public void CloseSession(SessionInfo sessionParams)
{
string spName = "[SP_Close_Session]";
SqlConnection conn = OpenConnection("ConnectionStringAccounts");
GetUserAccountInfoResult result = new GetUserAccountInfoResult();
SqlCommand cmd = new SqlCommand();
cmd.CommandText = schema + "." + spName;
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Connection = conn;
// Session id
SqlParameter paramSessionId = new SqlParameter("@SessionToken", SqlDbType.NVarChar, 255, ParameterDirection.Input, false, 0, 0, "", DataRowVersion.Current, sessionParams.SessionId);
// Session id
SqlParameter paramSessionStart = new SqlParameter("@SessionEnd", SqlDbType.DateTime, 0, ParameterDirection.Input, false, 0, 0, "", DataRowVersion.Current, sessionParams.SessionEnd);
cmd.Parameters.Add(paramSessionId);
cmd.Parameters.Add(paramSessionStart);
cmd.ExecuteNonQuery();
conn.Close();
}
public ResponseBase Any(InitSession request)
{
_logger.Log(EErrorType.Info, " ****** Call start: InitSession");
InitSessionResponse response = new InitSessionResponse();
try
{
// checking account key validity
GetUserAccountInfoParams accParams = new GetUserAccountInfoParams();
accParams.AccountKey = request.AccountKey;
GetUserAccountInfoResult accResult = _dal.GetUserAccountInfo(accParams);
if (accResult != null)
{
string sessionId = Guid.NewGuid().ToString();
Interfaces.DAL.SessionInfo sinfo = new Interfaces.DAL.SessionInfo();
sinfo.AccountKey = request.AccountKey;
sinfo.SessionStart = DateTime.UtcNow;
sinfo.SessionExpires = DateTime.UtcNow
+ TimeSpan.FromMinutes(ConfigurationManager.AppSettings["SessionExpiresMins"] != null ? Int32.Parse(ConfigurationManager.AppSettings["SessionExpiresMins"]) : 60);
sinfo.SessionId = sessionId;
// if current session exists - we are just using current session token
Interfaces.DAL.SessionInfo existSession = _dal.GetSessionInfo(sinfo, true);
if (existSession == null)
{
_dal.InitSession(sinfo);
response.SessionToken = sessionId;
}
response.Success = true;
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.UserAccountNotFound, Type = EErrorType.Error, Message = "Invalid account key provided"
});
}
}
catch (Exception ex)
{
_logger.Log(ex);
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.GeneralError, Type = EErrorType.Error, Message = string.Format("Unexpected error: {0}", ex.Message)
});
}
_logger.Log(EErrorType.Info, " ****** Call end: InitSession");
return(response);
}
public ResponseBase Any(CreateAccount request)
{
_logger.Log(EErrorType.Info, " ****** Call start: CreateAccount");
CreateAccountResponse response = new CreateAccountResponse();
try
{
GetUserAccountInfoParams accParams = new GetUserAccountInfoParams();
accParams.Email = request.Email;
GetUserAccountInfoResult accResult = _dal.GetUserAccountInfo(accParams);
if (accResult == null)
{
// creating account
CreateUpdateUserAccountParams createParams = new CreateUpdateUserAccountParams();
createParams.Name = request.Name;
createParams.Email = request.Email;
createParams.AccountKey = EncodeUtils.CreateAccountKey();
createParams.PwdHash = EncodeUtils.GetPasswordHash(request.Pwd);
createParams.ActivationCode = EncodeUtils.CreateActivationCode();
createParams.State = "Pending"; // TODO; change to consts
_dal.CreateUserAccount(createParams);
SendMailResponse mailerResponse = SendAccountConfirmEmail(createParams.Email, createParams.AccountKey, createParams.Name);
response.Payload.AccountKey = createParams.AccountKey;
response.Success = true;
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.UserAccountExists, Type = EErrorType.Error, Message = "User with specified data already exists"
});
}
}
catch (Exception ex)
{
_logger.Log(ex);
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.GeneralError, Type = EErrorType.Error, Message = string.Format("Unexpected error: {0}", ex.Message)
});
}
_logger.Log(EErrorType.Info, " ****** Call end: CreateAccount");
return(response);
}
public GetUserAccountInfoResult GetUserAccountInfo(GetUserAccountInfoParams accParams)
{
string spName = "[SP_Get_User_Account_Info]";
SqlConnection conn = OpenConnection("ConnectionStringAccounts");
GetUserAccountInfoResult result = new GetUserAccountInfoResult();
SqlCommand cmd = new SqlCommand();
cmd.CommandText = schema + "." + spName;
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Connection = conn;
// User email
SqlParameter paramEmail = new SqlParameter("@Email", SqlDbType.NVarChar, 255, ParameterDirection.Input, false, 0, 0, "", DataRowVersion.Current, accParams.Email != null ? (object)accParams.Email : DBNull.Value);
// User pwd hash
SqlParameter paramAccountKey = new SqlParameter("@AccountKey", SqlDbType.NVarChar, 255, ParameterDirection.Input, false, 0, 0, "", DataRowVersion.Current, accParams.AccountKey != null ? (object)accParams.AccountKey : DBNull.Value);
cmd.Parameters.Add(paramEmail);
cmd.Parameters.Add(paramAccountKey);
DataSet ds = new DataSet();
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
da.Fill(ds);
if (ds.Tables.Count > 0 && ds.Tables[0].Rows.Count > 0)
{
result.UserId = (Int64)ds.Tables[0].Rows[0]["User_Id"];
result.AccountKey = (string)ds.Tables[0].Rows[0]["Account_Key_Value"];
result.Name = (string)ds.Tables[0].Rows[0]["User_Name"];
result.Email = (string)ds.Tables[0].Rows[0]["Email"];
result.PwdHash = (string)ds.Tables[0].Rows[0]["Password_Hash"];
result.DateCreated = (DateTime)ds.Tables[0].Rows[0]["User_Creation_Dttm"];
result.DateExpires = (DateTime)ds.Tables[0].Rows[0]["Account_Key_Expiration_Dttm"];
}
else
{
result = null;
}
conn.Close();
return(result);
}
public ResponseBase Any(ResetPassword request)
{
_logger.Log(EErrorType.Info, " ****** Call start: ChangePassword");
UpdateAccountResponse response = new UpdateAccountResponse();
try
{
// getting account details
GetUserAccountInfoParams accInfoParams = new GetUserAccountInfoParams();
accInfoParams.Email = request.Email;
GetUserAccountInfoResult accResult = _dal.GetUserAccountInfo(accInfoParams);
if (accResult != null && accResult.Success)
{
string newPassword = EncodeUtils.GenerateRandomPassword();
// getting account details
CreateUpdateUserAccountParams updateParams = new CreateUpdateUserAccountParams();
updateParams.AccountKey = accResult.AccountKey;
updateParams.Email = request.Email;
updateParams.PwdHash = EncodeUtils.GetPasswordHash(newPassword);
_dal.UpdateUserAccount(updateParams);
SendMailResponse mailerResponse = SendPasswordResetNotificationEmail(updateParams.Email, accResult.Name, newPassword);
if (!mailerResponse.Success)
{
response.Errors.Add(new Error()
{
Code = EErrorCodes.MailSendFailed,
Message = "Mail services returned errors. Check other errors",
Type = EErrorType.Warning
});
response.Errors.AddRange(mailerResponse.Errors);
}
response.Success = true;
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.UserAccountNotFound, Type = EErrorType.Error, Message = "No account found for the given email"
});
}
}
catch (Exception ex)
{
_logger.Log(ex);
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.GeneralError,
Type = EErrorType.Error,
Message = string.Format("Unexpected error: {0}", ex.Message)
});
}
_logger.Log(EErrorType.Info, " ****** Call end: ChangePassword");
return(response);
}
public ResponseBase Any(ChangePassword request)
{
_logger.Log(EErrorType.Info, " ****** Call start: ChangePassword");
UpdateAccountResponse response = new UpdateAccountResponse();
try
{
SessionInfo sessionParams = new SessionInfo();
sessionParams.SessionId = request.SessionToken;
SessionInfo sessionInfo = _dal.GetSessionInfo(sessionParams, true);
if (sessionInfo != null)
{
// updating account details
CreateUpdateUserAccountParams updateParams = new CreateUpdateUserAccountParams();
updateParams.AccountKey = sessionInfo.AccountKey;
updateParams.Email = request.Email;
updateParams.PwdHash = EncodeUtils.GetPasswordHash(request.Pwd);
_dal.UpdateUserAccount(updateParams);
// getting account details
GetUserAccountInfoParams accInfoParams = new GetUserAccountInfoParams();
accInfoParams.AccountKey = sessionInfo.AccountKey;
GetUserAccountInfoResult accResult = _dal.GetUserAccountInfo(accInfoParams);
if (accResult != null)
{
SendMailResponse mailerResponse = SendPasswordChangedNotificationEmail(updateParams.Email, accResult.Name);
if (!mailerResponse.Success)
{
response.Errors.Add(new Error()
{
Code = EErrorCodes.MailSendFailed,
Message = "Mail services returned errors. Check other errors",
Type = EErrorType.Warning
});
response.Errors.AddRange(mailerResponse.Errors);
}
}
response.Success = true;
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.InvalidSession, Type = EErrorType.Error, Message = "Invalid session"
});
}
}
catch (Exception ex)
{
_logger.Log(ex);
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.GeneralError,
Type = EErrorType.Error,
Message = string.Format("Unexpected error: {0}", ex.Message)
});
}
_logger.Log(EErrorType.Info, " ****** Call end: ChangePassword");
return(response);
}
public ResponseBase Any(ActivateAccount request)
{
_logger.Log(EErrorType.Info, " ****** Call start: ActivateAccount");
ActivateAccountResponse response = new ActivateAccountResponse();
try
{
GetUserAccountInfoParams accParams = new GetUserAccountInfoParams();
accParams.Email = request.Email;
GetUserAccountInfoResult accResult = _dal.GetUserAccountInfo(accParams);
if (accResult != null)
{
if (accResult.ActivationCode == request.ActivationCode)
{
CreateUpdateUserAccountParams updateParams = new CreateUpdateUserAccountParams();
updateParams.AccountKey = accResult.AccountKey;
updateParams.State = "active"; // TODO: need to change to consts
_dal.UpdateUserAccount(updateParams);
response.Success = true;
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.UserAccountNotValidated,
Type = EErrorType.Error,
Message = "Invalid activation code provided - account was not activated"
}
);
}
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.UserAccountNotFound,
Type = EErrorType.Error,
Message = "User account was not found."
}
);
}
}
catch (Exception ex)
{
_logger.Log(ex);
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.GeneralError,
Type = EErrorType.Error,
Message = string.Format("Unexpected error: {0}", ex.Message)
});
}
_logger.Log(EErrorType.Info, " ****** Call end: ActivateAccount");
return(response);
}
public ResponseBase Any(GetAccountInfo request)
{
GetAccountInfoResponse response = new GetAccountInfoResponse();
try
{
SessionInfo sessionParams = new SessionInfo();
sessionParams.SessionId = request.SessionToken;
SessionInfo sessionInfo = _dal.GetSessionInfo(sessionParams, true);
if (sessionInfo != null)
{
// getting account details
GetUserAccountInfoParams accInfoParams = new GetUserAccountInfoParams();
accInfoParams.AccountKey = sessionInfo.AccountKey;
GetUserAccountInfoResult accResult = _dal.GetUserAccountInfo(accInfoParams);
if (accResult != null)
{
response.Payload.AccountKey = accInfoParams.AccountKey;
response.Payload.Email = accResult.Email;
response.Payload.Name = accResult.Name;
response.Payload.DateExpires = accResult.DateExpires;
response.Payload.DateCreated = accResult.DateCreated;
response.Payload.DateExpiresStr = accResult.DateExpires.ToString();
response.Payload.DateCreatedStr = accResult.DateCreated.ToString();
response.Success = true;
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.UserAccountNotFound, Type = EErrorType.Error, Message = "No user account found for the given session"
});
}
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.InvalidSession, Type = EErrorType.Error, Message = "Invalid session"
});
}
}
catch (Exception ex)
{
_logger.Log(ex);
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.GeneralError,
Type = EErrorType.Error,
Message = string.Format("Unexpected error: {0}", ex.Message)
});
}
return(response);
}
public ResponseBase Any(Login request)
{
LoginResponse response = new LoginResponse();
_logger.Log(EErrorType.Info, " ****** Call start: Login");
try
{
GetUserAccountInfoParams accParams = new GetUserAccountInfoParams();
accParams.AccountKey = null;
accParams.Email = request.Email;
GetUserAccountInfoResult accResult = _dal.GetUserAccountInfo(accParams);
if (accResult != null)
{
string pwdHash = EncodeUtils.GetPasswordHash(request.Pwd);
if (accResult.PwdHash == pwdHash)
{
string sessionId = Guid.NewGuid().ToString();
Interfaces.DAL.SessionInfo sinfo = new Interfaces.DAL.SessionInfo();
sinfo.AccountKey = accResult.AccountKey;
sinfo.SessionStart = DateTime.UtcNow;
sinfo.SessionExpires = DateTime.UtcNow
+ TimeSpan.FromMinutes(ConfigurationManager.AppSettings["SessionExpiresMins"] != null ? Int32.Parse(ConfigurationManager.AppSettings["SessionExpiresMins"]) : 60);
sinfo.SessionId = sessionId;
_dal.InitSession(sinfo);
response.SessionToken = sessionId;
response.Success = true;
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.UserAccountNotFound, Type = EErrorType.Error, Message = "Email / password combination not found"
});
}
}
else
{
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.UserAccountNotFound, Type = EErrorType.Error, Message = "Account not found"
});
}
}
catch (Exception ex)
{
_logger.Log(ex);
response.Success = false;
response.Errors.Add(new Error()
{
Code = EErrorCodes.GeneralError, Type = EErrorType.Error, Message = string.Format("Unexpected error: {0}", ex.Message)
});
}
return(response);
}
