public IActionResult User_EditAccountLogin(int id, int account_id, [FromBody] string login) { // attempt to edit the login // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id)) { ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } // get account and modify Account accToEdit = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id); accToEdit.Login = HelperMethods.EncryptStringToBytes_Aes(login, HelperMethods.GetUserKeyAndIV(id));; accToEdit.LastModified = HelperMethods.EncryptStringToBytes_Aes(DateTime.Now.ToString(), HelperMethods.GetUserKeyAndIV(id)); _context.SaveChanges(); return(Ok()); }
public IActionResult User_EditAccount(int id, int acc_id, [FromBody] NewAccount acc) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == acc_id)) { ErrorMessage error = new ErrorMessage("Failed to delete account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } // get account and modify Account accToEdit = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == acc_id); accToEdit.Title = HelperMethods.EncryptStringToBytes_Aes(acc.Title, HelperMethods.GetUserKeyAndIV(id)); accToEdit.Login = HelperMethods.EncryptStringToBytes_Aes(acc.Login, HelperMethods.GetUserKeyAndIV(id)); accToEdit.Password = HelperMethods.EncryptStringToBytes_Aes(acc.Password, HelperMethods.GetUserKeyAndIV(id)); accToEdit.Url = HelperMethods.EncryptStringToBytes_Aes(acc.Url, HelperMethods.GetUserKeyAndIV(id)); accToEdit.Description = HelperMethods.EncryptStringToBytes_Aes(acc.Description, HelperMethods.GetUserKeyAndIV(id)); accToEdit.LastModified = HelperMethods.EncryptStringToBytes_Aes(DateTime.Now.ToString(), HelperMethods.GetUserKeyAndIV(id)); _context.SaveChanges(); // return the new object to easily update on frontend without making another api call return(new OkObjectResult(new ReturnableAccount(accToEdit))); }
[HttpPut("{id:int}/accounts/{account_id:int}/password")] // in progress public string User_EditAccountPassword(int id, int account_id, [FromBody] string password) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } try { Account acc = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id); acc.Password = HelperMethods.EncryptStringToBytes_Aes(password, HelperMethods.GetUserKeyAndIV(id)); // this logic will need to be changed to use a unique key _context.Accounts.Update(acc); _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error editing password", "n/a", ex.Message)).ToString()); } return(SuccessMessage._result); }
public IActionResult User_EditFolderName(int id, int folder_id, [FromBody] string name) { // attempt to edit the title // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said folder if (!_context.Users.Single(a => a.ID == id).Folders.Exists(b => b.ID == folder_id)) { ErrorMessage error = new ErrorMessage("Invalid Folder", "User does not have a folder matching that ID."); return(new BadRequestObjectResult(error)); } // modify _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == folder_id).FolderName = HelperMethods.EncryptStringToBytes_Aes(name, HelperMethods.GetUserKeyAndIV(id)); _context.SaveChanges(); return(Ok()); }
public IActionResult User_AddAccount(int id, [FromBody] NewAccount accToAdd) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // account limit is 50 for now if (_context.Users.Single(a => a.ID == id).Accounts.Count >= 50) { ErrorMessage error = new ErrorMessage("Failed to create new account", "User cannot have more than 50 passwords saved at once."); return(new BadRequestObjectResult(error)); } // if this user does not own the folder we are adding to, then error if (accToAdd.FolderID != null && !_context.Users.Single(a => a.ID == id).Folders.Exists(b => b.ID == accToAdd.FolderID)) { ErrorMessage error = new ErrorMessage("Failed to create new account", "User does not have a folder matching that ID."); return(new BadRequestObjectResult(error)); } // create new account and save it Account new_account = new Account(accToAdd, id); new_account.LastModified = HelperMethods.EncryptStringToBytes_Aes(DateTime.Now.ToString(), HelperMethods.GetUserKeyAndIV(id)); _context.Accounts.Add(new_account); _context.SaveChanges(); // return the new object to easily update on frontend without making another api call return(new OkObjectResult(new ReturnableAccount(new_account))); }
[HttpPut("{id:int}/accounts/{account_id:int}/password")] // in progress public IActionResult User_EditAccountPassword(int id, int account_id, [FromBody] string password) { try { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // validate ownership of said account if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id)) { ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID."); return(new BadRequestObjectResult(error)); } _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id).Password = HelperMethods.EncryptStringToBytes_Aes(password, HelperMethods.GetUserKeyAndIV(id)); _context.SaveChanges(); return(Ok()); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error editing password", ex.Message); return(new InternalServerErrorResult(error)); } }
[HttpPost("{id:int}/accounts")] // working public string User_AddAccount(int id, [FromBody] string accJson) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } JObject json = null; // might want Json verification as own function since all will do it.. we will see try { json = JObject.Parse(accJson); } catch (Exception ex) { Response.StatusCode = 400; ErrorMessage error = new ErrorMessage("Invalid Json", accJson, ex.Message); return(JObject.FromObject(error).ToString()); } try { // if folder id is present, then use it, if not we use standard null for top parent int?folder_id; if (json["folder_id"] == null) { folder_id = null; } else { folder_id = _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == int.Parse(json["folder_id"].ToString())).ID; // makes sure folder exists and is owned by user } // use token in header to to Account new_account = new Account { UserID = id, FolderID = folder_id, Title = json["account_title"]?.ToString(), Login = json["account_login"]?.ToString(), Password = json["account_password"] != null?HelperMethods.EncryptStringToBytes_Aes(json["account_password"].ToString(), HelperMethods.GetUserKeyAndIV(id)) : null, Description = json["account_description"]?.ToString() }; _context.Accounts.Add(new_account); _context.SaveChanges(); } catch (Exception ex) { Response.StatusCode = 500; return(JObject.FromObject(new ErrorMessage("Error creating new account.", accJson, ex.Message)).ToString()); } return(SuccessMessage._result); }