public async Task <IHttpActionResult> Validate(NoncePairDto noncePair)
{
if (ModelState.IsValid)
{
var session = await
db.Sessions.SingleOrDefaultAsync(
QueryHelper.GetSessionObjectValidationQuery(noncePair.Session));
if (session != null)
{
var validator = db.UserPhoneNumberValidators.Where(v => v.UserId == session.User.Id).OrderByDescending(v => v.CreatedAt)
.First();
if (validator.SecurityToken == HasherHelper.sha256_hash(noncePair.Nonce.ToString()))
{
validator.IsValidated = true;
validator.ValidatedAt = DateTime.Now;
return(Ok());
}
return(NotFound()); //Wrong Nonce
}
return(Unauthorized());
}
return(BadRequest());
}
/// <summary>
/// Checks whether token is equal to security token, if yes set the primary phone number with temporary.
/// </summary>
/// <param name="token"></param>
/// <returns>
/// True : if old phone number has replaced with new one.
/// False : if old phone number has not replaced with new one.
/// </returns>
public bool ValidateNewPhoneNumber(AppDbContext db, int token)
{
var validator = db.UserPhoneNumberValidators.Where(v => v.UserId == Id).OrderByDescending(v => v.CreatedAt)
.First();
if (validator.SecurityToken == HasherHelper.sha256_hash(token.ToString()))
{
PhoneNumber = validator.TargetNumber;
validator.IsValidated = true;
validator.ValidatedAt = DateTime.Now;
return(true);
}
return(false);
}
public async Task <IHttpActionResult> Active(NoncePairDto pendingSession)
{
if (ModelState.IsValid)
{
var session =
await db
.Sessions
.Where(QueryHelper.GetPendingSessionQuery(pendingSession))
.SingleOrDefaultAsync();
if (session == null)
{
return(NotFound()); //Wrong Nonce Entered
}
session.User.State = UserState.ACTIVE;
session.User.UpdatedAt = DateTime.Now;
session.ActivationMoment = DateTime.Now;
session.State = SessionState.ACTIVE;
//We add the registered phone number to user's validated phone number.
if (session.User.PhoneNumber != null)
{
var newValidator = new UserPhoneNumberValidator()
{
UserId = session.User.Id,
TargetNumber = session.User.PhoneNumber,
SecurityToken = HasherHelper.sha256_hash(pendingSession.Nonce.ToString()),
IsValidated = true,
CreatedAt = DateTime.Now,
ValidatedAt = DateTime.Now
};
db.UserPhoneNumberValidators.Add(newValidator);
}
await db.SaveChangesAsync();
SessionInfoObject sessionInfo = new SessionInfoObject()
{
SessionKey = session.SessionKey,
SessionId = session.Id
};
return(Ok(sessionInfo));
}
return(BadRequest());
}
public ActionResult Edit(AdminViewModel admin)
{
if (ModelState.IsValid)
{
var adminInDb = db.Admins.SingleOrDefault(s => s.Id == admin.Id);
if (adminInDb != null)
{
adminInDb.Username = admin.Username;
adminInDb.Password = HasherHelper.sha256_hash(admin.Password);
adminInDb.Email = admin.Email;
adminInDb.FirstName = admin.FirstName;
adminInDb.LastName = admin.LastName;
adminInDb.IsCompleted = true;
db.SaveChanges();
return(RedirectToAction("Index", "Home"));
}
}
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "Bad Request"));
}
/// <summary>
/// Set temporary phone number and send security token to the user's new phone number.
/// </summary>
/// <param name="newPhoneNumber"></param>
/// <returns>smsSent</returns>
public bool ChangePhoneNumber(AppDbContext db, string newPhoneNumber)
{
bool smsSent = true;
int nonce = RandomHelper.RandomInt(10000, 99999);
var validator = new UserPhoneNumberValidator()
{
UserId = Id,
TargetNumber = newPhoneNumber,
SecurityToken = HasherHelper.sha256_hash(nonce.ToString()),
IsValidated = false,
CreatedAt = DateTime.Now
};
db.UserPhoneNumberValidators.Add(validator);
if (MessageHelper.SendSMS_K(nonce.ToString(), newPhoneNumber,
MessageHelper.SMSMode.VERIFICATION) != null)
{
smsSent = false;
}
return(smsSent);
}
public async Task <IHttpActionResult> ForgotPasswordReset(
ForgotPasswordValidationDto forgotPasswordValidationDto)
{
if (ModelState.IsValid)
{
User user = await db.Users.SingleOrDefaultAsync(q =>
q.SecurityToken == forgotPasswordValidationDto.ForgetPassCode);
if (user == null)
{
return(NotFound()); //Wrong Code
}
user.Password = HasherHelper.sha256_hash(forgotPasswordValidationDto.Password);
user.SecurityToken = 0;
await db.SaveChangesAsync();
return(Ok());
}
return(BadRequest());
}
public async Task <IHttpActionResult> Create(PhoneNumberValidatorDto phoneNumberValidatorDto)
{
if (ModelState.IsValid)
{
var session = await
db.Sessions.SingleOrDefaultAsync(
QueryHelper.GetSessionObjectValidationQuery(phoneNumberValidatorDto.Session));
if (session != null)
{
var smsSent = true;
int nonce = RandomHelper.RandomInt(10000, 99999);
var validator = new UserPhoneNumberValidator()
{
UserId = session.User.Id,
TargetNumber = phoneNumberValidatorDto.PhoneNumber,
SecurityToken = HasherHelper.sha256_hash(nonce.ToString()),
IsValidated = false,
CreatedAt = DateTime.Now
};
db.UserPhoneNumberValidators.Add(validator);
await db.SaveChangesAsync();
if (MessageHelper.SendSMS_K(nonce.ToString(), phoneNumberValidatorDto.PhoneNumber,
MessageHelper.SMSMode.VERIFICATION) != null)
{
smsSent = false;
}
return(Ok());
}
return(Unauthorized());
}
return(BadRequest());
}
public ActionResult Login(AdminLoginViewModel adminLogin)
{
if (ModelState.IsValid)
{
var admin = db.Admins.SingleOrDefault(a => a.Username == adminLogin.Username);
if (admin != null)
{
if (!admin.IsCompleted)
{
CreateSession(admin);
return(RedirectToAction("Edit"));
}
var hashPassword = HasherHelper.sha256_hash(adminLogin.Password);
if (admin.Password == hashPassword)
{
CreateSession(admin);
if (adminLogin.RememberMe)
{
HttpCookie cookie = new HttpCookie("Login");
cookie.Values.Add("Username", adminLogin.Username);
cookie.Expires.AddDays(15);
Response.Cookies.Add(cookie);
}
return(RedirectToAction("Index", "Home"));
}
}
ModelState.AddModelError(string.Empty, "The user name or password is incorrect.");
return(View(adminLogin));
}
return(View(adminLogin));
}
public async Task <IHttpActionResult> Login(LoginDto loginInfo)
{
if (ModelState.IsValid)
{
User user = null;
var hashPassword = HasherHelper.sha256_hash(loginInfo.Password);
if (!string.IsNullOrEmpty(loginInfo.Email))
{
user = await db.Users.SingleOrDefaultAsync(q =>
q.Email == loginInfo.Email && q.Password == hashPassword);
}
else if (!string.IsNullOrEmpty(loginInfo.PhoneNumber))
{
user = await db.Users.SingleOrDefaultAsync(q =>
q.PhoneNumber == loginInfo.PhoneNumber && q.Password == hashPassword);
}
else
{
return(BadRequest());
}
if (user == null) //Not Registered User - Use Sign up form
{
return(NotFound());
}
switch (user.State)
{
case UserState.ACTIVE:
var sessionKey = RandomHelper.RandomString(32);
Session newSession = new Session()
{
Nonce = null,
State = SessionState.ACTIVE,
InitMoment = DateTime.Now,
ActivationMoment = DateTime.Now,
SessionKey = sessionKey,
FCMToken = loginInfo.FCMToken,
SessionPlatform = (SessionPlatform)loginInfo.SessionPlatform,
UniqueCode = loginInfo.UniqueCode,
User = user
};
db.Sessions.Add(newSession);
await db.SaveChangesAsync();
SessionInfoObject sessionIfInfoObject = new SessionInfoObject()
{
SessionKey = sessionKey,
SessionId = newSession.Id,
};
//OK
return(Ok(sessionIfInfoObject));
case UserState.PENDING: //Not confirmed user
return(Conflict());
case UserState.SUSPENDED:
return(StatusCode(HttpStatusCode.Forbidden));
case UserState.DELETED:
return(StatusCode(HttpStatusCode.Gone));
}
}
return(BadRequest());
}
public async Task <IHttpActionResult> SignUp(UserSignUpEmailViewModel userSignUpEmail)
{
if (ModelState.IsValid)
{
User user = await db.Users.OrderByDescending(v => v.CreatedAt).FirstOrDefaultAsync(q => q.Email == userSignUpEmail.Email);
Session session = null;
var randomNounce = RandomHelper.RandomInt(10000, 99999);
if (user == null || user.State == UserState.DELETED) //New User
{
user = new User()
{
FirstName = userSignUpEmail.FirstName,
LastName = userSignUpEmail.LastName,
PhoneNumber = userSignUpEmail.PhoneNumber,
Email = userSignUpEmail.Email,
Password = HasherHelper.sha256_hash(userSignUpEmail.Password),
CreatedAt = DateTime.Now,
UpdatedAt = DateTime.Now,
State = UserState.PENDING
};
db.Users.Add(user);
session = new Session()
{
Nonce = randomNounce,
State = SessionState.PENDING,
InitMoment = DateTime.Now,
SessionKey = RandomHelper.RandomString(32),
FCMToken = userSignUpEmail.FCMToken,
SessionPlatform = (SessionPlatform)userSignUpEmail.SessionPlatform,
UniqueCode = userSignUpEmail.UniqueCode,
User = user
};
db.Sessions.Add(session);
await db.SaveChangesAsync();
}
else
{
if (user.State == UserState.PENDING) //multiple requests
{
db.Sessions
.Where(q => q.UniqueCode == userSignUpEmail.UniqueCode)
.Where(q => q.State == SessionState.PENDING)
.ToList()
.ForEach(q => q.State = SessionState.ABOLISHED);
session = new Session()
{
Nonce = randomNounce,
State = SessionState.PENDING,
InitMoment = DateTime.Now,
SessionKey = RandomHelper.RandomString(32),
FCMToken = userSignUpEmail.FCMToken,
SessionPlatform = (SessionPlatform)userSignUpEmail.SessionPlatform,
UniqueCode = userSignUpEmail.UniqueCode,
User = user
};
db.Sessions.Add(session);
await db.SaveChangesAsync();
}
else if (user.State == UserState.ACTIVE) //already registered user - use login form
{
return(Conflict());
}
else if (user.State == UserState.SUSPENDED) //this user has been suspended
{
return(StatusCode(HttpStatusCode.Forbidden));
}
}
var receptor = userSignUpEmail.Email;
var token = randomNounce.ToString();
MessageHelper.CodeVerificationEmail(token, receptor, MessageHelper.EmailMode.VERIFICATION);
return(Json(new
{
SessionId = session?.Id ?? -1
}));
}
return(BadRequest());
}
public async Task <IHttpActionResult> SignUp(UserSignUpViewModel userSignUp)
{
if (ModelState.IsValid)
{
User user = null;
if (!string.IsNullOrEmpty(userSignUp.PhoneNumber))
{
user = await db.Users.OrderByDescending(v => v.CreatedAt).FirstOrDefaultAsync(q => q.PhoneNumber == userSignUp.PhoneNumber);
}
else if (!string.IsNullOrEmpty(userSignUp.Email))
{
user = await db.Users.OrderByDescending(v => v.CreatedAt).FirstOrDefaultAsync(q => q.Email == userSignUp.Email);
}
else
{
return(BadRequest());
}
Session session = null;
var randomNonce = RandomHelper.RandomInt(10000, 99999);
if (user == null || user.State == UserState.DELETED) //New User
{
user = new User()
{
FirstName = userSignUp.FirstName,
LastName = userSignUp.LastName,
PhoneNumber = userSignUp.PhoneNumber,
Email = userSignUp.Email,
Password = HasherHelper.sha256_hash(userSignUp.Password),
CreatedAt = DateTime.Now,
UpdatedAt = DateTime.Now,
State = UserState.PENDING
};
db.Users.Add(user);
session = new Session()
{
Nonce = randomNonce,
State = SessionState.PENDING,
InitMoment = DateTime.Now,
SessionKey = RandomHelper.RandomString(32),
FCMToken = userSignUp.FCMToken,
SessionPlatform = (SessionPlatform)userSignUp.SessionPlatform,
UniqueCode = userSignUp.UniqueCode,
User = user
};
db.Sessions.Add(session);
await db.SaveChangesAsync();
}
else
{
if (user.State == UserState.PENDING) //multiple requests
{
// We abolish the old sessions first, then we create new sessions
db.Sessions
.Where(q => q.UniqueCode == userSignUp.UniqueCode)
.Where(q => q.State == SessionState.PENDING)
.ToList()
.ForEach(q => q.State = SessionState.ABOLISHED);
session = new Session()
{
Nonce = randomNonce,
State = SessionState.PENDING,
InitMoment = DateTime.Now,
SessionKey = RandomHelper.RandomString(32),
FCMToken = userSignUp.FCMToken,
SessionPlatform = (SessionPlatform)userSignUp.SessionPlatform,
UniqueCode = userSignUp.UniqueCode,
User = user
};
db.Sessions.Add(session);
user.FirstName = userSignUp.FirstName;
user.LastName = userSignUp.LastName;
user.PhoneNumber = userSignUp.PhoneNumber;
user.Email = userSignUp.Email;
user.Password = HasherHelper.sha256_hash(userSignUp.Password);
user.UpdatedAt = DateTime.Now;
await db.SaveChangesAsync();
}
else if (user.State == UserState.ACTIVE) //already registered user - use login form
{
return(Conflict());
}
else if (user.State == UserState.SUSPENDED) //this phonenumber/email has been suspended
{
return(StatusCode(HttpStatusCode.Forbidden));
}
}
var receptorPhone = userSignUp.PhoneNumber;
var receptorMail = userSignUp.Email;
var token = randomNonce.ToString();
if (receptorMail != null) //Mail
{
MessageHelper.CodeVerificationEmail(token, receptorMail, MessageHelper.EmailMode.VERIFICATION);
}
if (receptorPhone != null)
{
if (MessageHelper.SendSMS_K(token, receptorPhone, MessageHelper.SMSMode.VERIFICATION) != null) //SMS
{
return(InternalServerError());
}
}
return(Json(new
{
SessionId = session?.Id ?? -1,
SessionKey = session?.SessionKey ?? null
}));
}
return(BadRequest());
}