public async Task PostUser([FromBody] JsonDocument request) { JObject jValue = WebMessageHelpers.GetJObjectFromBody(request); User user = new User(0, jValue.GetValue("login").ToString(), jValue.GetValue("password").ToString()); user.AccessLevel = 0; Response.ContentType = "application/json"; byte[] body; user.Password = UserHelpers.HashPassword(user.Login, user.Password); if (_context.User.FirstOrDefault(row => row.Login == user.Login) != null) { Response.StatusCode = 400; body = UserHelpers.DuplicateUserResponse(); await Response.Body.WriteAsync(body, 0, body.Length); return; } _context.User.Add(user); await _context.SaveChangesAsync(); body = UserHelpers.SuccessfulUserAdding(); Response.StatusCode = 200; await Response.Body.WriteAsync(body, 0, body.Length); }
public async Task Login([FromBody] JsonDocument request) { JObject jValue = WebMessageHelpers.GetJObjectFromBody(request); Response.Headers.Add("Access-Control-Allow-Headers", "*"); Response.Headers.Add("Content-Type", "application/json"); User userAuth = new User(0, jValue.GetValue("login").ToString(), jValue.GetValue("password").ToString()); var user = _context.User.FirstOrDefault(row => row.Login == userAuth.Login); byte[] body; if (user != null) { string hashPassword = UserHelpers.HashPassword(userAuth.Login, userAuth.Password); if (user.Password != hashPassword) { Response.StatusCode = 401; body = UserHelpers.WrongPasswordOrLogin(); await Response.Body.WriteAsync(body, 0, body.Length); return; } var logedUser = _context.ActiveUser.FirstOrDefault(row => row.UserId == user.Id); string token = ""; if (logedUser != null) { token = logedUser.Token; } else { token = UserHelpers.GenerateUserToken(); ActiveUser activeUser = new ActiveUser(0, user.Id, token); _context.ActiveUser.Add(activeUser); await _context.SaveChangesAsync(); } body = UserHelpers.SuccessfulLogin(token); Response.StatusCode = 200; await Response.Body.WriteAsync(body, 0, body.Length); } else { Response.StatusCode = 401; body = UserHelpers.WrongPasswordOrLogin(); await Response.Body.WriteAsync(body, 0, body.Length); return; } }
public async Task AttachPupilAccount([FromBody] JsonDocument request) { if (Request.Headers.GetCommaSeparatedValues("Authorization").ToList().Count < 1) { Response.StatusCode = 403; return; } JObject jValue = WebMessageHelpers.GetJObjectFromBody(request); string userLogin = jValue.GetValue("login").ToString(); int pupilId = Int32.Parse(jValue.GetValue("pupilId").ToString()); string token = Request.Headers.GetCommaSeparatedValues("Authorization").ToList().ElementAt(0); if (UserHelpers.GetUser(token, _context).AccessLevel < (int)Permissions.Teacher) { Response.StatusCode = 403; return; } Response.ContentType = "application/json"; byte[] body; var pupil = _context.Pupil.FirstOrDefault(row => row.Id == pupilId); User user = _context.User.FirstOrDefault(row => row.Login == userLogin); if (user == null || pupil == null) { Response.StatusCode = 400; body = UserHelpers.UserOrPupilAbsent(); await Response.Body.WriteAsync(body, 0, body.Length); return; } if (pupil.AccountId != 0) { Response.StatusCode = 400; body = UserHelpers.PupilAlreadySynced(); await Response.Body.WriteAsync(body, 0, body.Length); return; } pupil.AccountId = user.Id; user.AccessLevel = (int)Permissions.Pupil; await _context.SaveChangesAsync(); Response.StatusCode = 200; }
public async Task GetCurriculum(int id, [FromBody] JsonDocument?request) { if (Request.Headers.GetCommaSeparatedValues("Authorization").ToList().Count < 1) { Response.StatusCode = 403; return; } string token = Request.Headers.GetCommaSeparatedValues("Authorization").ToList().ElementAt(0); if (UserHelpers.GetUser(token, _context).AccessLevel < (int)Permissions.Pupil) { Response.StatusCode = 403; return; } if (_context.Form.FirstOrDefault(row => row.Id == id) == null) { Response.StatusCode = 400; return; } DateTime date = DateTime.Now; JObject jValue = WebMessageHelpers.GetJObjectFromBody(request); if (jValue.ContainsKey("date")) { string strDate = jValue.GetValue("date").ToString(); if (!String.IsNullOrWhiteSpace(strDate)) { date = Convert.ToDateTime(strDate); } } Response.Headers.Add("Access-Control-Allow-Headers", "*"); Response.Headers.Add("Content-Type", "application/json"); byte[] body = CuriculumHelpers.GetHomeWork(_context, id, date); await Response.Body.WriteAsync(body, 0, body.Length); }
public async Task DeleteUser([FromBody] JsonDocument request) { byte[] body; JObject jValue = WebMessageHelpers.GetJObjectFromBody(request); string[] token = Request.Headers.GetCommaSeparatedValues("Authorization"); if (token.Count() == 0) { Response.StatusCode = 403; return; } var user = UserHelpers.GetUser(token[0], _context); if (user == null) { Response.StatusCode = 400; return; } var tempLogin = jValue.GetValue("login").ToString(); var tempPassword = jValue.GetValue("password").ToString(); if (user.Login != tempLogin && user.Password != UserHelpers.HashPassword(tempLogin, tempPassword)) { Response.StatusCode = 400; body = UserHelpers.DuplicateUserResponse(); await Response.Body.WriteAsync(body, 0, body.Length); } _context.User.Remove(user); await _context.SaveChangesAsync(); body = UserHelpers.SuccessDeleting(); await Response.Body.WriteAsync(body, 0, body.Length); }