public PHSUser GenerateHashedUser(PHSUser user, out string message)
{
if (user == null)
{
message = Constants.ValueIsEmpty("User");
return(null);
}
if (string.IsNullOrEmpty(user.Username))
{
message = Constants.ValueIsEmpty("User Id");
return(null);
}
if (string.IsNullOrEmpty(user.Password))
{
message = Constants.ValueIsEmpty("Password");
return(null);
}
try
{
user.PasswordSalt = PasswordManager.GenerateSalt();
user.Password = PasswordManager.SecureStringToString(PasswordManager.CreateHash(user.Password, user.PasswordSalt));
message = string.Empty;
return(user);
}
catch (Exception ex)
{
ExceptionLog(ex);
message = Constants.OperationFailedDuringAddingValue("User");
return(null);
}
}
public bool ChangePassword(PHSUser user, string oldPass, string newPass, string newPassConfirm, out string message)
{
if (user == null || user.PHSUserID == 0 || string.IsNullOrEmpty(user.Username))
{
message = "Cannot find user";
return(false);
}
if (string.IsNullOrEmpty(oldPass))
{
message = "Please Enter Old Password";
return(false);
}
if (string.IsNullOrEmpty(newPass) || string.IsNullOrEmpty(newPass.Trim()))
{
message = "Please Enter New Password";
return(false);
}
if (string.IsNullOrEmpty(newPassConfirm) || string.IsNullOrEmpty(newPassConfirm.Trim()))
{
message = "Please Enter Confirmed New Password";
return(false);
}
if (!newPass.Trim().Equals(newPassConfirm, StringComparison.CurrentCultureIgnoreCase))
{
message = "Please confirm new password";
return(false);
}
if (!PasswordManager.IsPasswordComplex(newPass))
{
message = "Password must be a combination of at least 1 digit, 1 upper case letter, 1 lower case letter, 1 symbol and length of at least 8";
return(false);
}
var existingUser = IsAuthenticated(user.Username, oldPass, out message);
if (existingUser == null)
{
message = "Invalid Password";
return(false);
}
SecureString newPassHash = PasswordManager.CreateHash(newPass, user.PasswordSalt);
using (var unitOfWork = CreateUnitOfWork())
{
try
{
unitOfWork.Users.Get(user.PHSUserID).Password = PasswordManager.SecureStringToString(newPassHash);
unitOfWork.Users.Get(user.PHSUserID).UsingTempPW = false;
unitOfWork.Users.Get(user.PHSUserID).UpdatedDateTime = DateTime.Now;
unitOfWork.Complete();
return(true);
}
catch (Exception ex)
{
ExceptionLog(ex);
message = "Operation failed during saving Password. Please contact system admin";
return(false);
}
}
}
// radi remember me user kuki - stavlja username i HASH PWD-a
private void AddRememberMeUserCookieIfChecked(string userName, string password)
{
if (cbRemeberMe.Checked)
{
HttpCookie kuki = new HttpCookie("RememberMeUser");
kuki.Expires = DateTime.Now.AddYears(1);
string kukiValue = $"{userName}{DELIMITER}{PasswordManager.CreateHash(password)}";
kuki.Value = kukiValue;
Response.Cookies.Add(kuki);
}
}
public void Post([FromBody] UserDto userDto)
{
if (userDto != null)
{
try
{
var encryptedPassword = PasswordManager.CreateHash(userDto.Password);
IUserBo userBo = new UserBo();
if (userBo.Save(userDto.Username, encryptedPassword, userDto.Email, userDto.DomainId, userDto.RoleId))
{
var verCode = AccountVerification.GenerateVerificationCode();
if (userBo.SaveVerificationCode(verCode, userDto.Username))
{
try
{
EmailManager.SendEmail(userDto.Email, AccountVerification.SignUpConfirmationSubject, AccountVerification.GetVerificationMessage(verCode));
}
catch (Exception exception)
{
var message = new HttpResponseMessage(HttpStatusCode.ServiceUnavailable)
{
Content = new StringContent("Error Sending Verification Email")
};
Logger.Error("API LAYER: ERROR IN CLASS: UserController, METHOD: POST =>> EXCEPTION MESSAGE: " + exception.Message);
throw new HttpResponseException(message);
}
}
}
}
catch (Exception exception)
{
var message = new HttpResponseMessage(HttpStatusCode.ServiceUnavailable)
{
Content = new StringContent(exception.Message)
};
Logger.Error("API LAYER: ERROR IN CLASS: UserController, METHOD: POST =>> EXCEPTION MESSAGE: " + exception.Message);
throw new HttpResponseException(message);
}
}
else
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
}
// --- LOGIN FORMA - postoji li user s tim podacima
protected void btnLogin_Click(object sender, EventArgs e)
{
string userName = txtEmail.Text;
string password = txtPassword.Text;
// provjeri je li ALFA MATER user ADMIN :)
if (LoginIsApplicationAdmin(userName, PasswordManager.CreateHash(password)))
{
AddRememberMeUserCookieIfChecked(userName, password);
RedirectSuccessfulLogin(Application["ApplicationAdmin"] as User);
}
// traži iz DataManagera tog usera
else if (LoginIsRegisteredUser(userName, PasswordManager.CreateHash(password)))
{
AddRememberMeUserCookieIfChecked(userName, password);
RedirectSuccessfulLogin(DataManager.GetUserByEmail(userName));
}
// ak nije našao iz DataManagera
else
{
lblNoUser.Visible = true;
txtEmail.Focus();
}
}
public bool ResetPassword(PHSUser loginUser, String[] selectedusers, string tempPW, out string message)
{
message = string.Empty;
if (selectedusers == null || selectedusers.Length == 0)
{
message = "No Selection made!";
return(false);
}
//try
{
//using (var unitOfWork = CreateUnitOfWork())
{
//using (TransactionScope scope = new TransactionScope())
{
foreach (var username in selectedusers)
{
var userToUpdate = GetUserByUserName(username.ToString(), out message);
if (userToUpdate == null)
{
return(false);
}
if (userToUpdate.PasswordSalt == "")
{
userToUpdate.PasswordSalt = PasswordManager.GenerateSalt();
}
SecureString newPassHash = PasswordManager.CreateHash(tempPW, userToUpdate.PasswordSalt);
userToUpdate.Password = PasswordManager.SecureStringToString(newPassHash);
userToUpdate.UsingTempPW = true;
userToUpdate.UpdatedDateTime = DateTime.Now;
userToUpdate.UpdatedBy = loginUser.Username;
if (!UpdateUser(loginUser, userToUpdate, out message))
{
return(false);
}
//var user = GetUserByUserName(username.ToString(), out message);
//var userToUpdate = unitOfWork.Users.Get(user.PHSUserID);
//Util.CopyNonNullProperty(user, userToUpdate);
//if (userToUpdate.PasswordSalt == "")
// userToUpdate.PasswordSalt = PasswordManager.GenerateSalt();
//SecureString newPassHash = PasswordManager.CreateHash(tempPW, userToUpdate.PasswordSalt);
//userToUpdate.Password = PasswordManager.SecureStringToString(newPassHash);
//userToUpdate.UsingTempPW = true;
//userToUpdate.UpdatedDateTime = DateTime.Now;
//userToUpdate.UpdatedBy = loginUser.Username;
}
//unitOfWork.Complete();
//scope.Complete();
}
}
return(true);
}
//catch(Exception ex)
//{
// ExceptionLog(ex);
// message = "Operation failed during reset Password.";
// return false;
//}
}
static void Main(string[] args)
{
var rand = new Random();
Console.WriteLine("Check DB exists...");
if (Database.Exists("BookStoreDb"))
{
Console.WriteLine("DB exists. Deleting...");
Database.Delete("BookStoreDb");
}
else
{
Console.WriteLine("DB does not exist. Skip deleting.");
}
using (var db = new Db())
{
Console.WriteLine("Creating DB..");
object tmp = db.Users.ToArray();
Console.WriteLine("Branches..");
var br1 = new Branch()
{
Address = "Mira prospect, 11 - 21",
Name = "Booko na Mira"
};
var br2 = new Branch()
{
Address = "Ulica Vzletnaya, 22",
Name = "Booko na Vzletke"
};
db.Branches.Add(br1);
db.Branches.Add(br2);
db.SaveChanges();
Console.WriteLine("Creating employees and users..");
var admin = new Employee
{
Branch = br1,
FirstName = "Admin",
MiddleName = "Admin",
LastName = "Admin",
User = new User()
{
LastLoginTime = DateTime.Now,
Login = "******",
Password = PasswordManager.CreateHash("admin"),
Role = Role.Admin
}
};
var ivanov = new Employee
{
Branch = br1,
FirstName = "Ivan",
MiddleName = "Ivanovich",
LastName = "Ivanov",
User = new User()
{
LastLoginTime = DateTime.Now,
Login = "******",
Password = PasswordManager.CreateHash("iii"),
Role = Role.User
}
};
var petrov = new Employee
{
Branch = br2,
FirstName = "Petr",
MiddleName = "Petrovich",
LastName = "Petrov",
User = new User()
{
LastLoginTime = DateTime.Now,
Login = "******",
Password = PasswordManager.CreateHash("ppp"),
Role = Role.User
}
};
var sidorov = new Employee
{
Branch = br2,
FirstName = "Sidor",
MiddleName = "Sidorovich",
LastName = "Sidorov",
User = null
};
db.Employees.Add(admin);
db.Employees.Add(ivanov);
db.Employees.Add(petrov);
db.Employees.Add(sidorov);
db.SaveChanges();
Console.WriteLine("Customers..");
var customers = JsonConvert.DeserializeObject <List <Customer> >(File.ReadAllText("Customers.json"));
customers.ForEach(c => db.Customers.Add(c));
db.SaveChanges();
Console.WriteLine("Book categories..");
var fantasy = new BookCategory {
Name = "Fantasy"
};
var detective = new BookCategory {
Name = "Detective"
};
var scienceFiction = new BookCategory {
Name = "Science Fiction"
};
var novel = new BookCategory {
Name = "Novel"
};
db.BookCategories.Add(fantasy);
db.BookCategories.Add(detective);
db.BookCategories.Add(scienceFiction);
db.BookCategories.Add(novel);
db.SaveChanges();
Console.WriteLine("Writers..");
var writers = JsonConvert.DeserializeObject <List <Writer> >(File.ReadAllText("Writers.json"));
writers.ForEach(w => db.Writers.Add(w));
db.SaveChanges();
Console.WriteLine("Books..");
int k = 0;
foreach (BookCategory bookCategory in db.BookCategories)
{
for (int i = 0; i < 10; i++)
{
var book = new Book
{
Category = bookCategory,
ISBN = (100 + k) + "-1477827" + (100 + k),
Price = rand.Next(10000, 100000) / 100.0M,
PublishYear = rand.Next(1990, 2015),
Title = Titles.List[k],
Writers = Enumerable.Range(1, k % 3 + 1)
.Select(@int => writers[k + @int])
.ToList(),
Amounts = new List <BookAmount>
{
new BookAmount
{
Branch = br1,
Amount = 10,
},
new BookAmount
{
Branch = br2,
Amount = 10,
}
}
};
db.Books.Add(book);
k++;
}
}
db.SaveChanges();
Console.WriteLine("Done");
}
}
