public HttpResponseMessage Hello()
{
IEnumerable <string> key;
Request.Headers.TryGetValues("x-api-key", out key);
User user = userDatabase.GetUser(key.First());
string logString = "Protected Hello";
Log log = new Log(logString, DateTime.UtcNow);
user.Log.Add(log);
return(Request.CreateResponse(HttpStatusCode.OK, "Hello " + user.UserName));
}
public async Task <IActionResult> GetSHA256([FromQuery] string message, [FromHeader] string APIKey)
{
try
{
#region Register Log
var authUser = await UserDatabaseAccess.GetUser(APIKey, base._context);
string Method = this.HttpContext.Request.Method;
string Path = this.HttpContext.Request.Path;
var Log = authUser.Role + " requested " + Method + " " + Path;
await UserDatabaseAccess.AddLog(Log, authUser, base._context);
#endregion
if (message == null)
{
throw new Exception();
}
SHA256 SHA1Provider = new SHA256CryptoServiceProvider();
byte[] ASCIIByteMessage = Encoding.ASCII.GetBytes(message);
byte[] SHA1ByteMessage = SHA1Provider.ComputeHash(ASCIIByteMessage);
string Encrypted = EncryptionHelper.ByteArrayToHexString(SHA1ByteMessage, false);
return(StatusCode(200, Encrypted.ToUpper()));
}
catch (Exception)
{
return(StatusCode(400, "Bad Rquest"));
}
}
public async Task <IActionResult> SignMessage([FromQuery] string Message, [FromHeader] string APIKey)
{
try
{
#region Register Log
var user = await UserDatabaseAccess.GetUser(APIKey, base._context);
string Method = this.HttpContext.Request.Method;
string Path = this.HttpContext.Request.Path;
var logString = user.Role + " requested " + Method + " " + Path;
await UserDatabaseAccess.AddLog(logString, user, base._context);
#endregion
if (Message == null)
{
throw new Exception();
}
var byteMessage = Encoding.ASCII.GetBytes(Message);
var signedData = _RSA.SignData(byteMessage, new SHA1CryptoServiceProvider());
var hexMessage = EncryptionHelper.ByteArrayToHexString(signedData, true);
return(StatusCode(200, hexMessage));
}
catch (Exception)
{
return(StatusCode(400, "Bad Request"));
}
}
public async Task <IActionResult> GetPublicKey([FromHeader] string APIKey)
{
try
{
#region Register Log
var user = await UserDatabaseAccess.GetUser(APIKey, base._context);
string Method = this.HttpContext.Request.Method;
string Path = this.HttpContext.Request.Path;
var logString = user.Role + " requested " + Method + " " + Path;
await UserDatabaseAccess.AddLog(logString, user, base._context);
#endregion
_RSA.ExportParameters(false);
string xmlKey = _RSA.ToXmlStringCore22(false);
return(StatusCode(200, xmlKey));
}
catch (Exception)
{
return(StatusCode(400, "Bad Request"));
}
}
public async Task <ActionResult <User> > DeleteUser([FromHeader] string APIKey, [FromQuery] string userName)
{
try
{
if (await UserDatabaseAccess.APIKeyExists(APIKey, base._context))
{
var user = await UserDatabaseAccess.GetUser(APIKey, base._context);
#region Registering UserLog
string Method = this.HttpContext.Request.Method;
string Path = this.HttpContext.Request.Path;
var logString = user.Role + " requested " + Method + " " + Path;
await UserDatabaseAccess.AddLog(logString, user, base._context);
#endregion
if (user.ApiKey == APIKey && user.UserName == userName)
{
await UserDatabaseAccess.BackupLog(APIKey, base._context);
await UserDatabaseAccess.RemoveUser(user, base._context);
return(StatusCode(200, true));
}
}
throw new Exception();
}
catch (Exception)
{
return(StatusCode(200, false));
}
}
public async Task InvokeAsync(HttpContext context, Models.UserContext dbContext)
{
#region Task5
// TODO: Find if a header ‘ApiKey’ exists, and if it does, check the database to determine if the given API Key is valid
// Then set the correct roles for the User, using claims
var AuthAPIKey = context.Request.Headers["APIKey"].ToString();
var verifyKey = await UserDatabaseAccess.APIKeyExists(AuthAPIKey, dbContext);
if (verifyKey)
{
var user = await UserDatabaseAccess.GetUser(AuthAPIKey, dbContext);
if (user != null)
{
var claimArray = new Claim[]
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.Role, user.Role)
};
context.User.AddIdentity(new ClaimsIdentity(claimArray, "APIKey"));
}
}
#endregion
// Call the next delegate/middleware in the pipeline
await _next(context);
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
#region Task5
// TODO: Find if a header ‘ApiKey’ exists, and if it does, check the database to determine if the given API Key is valid
// Then authorise the principle on the current thread using a claim, claimidentity and claimsprinciple
IEnumerable <string> key;
request.Headers.TryGetValues("x-api-key", out key);
if (key != null)
{
User user = userDatabase.GetUser(key.First());
Claim claimName = new Claim(ClaimTypes.Name, user.UserName);
Claim claimRole = new Claim(ClaimTypes.Role, user.Role);
ClaimsIdentity claimKey = new ClaimsIdentity(user.ApiKey);
claimKey.AddClaim(claimName);
claimKey.AddClaim(claimRole);
ClaimsPrincipal principal = new ClaimsPrincipal(claimKey);
Thread.CurrentPrincipal = principal;
}
#endregion
return(base.SendAsync(request, cancellationToken));
}
public async Task <IActionResult> AddFifty([FromQuery] string encryptedInteger, [FromQuery] string encryptedSymKey, [FromQuery] string encryptedIV, [FromHeader] string APIKey)
{
#region Register Log
var user = await UserDatabaseAccess.GetUser(APIKey, base._context);
string Method = this.HttpContext.Request.Method;
string Path = this.HttpContext.Request.Path;
var logString = user.Role + " requested " + Method + " " + Path;
await UserDatabaseAccess.AddLog(logString, user, base._context);
#endregion
try
{
if (encryptedInteger == null || encryptedSymKey == null || encryptedIV == null)
{
throw new Exception();
}
byte[] byteInteger = EncryptionHelper.HexaStringToByteArray(encryptedInteger);
byte[] byteAESKey = EncryptionHelper.HexaStringToByteArray(encryptedSymKey);
byte[] byteAESIV = EncryptionHelper.HexaStringToByteArray(encryptedIV);
var decryptedInt = _RSA.Decrypt(byteInteger, true);
var decryptedAESKey = _RSA.Decrypt(byteAESKey, true);
var decryptedAESIV = _RSA.Decrypt(byteAESIV, true);
var aesProvider = new AesCryptoServiceProvider();
aesProvider.IV = decryptedAESIV;
aesProvider.Key = decryptedAESKey;
int originalInt = BitConverter.ToInt32(decryptedInt, 0) + 50;
byte[] encryptedResponse = await EncryptionHelper.EncryptAES(originalInt.ToString(), aesProvider);
var hexResponse = EncryptionHelper.ByteArrayToHexString(encryptedResponse, true);
return(StatusCode(200, hexResponse));
}
catch (Exception)
{
return(StatusCode(400, "Bad Request"));
}
}
public async Task <IActionResult> UpdateRole([FromBody] User updateUser, [FromHeader] string APIKey)
{
try
{
//if (updateUser.UserName == "" || updateUser.Role == "")
// throw new Exception("NOT DONE: An error occured");
var userExists = await UserDatabaseAccess.UserExists(updateUser.UserName, base._context);
if (!userExists)
{
throw new Exception("NOT DONE: Username does not exist");
}
var user = await UserDatabaseAccess.GetUserWithName(updateUser.UserName, base._context);
string[] allowedRoles = { "Admin", "User" };
if (!allowedRoles.Contains(updateUser.Role))
{
throw new Exception("NOT DONE: Role does not exist");
}
else if (allowedRoles.Contains(updateUser.Role))
{
await UserDatabaseAccess.ChangeRole(updateUser, user, _context);
var authUser = await UserDatabaseAccess.GetUser(APIKey, base._context);
string Method = this.HttpContext.Request.Method;
string Path = this.HttpContext.Request.Path;
var Log = authUser.Role + " requested " + Method + " " + Path;
await UserDatabaseAccess.AddLog(Log, authUser, base._context);
return(StatusCode(200, "DONE"));
}
throw new Exception("NOT DONE: An error occured");
}
catch (Exception e)
{
return(StatusCode(400, e.Message));
}
}
public HttpResponseMessage Delete([FromUri] string username)
{
IEnumerable <string> key;
Request.Headers.TryGetValues("x-api-key", out key);
User user = userDatabase.GetUser(key.First());
string logString = "Delete User";
Log log = new Log(logString, DateTime.UtcNow);
user.Log.Add(log);
bool userCheck = userDatabase.CheckUser(key.First(), username);
if (userCheck == true)
{
userDatabase.DeleteUser(key.First());
return(Request.CreateResponse(HttpStatusCode.OK, true));
}
else
{
return(Request.CreateResponse(HttpStatusCode.OK, false));
}
}
public async Task <IActionResult> GetHello([FromHeader] string APIKey)
{
try
{
var user = await UserDatabaseAccess.GetUser(APIKey, base._context);
#region Register Log
string Method = this.HttpContext.Request.Method;
string Path = this.HttpContext.Request.Path;
var Log = user.Role + " requested " + Method + " " + Path;
await UserDatabaseAccess.AddLog(Log, user, base._context);
#endregion
string Result = "Hello " + user.UserName;
return(StatusCode(200, Result));
}
catch (Exception)
{
return(StatusCode(400, "Bad Request"));
}
}
