public IActionResult AddFull([FromBody] JObject userData) { var name = userData["name"]?.ToString(); var username = userData["username"]?.ToString(); var password = userData["password"]?.ToString(); var email = userData["email"]?.ToString(); var role = userData["role"]?.ToString(); var imgUrl = userData["imageUrl"]?.ToString(); if (name == null || username == null || password == null) { return(StatusCode(400, "No name, username, or password given")); } var otherUser = _users.GetOneByUsername(username); if (otherUser != null) { return(StatusCode(409, "A User with this username already exists")); } var hashed = PasswordHandler.HashPassword(password); var user = new User { Name = name, Username = username, Password = hashed }; user.ImageUrl = imgUrl ?? user.ImageUrl; user.Role = role ?? user.Role; user.Email = email ?? user.Email; _users.Add(user); return(Created($"/users/{user.Id}", user)); }
public User(string firstName, string lastName, string userName, string password) { FirstName = firstName; LastName = lastName; (PasswordHash, Salt) = PasswordHandler.HashPassword(password); UserName = userName; }
private void LoginButton_Click(object sender, RoutedEventArgs e) { //get user input string userIdInput = userID.Text.ToString(); string userPasswordInput = passwordBox.Password.ToString(); // hash the password string hashed = PasswordHandler.HashPassword(userPasswordInput); // and check if its correct bool accountCorrect = PasswordHandler.CompareHashedToStored(userIdInput, hashed); if (!accountCorrect) { // For security reasons, we always display the same message // so that users cannot brute force to determine login ids outputInfo.Title = "Bad Login"; outputInfo.Message = "The UserID or Password you entered is incorrect!"; outputInfo.Severity = InfoBarSeverity.Error; outputInfo.IsOpen = true; } else { using (var db = new AirContext()) { // grab the user and update the session var user = db.Users.Include(user => user.CustInfo) .Where(dbuser => dbuser.LoginId == userIdInput).FirstOrDefault(); UserSession.userId = user.UserId; UserSession.userLoggedIn = true; // then send them to the appropriate page if (user.UserRole == Role.MARKETING_MANAGER) { Frame.Navigate(typeof(MarketingManagerPage)); } else if (user.UserRole == Role.LOAD_ENGINEER) { Frame.Navigate(typeof(LoadEngineerPage)); } else if (user.UserRole == Role.FLIGHT_MANAGER) { Frame.Navigate(typeof(FlightManagerPage)); } else if (user.UserRole == Role.ACCOUNTING_MANAGER) { Frame.Navigate(typeof(AccountingManagerPage)); } else { Frame.Navigate(typeof(MainPage), null, new SlideNavigationTransitionInfo() { Effect = SlideNavigationTransitionEffect.FromRight }); } } } }
public IActionResult Update([FromRoute] int id, [FromBody] JObject userData) { var requester = new { Role = User.Claims.Single(c => c.Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/role").Value, Id = int.Parse(User.Claims.Single(c => c.Type == "user id").Value) }; if (requester.Role == "user" && requester.Id != id) { return(StatusCode(403, "Trying to access another user's data")); } var name = userData["name"]?.ToString(); var username = userData["username"]?.ToString(); var password = userData["password"]?.ToString(); var email = userData["email"]?.ToString(); var imgUrl = userData["imageUrl"]?.ToString(); var role = userData["role"]?.ToString(); var user = _users.GetOneById(id); if (user == null) { return(NotFound()); } user.Name = name ?? user.Name; user.Username = username ?? user.Username; if (password != null) { var hashed = PasswordHandler.HashPassword(password); user.Password = hashed ?? user.Password; } user.ImageUrl = imgUrl ?? user.ImageUrl; if (requester.Role == "admin" && role != null) { user.Role = role ?? user.Role; } user.Email = email ?? user.Email; if (!string.IsNullOrEmpty(user.Username) && !string.IsNullOrEmpty(user.Password)) { user.Active = true; } _users.Update(user); return(new ObjectResult(user)); }
private void HandleUpdateAccount() { // validate input if (ValidateInput()) { User currentUser = null; CustomerInfo custInfo = null; if (UserSession.userLoggedIn) { var db = new AirContext(); var user = db.Users.Include(dbuser => dbuser.CustInfo).Single(dbuser => dbuser.UserId == UserSession.userId); currentUser = user; // if the current user is a customer, then update their information from the fields if (user.UserRole == Role.CUSTOMER) { custInfo = currentUser.CustInfo; custInfo.Name = NameInput.Text; custInfo.Address = AddressInput.Text; custInfo.City = CityInput.Text; custInfo.State = StateInput.Text; custInfo.Zip = ZipInput.Text; custInfo.PhoneNumber = PhoneInput.Text; custInfo.Age = (int)AgeInput.Value; custInfo.CreditCardNumber = CreditCardInput.Text; } } // if they are updating their password then we need to update their hashed password if (!string.IsNullOrWhiteSpace(PasswordInput.Password) && !string.IsNullOrWhiteSpace(ConfirmPasswordInput.Password)) { currentUser.HashedPass = PasswordHandler.HashPassword(PasswordInput.Password); } using (var db = new AirContext()) { // save the updated customer info in the database var dbuser = db.Users.Single(user => user.LoginId == currentUser.LoginId); if (custInfo != null) { dbuser.CustInfo = custInfo; } dbuser.HashedPass = currentUser.HashedPass; db.SaveChanges(); } // display to the user that we updated their info successfull outputInfo.Title = "Account Information Updated!"; outputInfo.Message = "Your Account Information was updated successfully!"; outputInfo.Severity = InfoBarSeverity.Success; outputInfo.IsOpen = true; } }
private void HandleNewAccount() { // Input validation. if (ValidateInput()) { // Get Random UserID int userID = MakeUserID(); // fill out a new customer info object with their info from // the fields CustomerInfo customerInfo = new() { Name = NameInput.Text, Address = AddressInput.Text, City = CityInput.Text, State = StateInput.Text, Zip = ZipInput.Text, PhoneNumber = PhoneInput.Text, Age = (int)AgeInput.Value, CreditCardNumber = CreditCardInput.Text }; // fill out a new user object with their info User user = new() { LoginId = userID.ToString(), HashedPass = PasswordHandler.HashPassword(PasswordInput.Password), UserRole = Role.CUSTOMER, CustInfo = customerInfo }; // add the user to the database UserUtilities.AddUserToDB(user); // and display information to the user about their account being created outputInfo.Title = "Account Creation Successful!"; outputInfo.Message = $"Your Login ID is: {userID}, please remember it for future logins!"; outputInfo.Severity = InfoBarSeverity.Success; outputInfo.IsOpen = true; } }
public static User MapWithPasswordHashToEntity(UserDetailModel detailModel) { var passwordHandler = new PasswordHandler(); var user = new User { Id = detailModel.Id, Name = detailModel.Name, Email = detailModel.Email, Password = passwordHandler.HashPassword(detailModel.Password), }; foreach (var activity in detailModel.Activities) { user.Activities.Add(ActivityMapper.MapToEntity(activity)); } foreach (var team in detailModel.Teams) { user.Teams.Add(TeamUserMapper.MapToEntity(team, MapToListModel(user))); } return(user); }