoteViewers nv in totalViewers.ToList()) { var usr = db.Users.Where(u => u.UserId.Equals(nv.UserId)).FirstOrDefault(); Debug.WriteLine(usr.Username); listOfViewers.Add(usr.Username); } req.Users = listOfViewers.ToArray(); output.Add(req); } } // Sort notes by most recent, probably output.Sort(); return(output); }
public static string GetNote(CSC425Context db, string username) { return(JsonConvert.SerializeObject(GetAllowedNotes(db, username))); }
public string UpdateNote(CSC425Context db) { // Note sure if I want to implement this? I doubt notes change. If they do, you can just reupload. // Leave this here as a placeholder for now though. return(JsonConvert.SerializeObject(new ReturnCode(100, "Continue", $"Updating not implemented."))); }