public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
List <string> errors = new List <string>();
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
AuthenticaitonModel data;
try
{
data = JsonConvert.DeserializeObject <AuthenticaitonModel>(requestBody);
}
catch
{
return(new BadRequestResult());
}
using (DataContext dc = new DataContext())
{
//Check if email or password entered is null
if (data.Email == null)
{
return(new BadRequestResult());
}
if (data.Password == null)
{
return(new BadRequestResult());
}
//Find entry in database with that email
Authentication check = dc.Authentication.Include(x => x.User).Include(x => x.User.Team).Include(x => x.User.UserType).Where(x => x.User.Email == data.Email).FirstOrDefault();
//If no entry found, return error
if (check == null)
{
errors.Add("Username or Password is incorrect");
return(new BadRequestObjectResult(errors));
}
string hashedPassword = SessionValidator.ComputeHash(data.Password, check.Salt);
//If password is incorrect, return error
if (!hashedPassword.Equals(check.PasswordHash))
{
errors.Add("Username or Password is incorrect");
return(new BadRequestObjectResult(errors));
}
//If no user attached to that login, return error
if (check.User == null)
{
errors.Add("Username or Password is incorrect");
return(new BadRequestObjectResult(errors));
}
var sessions = dc.Sessions.Where(x => x.User == check.User);
foreach (Session s in sessions)
{
dc.Sessions.Remove(s);
}
Session sesh = new Session
{
User = check.User
};
dc.Sessions.Add(sesh);
dc.SaveChanges();
UserSessionModel manSesh = new UserSessionModel {
User = check.User, SessionToken = sesh.SessionToken
};
//if all checks pass, return user
return(new JsonResult(manSesh));
}
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
req.Headers.TryGetValue("sessionToken", out StringValues sessionToken);
User requester = SessionValidator.ValidateSession(sessionToken.ToString());
if (requester == null || requester.UserType.UserTypeName != "Admin")
{
return(new StatusCodeResult(403));
}
List <string> errors = new List <string>();
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
CreateUserModel data;
try
{
data = JsonConvert.DeserializeObject <CreateUserModel>(requestBody);
}
catch
{
return(new BadRequestResult());
}
if (string.IsNullOrWhiteSpace(requestBody) || data == null)
{
return(new BadRequestResult());
}
using (DataContext dc = new DataContext())
{
if (data.Mobile == null || data.Mobile.Length > 13)
{
errors.Add("Mobile number must be less than 13 digits.");
}
if (string.IsNullOrWhiteSpace(data.Email))
{
errors.Add("E-mail cannot be empty");
}
if (string.IsNullOrWhiteSpace(data.Name))
{
errors.Add("Name cannot be empty");
}
UserType u = dc.UserTypes.Where(x => x.UserTypeName == data.UserType).FirstOrDefault();
if (u == null)
{
errors.Add("User type does not exist");
}
if (string.IsNullOrWhiteSpace(data.Role))
{
errors.Add("User must have a role");
}
if (errors.Count > 0)
{
return(new BadRequestObjectResult(errors));
}
// checking for existing element; create if it doesn't exist
Role r = dc.Roles.Where(x => x.Title == data.Role).FirstOrDefault();
if (r == null)
{
r = new Role {
Title = data.Role
};
dc.Roles.Add(r);
}
MaritalStatus m = dc.MaritalStatuses.Where(x => x.MaritalStatusName == data.MaritalStatus).FirstOrDefault();
if (m == null)
{
if (data.MaritalStatus != null)
{
m = new MaritalStatus {
MaritalStatusName = data.MaritalStatus
};
dc.MaritalStatuses.Add(m);
}
}
User user = new User
{
Name = data.Name,
Mobile = data.Mobile,
DateOfBirth = data.DateOfBirth,
Role = r,
UserType = u,
Address = data.Address,
Email = data.Email,
NextOfKin1 = data.NextOfKin1,
NextOfKin2 = data.NextOfKin2,
MaritalStatus = m,
Nationality = data.Nationality,
VisaStatus = data.VisaStatus,
Gender = data.Gender,
MedicalStatus = data.MedicalStatus,
DateTimeUpdated = DateTime.Now
};
dc.User.Add(user);
if (data.Languages != null)
{
foreach (string language in data.Languages)
{
Language l = dc.Languages.Where(x => x.LanguageName == language).FirstOrDefault();
if (l == null)
{
l = new Language {
LanguageName = language
};
dc.Languages.Add(l);
}
dc.UserLanguages.Add(new UserLanguage {
Language = l, User = user
});
}
}
if (data.Skills != null)
{
foreach (string skill in data.Skills)
{
Skill s = dc.Skills.Where(x => x.SkillName == skill).FirstOrDefault();
if (s == null)
{
s = new Skill {
SkillName = skill
};
dc.Skills.Add(s);
}
dc.UserSkills.Add(new UserSkill {
Skill = s, User = user
});
}
}
string salt = Convert.ToBase64String(Guid.NewGuid().ToByteArray());
string hashedPassword = SessionValidator.ComputeHash(data.Password, salt);
Authentication login = new Authentication
{
PasswordHash = hashedPassword,
User = user,
Salt = salt
};
dc.Authentication.Add(login);
dc.SaveChanges();
return(new OkResult());
}
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
req.Headers.TryGetValue("sessionToken", out StringValues sessionToken);
User requester = SessionValidator.ValidateSession(sessionToken.ToString());
if (requester == null)
{
return(new StatusCodeResult(403));
}
List <string> errors = new List <string>();
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
ChangePasswordModel data;
try
{
data = JsonConvert.DeserializeObject <ChangePasswordModel>(requestBody);
}
catch
{
return(new BadRequestResult());
}
using (DataContext dc = new DataContext())
{
//Check if email or password entered is null
if (data.OldPassword == null)
{
return(new BadRequestResult());
}
if (data.NewPassword == null)
{
return(new BadRequestResult());
}
Authentication original = dc.Authentication.Where(x => x.User.UserID == requester.UserID).FirstOrDefault();
//If no entry found, return error
if (original == null)
{
errors.Add("Username or Password is incorrect");
return(new BadRequestObjectResult(errors));
}
string hashedOldPassword = SessionValidator.ComputeHash(data.OldPassword, original.Salt);
//If password is incorrect, return error
if (!hashedOldPassword.Equals(original.PasswordHash))
{
errors.Add("Username or Password is incorrect");
return(new BadRequestObjectResult(errors));
}
original.PasswordHash = SessionValidator.ComputeHash(data.NewPassword, original.Salt);
dc.SaveChanges();
return(new OkResult());
}
}