public async Task <Response.Response> ChangePassword(Guid userId, string newPassword)
{
var resp = new Response.Response
{
Type = ResponseType.Fail
};
var user = await _userManager.FindByIdAsync(userId.ToString());
if (user == null)
{
resp.ErrorCode = ErrorCode.UserNotFound;
resp.Type = ResponseType.RecordNotFound;
return(resp);
}
var token = await _userManager.GeneratePasswordResetTokenAsync(user);
await _userManager.ResetPasswordAsync(user, token, newPassword);
//log user password reset request
_logger.LogInformation(string.Format(LoggingOperationPhrase.PasswordChanged, user.Id));
resp.Type = ResponseType.Success;
return(resp);
}
public Response.Response UpdateSettings(Guid userId, UserSettings newSettings)
{
var resp = new Response.Response
{
Type = ResponseType.Fail
};
var user = _repository.GetById(userId);
if (user == null)
{
resp.ErrorCode = ErrorCode.UserNotFound;
return(resp);
}
user.Settings = JsonSerializer.Serialize(newSettings);
if (user.Settings.Length > 250)
{
resp.ErrorCode = ErrorCode.ObjectExceededMaxAllowedLength;
return(resp);
}
_repository.Update(user);
_uow.Save();
resp.Type = ResponseType.Success;
return(resp);
}
protected MainModule(string pathToRequest, Response.Response response)
{
Post($"/{pathToRequest}", action =>
{
Database db = Context.GetDb();
try
{
return(response.Post(Context.Request, db));
}
catch (MySqlException e)
{
return(SendMySqlException(e));
}
}, null, "POST");
Get($"/{pathToRequest}", action =>
{
Database db = Context.GetDb();
try
{
return(response.Get(Context.Request, db));
}
catch (MySqlException e)
{
return(SendMySqlException(e));
}
}, null, "Get");
Put($"/{pathToRequest}", action =>
{
Database db = Context.GetDb();
try
{
return(response.Put(Context.Request, db));
}
catch (MySqlException e)
{
return(SendMySqlException(e));
}
}, null, "Put");
Delete($"/{pathToRequest}", action =>
{
Database db = Context.GetDb();
try
{
return(response.Delete(Context.Request, db));
}
catch (MySqlException e)
{
return(SendMySqlException(e));
}
}, null, "Delete");
}
public virtual Response.Response SoftDelete(object id)
{
var resp = new Response.Response
{
Type = ResponseType.Fail
};
var entity = Repository.GetById(id);
bool updated = false;
if (entity == null)
{
resp.ErrorCode = ErrorCode.RecordNotFound;
return(resp);
}
if (ValidateEntityOwner)
{
//client wants to check for an IDOR attack
if (!IsEntityOwnerValid(entity))
{
resp.ErrorCode = ErrorCode.NotAuthorized;
return(resp);
}
}
var type = typeof(TEntity);
var entityProperties = type.GetProperties();
foreach (PropertyInfo entityProperty in entityProperties)
{
//Only modify IsDeleted property. Do not change others
if (entityProperty.CanWrite && entityProperty.Name == "IsDeleted")
{
entityProperty.SetValue(entity, true, null); //soft deletion
updated = true;
break;
}
}
if (updated)
{
Repository.Update(entity);
Uow.Save();
}
//log db record modification as an info
Logger.LogInformation($"'{type}' entity with ID: {id} has been modified.");
return(new Response.Response
{
Type = ResponseType.Success
});
}
public Response.Response <object> getQuizesStatistic(int userId)
{
Response.Response <object> response = new Response.Response <object>();
var result = _service.getStatistic(userId);
response.Result = result;
response.StatusCode = 200;
return(response);
}
public Response.Response <List <quize> > getUserQuizesWithAnswer(int userId)
{
Response.Response <List <quize> > response = new Response.Response <List <quize> >();
var result = _service.getUserQuizesWithAnswer(userId);
response.Result = result;
response.StatusCode = 200;
return(response);
}
/// <summary>
/// Overide for OnException
/// </summary>
/// <param name="context"></param>
public override void OnException(ExceptionContext context)
{
Response.Response response = new Response.Response
{
Message = "An error has occured."
};
context.HttpContext.Response.StatusCode = 500;
//context.Result = new JsonResult(response);
base.OnException(context);
}
async Task Deleting(int objectId)
{
parameter = client.GetParameter();
parameter.Add("id", objectId);
parameter.Add("status", "C__RECORD_STATUS__DELETED");
Response.Response response = await client.GetConnection().InvokeAsync <Response.Response>
("cmdb.object.delete", parameter);
if (response.success == false)
{
throw new IdoitAPIClientBadResponseException("Nope!");
}
}
async Task Updating(int objectId)
{
parameter = client.GetParameter();
parameter.Add("id", objectId);
parameter.Add("title", title);
Response.Response response = await client.GetConnection().InvokeAsync <Response.Response>
("cmdb.object.update", parameter);
if (response.success == false)
{
throw new IdoitAPIClientBadResponseException("Nope!");
}
}
public async Task <Response.Response> Register(ApplicationUser userDto, string password)
{
var resp = new Response.Response {
Type = ResponseType.Fail
};
var userByName = await _userManager.FindByNameAsync(userDto.UserName);
if (userByName != null)
{
resp.ErrorCode = ErrorCode.UserExists;
return(resp);
}
var userByEmail = await _userManager.FindByEmailAsync(userDto.Email);
if (userByEmail != null)
{
resp.ErrorCode = ErrorCode.UserExists;
return(resp);
}
//start sending slack notification
// var slackMessageTask = _slackService.SendMessage($"{userDto.Email} joined :tada:", "account-tracker");
var userModel = new Dal.Entities.Identity.ApplicationUser
{
Id = userDto.Id,
Email = userDto.Email ?? "",
EmailConfirmed = userDto.EmailConfirmed,
UserName = userDto.UserName,
NameSurname = userDto.NameSurname,
PasswordHash = HashPassword(password),
SecurityStamp = Guid.NewGuid().ToString(),
// Settings = userDto.Settings,
CreatedAt = userDto.CreatedAt,
};
await _userManager.CreateAsync(userModel);
userDto.Id = userModel.Id;
await _userManager.AddToRoleAsync(userModel, userDto.Roles.First());
resp.Type = ResponseType.Success;
//await slackMessageTask;
return(resp);
}
async Task Purging(int objectId)
{
//The return Values as Object from diffrence Classes
parameter = client.GetParameter();
parameter.Add("id", objectId);
parameter.Add("status", "C__RECORD_STATUS__PURGE");
Response.Response response = await client.GetConnection().InvokeAsync <Response.Response>
("cmdb.object.delete", parameter);
if (response.success == false)
{
throw new IdoitAPIClientBadResponseException("Nope!");
}
}
public Response.Response <user> login([FromBody] user obj)
{
Response.Response <user> response = new Response.Response <user>();
var result = _service.login(obj);
if (result != null)
{
response.Result = result;
response.StatusCode = 200;
}
else
{
response.Result = null;
response.StatusCode = 401;
}
return(response);
}
async Task Creating()
{
parameter = client.GetParameter();
parameter.Add("type", type);
parameter.Add("title", title);
parameter.Add("purpose", purpose);
parameter.Add("cmdb_status", cmdbStatus);
parameter.Add("description", description);
parameter.Add("category", category);
Response.Response response = await client.GetConnection().InvokeAsync <Response.Response>
("cmdb.object.create", parameter);
id = response.id;
if (response.success == false)
{
throw new IdoitAPIClientBadResponseException(response.message);
}
}
public async Task <Response.Response> ResetAccount(string emailOrUsername)
{
var resp = new Response.Response
{
Type = ResponseType.Fail
};
var user = await _userManager.FindByEmailAsync(emailOrUsername);
if (user == null)
{
user = await _userManager.FindByNameAsync(emailOrUsername);
}
if (user == null)
{
resp.ErrorCode = ErrorCode.UserNotFound;
return(resp);
}
var now = DateTime.UtcNow;
var unixTimestamp = Utility.GetUnixTimeStamp(now);
var resetLink = Utility.Base64Encode($"{user.Id:N}::{user.SecurityStamp}::{unixTimestamp}");
var mailSent = SendResetPasswordEmail(resetLink, user.Email);
if (!mailSent)
{
resp.ErrorCode = ErrorCode.ApplicationException;
return(resp);
}
user.LockoutEnd = now;
await _userManager.UpdateAsync(user);
_logger.LogInformation(string.Format(LoggingOperationPhrase.PasswordReset, user.Id));
resp.Type = ResponseType.Success;
return(resp);
}
public Response.Response <int> createQuize(quize obj)
{
Response.Response <int> response = new Response.Response <int>();
//check if quize name is already exist for this user
bool nameexist = _service.checkQuizeNameExist(obj.userId.Value, obj.name);
if (!nameexist)
{
var result = _service.addQuize(obj);
response.Result = result;
response.StatusCode = 200;
}
else
{
response.Result = 0;
response.StatusCode = 400;
response.message = "Name aleardy exist";
}
return(response);
}
public Response.Response <int> addQuizeQuestion(quize_question obj)
{
Response.Response <int> response = new Response.Response <int>();
//check if question already exist in this quize
bool nameexist = _service.checkQuestionExist(obj.quizeId.Value, obj.question);
if (!nameexist)
{
var result = _service.addQuizeQuestion(obj);
response.Result = result;
response.StatusCode = 200;
}
else
{
response.Result = 0;
response.StatusCode = 400;
response.message = "Question aleardy exist";
}
return(response);
}
public Response.Response <int> answerQuizeQuestion(question_answer obj)
{
Response.Response <int> response = new Response.Response <int>();
//check if user is already answer this qestion befor
bool answered = _service.checkIdQuestionAnswered(obj.questionId.Value, obj.userId.Value);
//if not answered before add new answer
if (!answered)
{
var result = _service.answerQuizeQuestion(obj);
response.Result = result;
response.StatusCode = 200;
}
//if answered update existing answer
else
{
var result = _service.updateAnswerQuizeQuestion(obj);
response.Result = result;
response.StatusCode = 200;
}
return(response);
}
public virtual Response.Response Delete(object id)
{
var resp = new Response.Response
{
Type = ResponseType.Fail
};
var entity = Repository.GetById(id);
if (entity == null)
{
resp.ErrorCode = ErrorCode.RecordNotFound;
return(resp);
}
if (ValidateEntityOwner)
{
//client wants to check for an IDOR attack
if (!IsEntityOwnerValid(entity))
{
resp.ErrorCode = ErrorCode.NotAuthorized;
return(resp);
}
}
Repository.Delete(entity);
Uow.Save();
var type = typeof(TEntity);
//log db record deletion as an info
Logger.LogInformation($"'{type}' entity has been hard-deleted.");
resp.Type = ResponseType.Success;
return(resp);
}