public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req, ILogger log) { log.LogInformation("C# HTTP trigger function processed a request."); string token = req.Query["token"]; // Get token from post data, token from post data string token_in_database = null; //token in database //deserialize and read string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); dynamic data = JsonConvert.DeserializeObject(requestBody); token = token ?? data?.token; DatabaseConnector conn = new DatabaseConnector(); SqlConnection connection = conn.connector("Users"); GenerateResponses Gr = new GenerateResponses(); connection.Open(); //check if token exists SqlCommand cmd = new SqlCommand("select session_token from Users where session_token=@token", connection); cmd.Parameters.AddWithValue("@token", token); SqlDataReader rdr = cmd.ExecuteReader(); while (rdr.Read()) { token_in_database = rdr[0].ToString(); //get token value in database } connection.Close(); if (token_in_database == token) //check if the tokens match { //If tokens match, check if the token is valid Token tk = new Token(); bool isValid = tk.IsTokenValid(token); if (!isValid) //If Token isn't valid remove token { if (DeleteTokenFromDataBase(token, connection)) { return(Gr.NotAcceptable("Token Expired")); } else { return(Gr.InternalServerError("Internal Server error")); } } else //Valid token { return(Gr.OkResponse("Valid Token")); } } else //If token doesn't match remove the token from database { if (DeleteTokenFromDataBase(token, connection)) { return(Gr.NotAcceptable("Invalid Token")); } else { return(Gr.InternalServerError("Internal Server error")); //If Internal server error occurs } } }
public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req, ILogger log) { log.LogInformation("C# HTTP trigger function processed a request.- Verification"); string VerifCode = req.Query["code"]; //Get Verification Code string email = req.Query["email"]; //Get Email string uname = req.Query["uname"]; string pswrd = req.Query["pswrd"]; string fname = req.Query["fname"]; string dptmt = req.Query["dptmt"]; string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); dynamic data = JsonConvert.DeserializeObject(requestBody); VerifCode = VerifCode ?? data?.code; email = email ?? data?.email; uname = uname ?? data?.uname; pswrd = pswrd ?? data?.pswrd; fname = fname ?? data?.fname; dptmt = dptmt ?? data?.dptmt; string[] Data = { email, uname, pswrd, fname, dptmt }; GenerateHash GH = new GenerateHash(); //Object for Hash Generating class string Hash = GH.Generate(email + VerifCode); // Generate SHA256 hash from email and verification code string Hash_val = null; //Initialize Hash_val SqlDataReader rdr; //SQL Data Reader DatabaseConnector DBConn = new DatabaseConnector(); //Database Connection class object SqlConnection connection = DBConn.connector("Users"); //Connect to the Database GenerateResponses Gr = new GenerateResponses(); //Check if connection is null, if null return internal server error since database is not connected if (connection == null) { Gr.InternalServerError("Error connecting to database - Verification"); } // End if database cannot be connected //Open connection connection.Open(); //Console.WriteLine("Hash:" + Hash); //Generate SQL query SqlCommand cmd = new SqlCommand("select OTP_Hash from OTP where OTP_hash=@hash", connection); cmd.Parameters.AddWithValue("@hash", Hash); //Execute query and put data into rdr rdr = cmd.ExecuteReader(); //Read data, get the first data in the array since there's only one coloumn while (rdr.Read()) { Hash_val = rdr[0].ToString(); } rdr.Close(); //Console.WriteLine(Hash_val); //Debug //If Val is null or empty, it means that specific hash doesn't exist and OTP is invalid for that email if (string.IsNullOrEmpty(Hash_val)) { return(Gr.NotAcceptable("Invalid OTP"));// Ends if OTP is invalid } connection.Close(); PushUserData(Data, connection); connection.Open(); //Generate SQL query to delete OTP_Hash from the table cmd = new SqlCommand("delete from OTP where OTP_hash=@hash", connection); cmd.Parameters.AddWithValue("@hash", Hash); cmd.ExecuteNonQuery(); //Execute the command connection.Close(); //Return value return(Gr.OkResponse("Valid OTP")); }