public IActionResult DownloadFile(string id) { try { string urlEnc = Encryption.SymmetricDecrypt(id); Guid decId = Guid.Parse(urlEnc); var subId = _submissionService.GetSubmission(decId); string absolutePath = @"ValuableFiles\" + subId.file; FileStream fs = new FileStream(absolutePath, FileMode.Open, FileAccess.Read); MemoryStream ms = new MemoryStream(); fs.CopyTo(ms); var member = _membersService.GetMember(subId.email); MemoryStream downloadedFile = Encryption.HybridDecrypt(ms, member.PrivateKey); return(File(downloadedFile, "application/ocet-stream", Guid.NewGuid() + ".pdf")); } catch (Exception ex) { _logger.LogError(ex.Message + " ip: " + GetIpAddress() + " | Timestamp: " + DateTime.Now + " | Email: " + User.Identity.Name); return(RedirectToAction("Error")); } }
public IActionResult Download(string idEnc) { string idDec = Encryption.SymmetricDecrypt(idEnc); Guid id = Guid.Parse(idDec); IPHostEntry ipEntry = Dns.GetHostEntry(Dns.GetHostName()); IPAddress[] addr = ipEntry.AddressList; var sub = _subService.GetSubmission(id); string absolutePath = @"ValuableFiles\" + sub.File; FileStream fs = new FileStream(absolutePath, FileMode.Open, FileAccess.Read); MemoryStream toDownload = new MemoryStream(); fs.CopyTo(toDownload); string email = sub.Email; var member = _memService.GetMember(email); bool pass = Encryption.VerifyData(toDownload, member.PublicKey, sub.Signature); MemoryStream actualFile = Encryption.HybridDecrypt(toDownload, member.PrivateKey); if (pass == true) { _logger.LogInformation("IP: " + addr[1].ToString() + "\nTime: " + DateTime.Now + "\nUser: "******"\nPDF downloaded"); return(File(actualFile, "application/octet-stream", Guid.NewGuid() + ".pdf")); } else { _logger.LogError("IP: " + addr[1].ToString() + "\nTime: " + DateTime.Now + "\nUser: "******"\nSomething went wrong"); ModelState.AddModelError("", "Something went wrong"); return(View()); } }
public IActionResult Create(string idEnc, CommentViewModel data) { IPHostEntry ipEntry = Dns.GetHostEntry(Dns.GetHostName()); IPAddress[] addr = ipEntry.AddressList; string idDec = Encryption.SymmetricDecrypt(idEnc); Guid id = Guid.Parse(idDec); data.Submission = _subService.GetSubmission(id); data.Email = User.Identity.Name; if (ModelState.IsValid) { _comService.AddComment(data); _logger.LogInformation("IP: " + addr[1].ToString() + "\nTime: " + DateTime.Now + "\nUser: "******"\nComment was added successfully"); TempData["feedback"] = "Comment was added successfully"; ModelState.Clear(); } else { _logger.LogError("IP: " + addr[1].ToString() + "\nTime: " + DateTime.Now + "\nUser: "******"\nError while adding product to Database"); TempData["warning"] = "Error while adding product to Database"; } CommentViewModel myModel = new CommentViewModel(); myModel.SubmissionId = idEnc; var comments = _comService.GetComments(id); ViewBag.Comments = comments; return(View(myModel)); }
public override void OnActionExecuting(ActionExecutingContext context) { try { string idDec = Encryption.SymmetricDecrypt(context.ActionArguments["idEnc"].ToString()); Guid id = Guid.Parse(idDec); string email = context.HttpContext.User.Identity.Name; ISubmissionsService subService = (ISubmissionsService)context.HttpContext.RequestServices.GetService(typeof(ISubmissionsService)); var sub = subService.GetSubmission(id); if (sub.Email == email || sub.Task.Email == email) { } else { context.Result = new UnauthorizedObjectResult("Access Denied"); } } catch (Exception ex) { context.Result = new BadRequestObjectResult("Bad Request"); } }
public IActionResult Create(CommentViewModel data, string id) { try { string urlEnc = Encryption.SymmetricDecrypt(id); Guid decId = Guid.Parse(urlEnc); var comments = _commentService.GetComments(decId); ViewBag.Comments = comments; DateTime createdDate = DateTime.Now; string commenterEmail = User.Identity.Name; data.submission = _submissionService.GetSubmission(decId); _commentService.AddComment(data, createdDate, commenterEmail); TempData["Message"] = "Comment posted successfully"; return(View()); } catch (Exception ex) { _logger.LogError(ex.Message + " ip: " + GetIpAddress() + " | Timestamp: " + DateTime.Now + " | Email: " + User.Identity.Name); return(RedirectToAction("Error")); } }
public override void OnActionExecuting(ActionExecutingContext context) { try { string urlEnc = Encryption.SymmetricDecrypt(context.ActionArguments["id"].ToString()); Guid decId = Guid.Parse(urlEnc); var currentLoggedInUser = context.HttpContext.User.Identity.Name; ISubmissionsService subService = (ISubmissionsService)context.HttpContext.RequestServices.GetService(typeof(ISubmissionsService)); var submission = subService.GetSubmission(decId); if (submission.email != currentLoggedInUser && submission.task.email != currentLoggedInUser) { context.Result = new UnauthorizedObjectResult("Access Denied"); } } catch (Exception ex) { context.Result = new BadRequestObjectResult("Bad Request"); } }