public HttpResponseMessage Register1(String hsId, [FromBody] UserAuthenticationRequest hsRequest)
        {
            dynamic             eo  = new ExpandoObject();
            HttpResponseMessage hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("Client Handshake is Not Authorized"));
            var e = new CCHEncrypt();

            if (ValidateConsumer.IsValidConsumer(hsId))
            {
                hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("User was Not Found"));

                if (RegDateOfBirth.IsMatch(hsRequest.DateOfBirth))
                {
                    using (var gefae = new GetEnrollmentsForAllEmployers()) {
                        hsRequest.LastFourSsn = hsRequest.LastFourSsn.Trim().Length > 4
                            ? hsRequest.LastFourSsn.Substring(hsRequest.LastFourSsn.Length - 4, 4)
                            : hsRequest.LastFourSsn;

                        gefae.LastName = hsRequest.LastName;
                        gefae.LastFour = hsRequest.LastFourSsn;
                        //DateTime birthDate = DateTime.Parse(hsRequest.DateOfBirth);
                        //gefae.DateOfBirth = string.Format("{0}-{1}-{2}", birthDate.Year, birthDate.Month, birthDate.Day);
                        gefae.DateOfBirth = hsRequest.DateOfBirth;
                        gefae.GetFrontEndData();

                        if (gefae.Tables.Count > 0 &&
                            gefae.Tables[0].Rows.Count > 0)
                        {
                            DataRow dr         = gefae.Tables[0].Rows[0];
                            int     cchid      = dr.GetData <int>("CCHID");
                            int     employerId = dr.GetData <int>("employerid");
                            string  connString = dr.GetData("connectionstring");

                            //UserAccess Check dstrickland 7/8/2015
                            using (var cpaa = new CheckPersonApplicationAccess(cchid, connString)) {
                                if (!cpaa.HasAccess)
                                {
                                    return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                       new Exception(cpaa.ErrorMessage)));
                                }
                            }

                            e.UserKey   = Request.EncryptionKey();
                            e.SecretKey = Properties.Settings.Default.SecretKey;
                            e.Add("CCHID", cchid.ToString(CultureInfo.InvariantCulture));
                            e.Add("EmployerID", employerId.ToString(CultureInfo.InvariantCulture));
                            e.Add("UserID", hsId);

                            ((IDictionary <string, object>)eo)["AuthHash"] = e.ToString();
                            hrm = Request.CreateResponse(HttpStatusCode.OK, (eo as ExpandoObject));

                            //LogUserLoginHistory(null, cchid, connString);
                        }
                    }
                }
            }
            return(hrm);
        }
        public HttpResponseMessage GetMemberAuthorization(int employerId, int cchId, String hsId)
        {
            dynamic             eo  = new ExpandoObject();
            HttpResponseMessage hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                  new Exception("Client Handshake is Not Authorized"));
            var e = new CCHEncrypt();

            if (ValidateConsumer.IsValidConsumer(hsId))
            {
                hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                  new Exception("Member with CCH ID was Not Found"));

                using (GetEmployerConnString gecs = new GetEmployerConnString(employerId)) {
                    //UserAccess Check dstrickland 7/8/2015
                    using (var cpaa = new CheckPersonApplicationAccess(cchId, gecs.ConnString)) {
                        if (!cpaa.HasAccess)
                        {
                            return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                               new Exception(cpaa.ErrorMessage)));
                        }
                    }

                    using (GetKeyEmployeeInfoByCchId gkeibc = new GetKeyEmployeeInfoByCchId()) {
                        gkeibc.CchId = cchId;
                        gkeibc.GetData(gecs.ConnString);

                        if (gkeibc.Tables.Count > 0 && gkeibc.Tables[0].Rows.Count > 0)
                        {
                            e.UserKey   = Request.EncryptionKey();
                            e.SecretKey = Properties.Settings.Default.SecretKey;
                            e.Add("CCHID", cchId.ToString());
                            e.Add("EmployerID", employerId.ToString());
                            e.Add("UserID", hsId);

                            ((IDictionary <string, object>)eo)["AuthHash"] = e.ToString();
                            hrm = Request.CreateResponse(HttpStatusCode.OK, (eo as ExpandoObject));

                            //InsertAuditTrail(cchId, hsId,
                            //    "Animation CCHID Login", Request.RequestUri.Host, gecs.ConnString);

                            string userName = gkeibc.Tables[0].Rows[0].GetData("Email");
                            //LogUserLoginHistory(userName, cchId, gecs.ConnString);
                        }
                    }
                }
            }
            return(hrm);
        }
        public HttpResponseMessage PostHash(String hsID, [FromBody] HandshakeRequest hsRequest)
        {
            Handshake  h = new Handshake();
            Boolean    providerActive = false, providerIsPartner = false;
            int        employerID = 0;
            string     cnxString  = "";
            CCHEncrypt e          = new CCHEncrypt();

            using (ValidateMobilePartner vmp = new ValidateMobilePartner(hsID, hsRequest.OrganizationID))
            {
                vmp.ForEachProvider(delegate(Boolean valid, Boolean isPartner, int empId, string cnx, string un)
                {
                    providerActive    = valid;
                    providerIsPartner = isPartner;
                    employerID        = empId;
                    cnxString         = cnx;
                    Request.UserName(un);
                    MembershipUser mu = Membership.GetUser(un, true);
                    Request.UserID(mu.ProviderUserKey.ToString());
                });
            }

            if (providerActive && providerIsPartner)
            {
                e.UserKey   = Request.EncryptionKey();
                e.SecretKey = Properties.Settings.Default.SecretKey;
                e.Add("UserID", Request.UserID());

                e.Add("EmployerID", employerID.ToString());
                using (GetPartnerEmployeeInfoByName gpeibn = new GetPartnerEmployeeInfoByName())
                {
                    gpeibn.FirstName           = hsRequest.FirstName;
                    gpeibn.LastName            = hsRequest.LastName;
                    gpeibn.DOB                 = hsRequest.DOB;
                    gpeibn.SubscriberMedicalID = hsRequest.MedicalID;
                    //gpeibn.RelationshipCode = hsRequest.RelationshipCode;

                    gpeibn.GetData(cnxString);

                    if (gpeibn.Tables.Count == 0 ||
                        gpeibn.Tables[0].Rows.Count == 0 ||
                        gpeibn.Tables[0].Rows[0][0].ToString() == string.Empty)
                    {
                        return(Request.CreateErrorResponse(HttpStatusCode.NoContent, new Exception("User Not Found")));
                    }

                    //UserAccess Check dstrickland 7/8/2015
                    using (var cpaa = new CheckPersonApplicationAccess(gpeibn.CCHID, cnxString))
                    {
                        if (!cpaa.HasAccess)
                        {
                            return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                               new Exception(cpaa.ErrorMessage)));
                        }
                    }

                    e.Add("CCHID", gpeibn.CCHID.ToString());
                    gpeibn.ForEach <Handshake.EmployeeInfoData>(
                        delegate(Handshake.EmployeeInfoData eid)
                    {
                        h.EmployeeInfo = eid;
                    }
                        );

                    //CreateLoginAudit(Request.UserName(), Request.RequestUri.Host.ToString(), gpeibn.CCHID, cnxString);
                    using (InsertUserLoginHistory iulh = new InsertUserLoginHistory())
                    {
                        iulh.UserName         = Request.UserName();
                        iulh.CCHID            = gpeibn.CCHID;
                        iulh.Domain           = Request.RequestUri.Host;
                        iulh.CchApplicationId = 2;  // 1 is for Transparency App; 2 is for HR App
                        iulh.PostData(cnxString);
                    }
                }

                h.AuthHash = e.ToString();
                return(this.Request.CreateResponse <Handshake>(HttpStatusCode.OK, h));
            }
            else
            {
                return(this.Request.CreateResponse(HttpStatusCode.Unauthorized));
            }
        }
Exemplo n.º 4
0
        public HttpResponseMessage GetHash(String hsID)
        {
            HandshakeMobile h = new HandshakeMobile();
            Boolean         providerActive = false;
            CCHEncrypt      e = new CCHEncrypt();

            using (ValidateMobileProvider vmp = new ValidateMobileProvider(hsID))
                vmp.ForEachProvider(delegate(Boolean valid) { if (valid)
                                                              {
                                                                  providerActive = true;
                                                              }
                                    });

            if (providerActive)
            {
                e.UserKey   = Request.EncryptionKey();
                e.SecretKey = Properties.Settings.Default.SecretKey;
                e.Add("UserID", Request.UserID());

                using (GetKeyUserInfo gkui = new GetKeyUserInfo(Request.UserName()))
                {
                    e.Add("EmployerID", gkui.EmployerID);
                    h.EmployerName = gkui.EmployerName;
                    using (GetKeyEmployeeInfo gkei = new GetKeyEmployeeInfo())
                    {
                        //UserAccess Check dstrickland 7/8/2015
                        using (var cpaa = new CheckPersonApplicationAccess(gkei.CCHID, gkui.CnxString))
                        {
                            if (!cpaa.HasAccess)
                            {
                                return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                   new Exception(cpaa.ErrorMessage)));
                            }
                        }

                        gkei.Email = Request.UserName();
                        gkei.GetData(gkui.CnxString);
                        e.Add("CCHID", gkei.CCHID.ToString());
                        gkei.ForEach <HandshakeMobile.EmployeeInfoData>(
                            delegate(HandshakeMobile.EmployeeInfoData eid)
                        {
                            h.EmployeeInfo = eid;
                        }
                            );
                    }
                }

                using (GetEmployerConnString gecs = new GetEmployerConnString(Convert.ToInt32(e["EmployerID"])))
                {
                    using (InsertUserLoginHistory iulh = new InsertUserLoginHistory())
                    {
                        iulh.UserName         = Request.UserName();
                        iulh.Domain           = Request.RequestUri.Host;
                        iulh.CchApplicationId = 2;  // 1 is for Transparency App; 2 is for HR App
                        iulh.PostData(gecs.ConnString);
                    }
                }

                h.AuthHash = e.ToString();
                return(this.Request.CreateResponse <HandshakeMobile>(HttpStatusCode.OK, h));
            }
            else
            {
                return(this.Request.CreateResponse(HttpStatusCode.NoContent));
            }
        }
Exemplo n.º 5
0
        public HttpResponseMessage GetAuthMemberData(String hsId, [FromBody] AuthMemberDataRequest hsRequest)
        {
            HttpResponseMessage hrm = Request.CreateResponse(HttpStatusCode.Unauthorized);
            var e = new CCHEncrypt();

            if (ValidateConsumer.IsValidConsumer(hsId))
            {
                hrm = Request.CreateErrorResponse(HttpStatusCode.NoContent, new Exception("User Not Found"));

                using (var gefae = new GetEnrollmentsForAllEmployers())
                {
                    gefae.LastName    = hsRequest.LastName;
                    gefae.LastFour    = hsRequest.LastFourSsn;
                    gefae.DateOfBirth = hsRequest.DateOfBirth;
                    gefae.GetFrontEndData();

                    if (gefae.Tables.Count > 0 &&
                        gefae.Tables[0].Rows.Count > 0)
                    {
                        DataRow dr         = gefae.Tables[0].Rows[0];
                        int     cchid      = dr.GetData <int>("CCHID");
                        string  cnxString  = dr.GetData("ConnectionString");
                        int     employerId = dr.GetData <int>("employerid");

                        //UserAccess Check dstrickland 7/7/2015
                        using (var cpaa = new CheckPersonApplicationAccess(cchid, cnxString))
                        {
                            if (!cpaa.HasAccess)
                            {
                                return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                   new Exception(cpaa.ErrorMessage)));
                            }
                        }

                        e.UserKey   = Request.EncryptionKey();
                        e.SecretKey = Properties.Settings.Default.SecretKey;
                        e.Add("CCHID", cchid.ToString(CultureInfo.InvariantCulture));
                        e.Add("EmployerID", employerId.ToString(CultureInfo.InvariantCulture));

                        string authHash = e.ToString();

                        if (employerId > 0)
                        {
                            CreateLoginAudit(hsId,
                                             Request.RequestUri.Host.ToString(CultureInfo.InvariantCulture),
                                             cchid, cnxString);

                            hrm = Request.CreateErrorResponse(HttpStatusCode.NoContent, new Exception("Video Data Not Found"));

                            using (var gvcmi = new GetVideoCampaignMemberIdByCchId())
                            {
                                gvcmi.CampaignId = hsRequest.CampaignId;
                                gvcmi.CchId      = cchid;
                                gvcmi.GetData(cnxString);

                                if (!gvcmi.HasThrownError && !string.IsNullOrEmpty(gvcmi.VideoCampaignMemberId))
                                {
                                    using (var gvcmd = new GetVideoCampaignMemberDataById())
                                    {
                                        gvcmd.VideoCampaignMemberId = gvcmi.VideoCampaignMemberId;
                                        gvcmd.GetData(cnxString);

                                        if (!gvcmd.HasThrownError)
                                        {
                                            string videoMemberData = gvcmd.VideoMemberData;

                                            string resultset =
                                                string.Format("\"AuthHash\":\"{0}\",\"MemberData\":{1}",
                                                              authHash, videoMemberData);
                                            resultset = string.Concat("{", resultset, "}");

                                            hrm = new HttpResponseMessage(HttpStatusCode.OK)
                                            {
                                                RequestMessage = Request,
                                                Content        = new StringContent(resultset),
                                                StatusCode     = HttpStatusCode.OK
                                            };
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            return(hrm);
        }
        public HttpResponseMessage Login(String hsId, [FromBody] UserAuthenticationRequest hsRequest)
        {
            var     hrm  = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("Client Handshake is Not Authorized"));
            var     e    = new CCHEncrypt();
            dynamic data = new ExpandoObject();

            if (!ValidateConsumer.IsValidConsumer(hsId))
            {
                LogUtil.Log(string.Format("Login failed. Inavlid Handshake Id {0}", hsId), LogLevel.Info);
                return(hrm);
            }

            hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("User Name and Password Do Not Match"));

            if (!Membership.ValidateUser(hsRequest.UserName, hsRequest.Password))
            {
                // This can also happen if the account is locked.  Check to see if it is locked
                // and return an appropriate error message.
                if (IsUserLocked(hsRequest.UserName))
                {
                    LogUtil.Log(string.Format("Login failed for user {0}.  Account is locked.",
                                              hsRequest.UserName), LogLevel.Info);
                    hrm = Request.CreateErrorResponse(HttpStatusCode.Forbidden, new Exception("Account locked"));
                }
                else
                {
                    LogUtil.Log(string.Format("Login failed for user {0}.  Credentials failed membership validation.",
                                              hsRequest.UserName), LogLevel.Info);
                }
                return(hrm);
            }

            using (var employerDb = new DataBase(EMPLOYER_QUERY, true)) {
                employerDb.AddParameter("Email", hsRequest.UserName);
                employerDb.GetFrontEndData();

                hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                  new Exception("User Profile was Not Found"));

                if (employerDb.Tables.Count < 1 || employerDb.Tables[0].Rows.Count < 1)
                {
                    LogUtil.Log(string.Format("Login failed for user {0}.  User Profile was not found.",
                                              hsRequest.UserName), LogLevel.Info);
                    return(hrm);
                }

                e.Add("EmployerID", employerDb.Tables[0].Rows[0].GetData("employerId"));

                using (var gkei = new GetKeyEmployeeInfo()) {
                    gkei.Email = hsRequest.UserName;
                    string cnxString = employerDb.Tables[0].Rows[0].GetData("connectionString");

                    gkei.GetData(cnxString);

                    hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                      new Exception("Employee Info on User Name was Not Found"));

                    if (gkei.Tables.Count < 1 || gkei.Tables[0].Rows.Count < 1)
                    {
                        LogUtil.Log(string.Format("Login failed for user {0}.  Employee Info was not found.",
                                                  hsRequest.UserName), LogLevel.Info);
                        return(hrm);
                    }

                    //UserAccess Check dstrickland 7/7/2015
                    using (var cpaa = new CheckPersonApplicationAccess(gkei.CCHID, cnxString)) {
                        if (!cpaa.HasAccess)
                        {
                            LogUtil.Log(string.Format("Login failed for user {0}.  User does not have acces to AppId 2.",
                                                      hsRequest.UserName), LogLevel.Info);
                            return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                               new Exception(cpaa.ErrorMessage)));
                        }
                    }

                    var firstName      = gkei.Tables[0].Rows[0].GetData("FirstName");
                    var lastName       = gkei.Tables[0].Rows[0].GetData("LastName");
                    var fullName       = string.Format("{0} {1}", firstName, lastName);
                    var mobilePhone    = gkei.Tables[0].Rows[0].GetData("MobilePhone");
                    var alternatePhone = gkei.Tables[0].Rows[0].GetData("Phone");

                    using (var gucp = new GetUserContentPreference()) {
                        gucp.CCHID = gkei.CCHID;
                        gucp.GetData(cnxString);

                        data.SmsInd           = gucp.SmsInd;
                        data.EmailInd         = gucp.EmailInd;
                        data.OsBasedAlertInd  = gucp.OsBasedAlertInd;
                        data.LocaleCode       = gucp.LocaleCode;
                        data.PreferredContact = gucp.ContactPhoneNumber;

                        hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);
                    }

                    var membershipUser = Membership.GetUser(hsRequest.UserName);
                    if (membershipUser != null && membershipUser.ProviderUserKey != null)
                    {
                        e.UserKey   = Request.EncryptionKey();
                        e.SecretKey = Properties.Settings.Default.SecretKey;
                        e.Add("UserName", hsRequest.UserName);
                        e.Add("CCHID", gkei.CCHID.ToString());

                        string aspUserId = membershipUser.ProviderUserKey.ToString();
                        e.Add("UserID", aspUserId);
                        string authHash = e.ToString();

                        data.AuthHash       = authHash;
                        data.UserName       = hsRequest.UserName;
                        data.DisplayName    = fullName;
                        data.MobilePhone    = mobilePhone;
                        data.AlternatePhone = alternatePhone;
                        data.Question       = membershipUser.PasswordQuestion;

                        hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);

                        LogUserLoginHistory(hsRequest.UserName, gkei.CCHID, cnxString);

                        //Load accumulations for all dependents
                        Task.Run(async() => await LoadEmployeeAndDependentsAccumulationsAsync(
                                     Int32.Parse(employerDb.Tables[0].Rows[0].GetData("employerId")),
                                     Int32.Parse(gkei.CCHID.ToString())));
                    }
                }
            }

            return(hrm);
        }