public HttpResponseMessage PasswordReset0(UserAuthenticationRequest request)
        {
            var     e    = new CCHEncrypt();
            dynamic data = new ExpandoObject();

            using (GetUserProfileByEmail gupbe = new GetUserProfileByEmail()) {
                gupbe.Email = request.UserName;
                gupbe.GetFrontEndData();

                int employerId = Convert.ToInt32(gupbe.EmployerId);

                using (GetEmployerConnString gecs = new GetEmployerConnString(employerId)) {
                    using (GetKeyEmployeeInfo gkei = new GetKeyEmployeeInfo()) {
                        gkei.Email = request.UserName;
                        gkei.GetData(gecs.ConnString);

                        if (gkei.Tables.Count > 0 && gkei.Tables[0].Rows.Count > 0)
                        {
                            int cchId = gkei.Tables[0].Rows[0].GetData <int>("CCHID");

                            using (GetUserContentPreference gucp = new GetUserContentPreference()) {
                                gucp.CCHID = cchId;
                                gucp.GetData(gecs.ConnString);

                                data.ContactPhoneNumber = gucp.ContactPhoneNumber;
                            }

                            using (GetEmployeeByCchIdForCallCenter gebcfcc = new GetEmployeeByCchIdForCallCenter()) {
                                gebcfcc.CchId = cchId;
                                gebcfcc.GetData(gecs.ConnString);

                                if (request.UserName.ToLower() == gebcfcc.Email.ToLower() &&
                                    request.FullSsn.Trim() == gebcfcc.MemberFullSsn)
                                {
                                    var membershipUser = Membership.GetUser(request.UserName);
                                    if (membershipUser != null)
                                    {
                                        if (membershipUser.ProviderUserKey != null)
                                        {
                                            e.UserKey   = Request.EncryptionKey();
                                            e.SecretKey = Properties.Settings.Default.SecretKey;
                                            e.Add("UserName", request.UserName);
                                            e.Add("CCHID", gkei.CCHID.ToString());
                                            e.Add("EmployerID", employerId.ToString());

                                            string aspUserId = membershipUser.ProviderUserKey.ToString();
                                            e.Add("UserID", aspUserId);
                                            data.AuthHash = e.ToString();

                                            data.Question = membershipUser.PasswordQuestion;
                                            data.Success  = true;
                                        }
                                        else
                                        {
                                            data.Fail         = true;
                                            data.ErrorMessage = "Provider User Key does Not Exist";
                                        }
                                    }
                                    else
                                    {
                                        data.Fail         = true;
                                        data.ErrorMessage = "Member Account does Not Exist";
                                    }
                                }
                                else
                                {
                                    data.Fail         = true;
                                    data.ErrorMessage = "Email or SSN does Not Match";
                                }
                            }
                        }
                        else
                        {
                            data.Fail         = true;
                            data.ErrorMessage = "Key Employee Info is Missing";
                        }
                    }
                }
            }
            HttpResponseMessage hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);

            return(hrm);
        }
Exemplo n.º 2
0
        public HttpResponseMessage GetHash(String hsID)
        {
            HandshakeMobile h = new HandshakeMobile();
            Boolean         providerActive = false;
            CCHEncrypt      e = new CCHEncrypt();

            using (ValidateMobileProvider vmp = new ValidateMobileProvider(hsID))
                vmp.ForEachProvider(delegate(Boolean valid) { if (valid)
                                                              {
                                                                  providerActive = true;
                                                              }
                                    });

            if (providerActive)
            {
                e.UserKey   = Request.EncryptionKey();
                e.SecretKey = Properties.Settings.Default.SecretKey;
                e.Add("UserID", Request.UserID());

                using (GetKeyUserInfo gkui = new GetKeyUserInfo(Request.UserName()))
                {
                    e.Add("EmployerID", gkui.EmployerID);
                    h.EmployerName = gkui.EmployerName;
                    using (GetKeyEmployeeInfo gkei = new GetKeyEmployeeInfo())
                    {
                        //UserAccess Check dstrickland 7/8/2015
                        using (var cpaa = new CheckPersonApplicationAccess(gkei.CCHID, gkui.CnxString))
                        {
                            if (!cpaa.HasAccess)
                            {
                                return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                                   new Exception(cpaa.ErrorMessage)));
                            }
                        }

                        gkei.Email = Request.UserName();
                        gkei.GetData(gkui.CnxString);
                        e.Add("CCHID", gkei.CCHID.ToString());
                        gkei.ForEach <HandshakeMobile.EmployeeInfoData>(
                            delegate(HandshakeMobile.EmployeeInfoData eid)
                        {
                            h.EmployeeInfo = eid;
                        }
                            );
                    }
                }

                using (GetEmployerConnString gecs = new GetEmployerConnString(Convert.ToInt32(e["EmployerID"])))
                {
                    using (InsertUserLoginHistory iulh = new InsertUserLoginHistory())
                    {
                        iulh.UserName         = Request.UserName();
                        iulh.Domain           = Request.RequestUri.Host;
                        iulh.CchApplicationId = 2;  // 1 is for Transparency App; 2 is for HR App
                        iulh.PostData(gecs.ConnString);
                    }
                }

                h.AuthHash = e.ToString();
                return(this.Request.CreateResponse <HandshakeMobile>(HttpStatusCode.OK, h));
            }
            else
            {
                return(this.Request.CreateResponse(HttpStatusCode.NoContent));
            }
        }
        public HttpResponseMessage Login(String hsId, [FromBody] UserAuthenticationRequest hsRequest)
        {
            var     hrm  = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("Client Handshake is Not Authorized"));
            var     e    = new CCHEncrypt();
            dynamic data = new ExpandoObject();

            if (!ValidateConsumer.IsValidConsumer(hsId))
            {
                LogUtil.Log(string.Format("Login failed. Inavlid Handshake Id {0}", hsId), LogLevel.Info);
                return(hrm);
            }

            hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new Exception("User Name and Password Do Not Match"));

            if (!Membership.ValidateUser(hsRequest.UserName, hsRequest.Password))
            {
                // This can also happen if the account is locked.  Check to see if it is locked
                // and return an appropriate error message.
                if (IsUserLocked(hsRequest.UserName))
                {
                    LogUtil.Log(string.Format("Login failed for user {0}.  Account is locked.",
                                              hsRequest.UserName), LogLevel.Info);
                    hrm = Request.CreateErrorResponse(HttpStatusCode.Forbidden, new Exception("Account locked"));
                }
                else
                {
                    LogUtil.Log(string.Format("Login failed for user {0}.  Credentials failed membership validation.",
                                              hsRequest.UserName), LogLevel.Info);
                }
                return(hrm);
            }

            using (var employerDb = new DataBase(EMPLOYER_QUERY, true)) {
                employerDb.AddParameter("Email", hsRequest.UserName);
                employerDb.GetFrontEndData();

                hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                  new Exception("User Profile was Not Found"));

                if (employerDb.Tables.Count < 1 || employerDb.Tables[0].Rows.Count < 1)
                {
                    LogUtil.Log(string.Format("Login failed for user {0}.  User Profile was not found.",
                                              hsRequest.UserName), LogLevel.Info);
                    return(hrm);
                }

                e.Add("EmployerID", employerDb.Tables[0].Rows[0].GetData("employerId"));

                using (var gkei = new GetKeyEmployeeInfo()) {
                    gkei.Email = hsRequest.UserName;
                    string cnxString = employerDb.Tables[0].Rows[0].GetData("connectionString");

                    gkei.GetData(cnxString);

                    hrm = Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                      new Exception("Employee Info on User Name was Not Found"));

                    if (gkei.Tables.Count < 1 || gkei.Tables[0].Rows.Count < 1)
                    {
                        LogUtil.Log(string.Format("Login failed for user {0}.  Employee Info was not found.",
                                                  hsRequest.UserName), LogLevel.Info);
                        return(hrm);
                    }

                    //UserAccess Check dstrickland 7/7/2015
                    using (var cpaa = new CheckPersonApplicationAccess(gkei.CCHID, cnxString)) {
                        if (!cpaa.HasAccess)
                        {
                            LogUtil.Log(string.Format("Login failed for user {0}.  User does not have acces to AppId 2.",
                                                      hsRequest.UserName), LogLevel.Info);
                            return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized,
                                                               new Exception(cpaa.ErrorMessage)));
                        }
                    }

                    var firstName      = gkei.Tables[0].Rows[0].GetData("FirstName");
                    var lastName       = gkei.Tables[0].Rows[0].GetData("LastName");
                    var fullName       = string.Format("{0} {1}", firstName, lastName);
                    var mobilePhone    = gkei.Tables[0].Rows[0].GetData("MobilePhone");
                    var alternatePhone = gkei.Tables[0].Rows[0].GetData("Phone");

                    using (var gucp = new GetUserContentPreference()) {
                        gucp.CCHID = gkei.CCHID;
                        gucp.GetData(cnxString);

                        data.SmsInd           = gucp.SmsInd;
                        data.EmailInd         = gucp.EmailInd;
                        data.OsBasedAlertInd  = gucp.OsBasedAlertInd;
                        data.LocaleCode       = gucp.LocaleCode;
                        data.PreferredContact = gucp.ContactPhoneNumber;

                        hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);
                    }

                    var membershipUser = Membership.GetUser(hsRequest.UserName);
                    if (membershipUser != null && membershipUser.ProviderUserKey != null)
                    {
                        e.UserKey   = Request.EncryptionKey();
                        e.SecretKey = Properties.Settings.Default.SecretKey;
                        e.Add("UserName", hsRequest.UserName);
                        e.Add("CCHID", gkei.CCHID.ToString());

                        string aspUserId = membershipUser.ProviderUserKey.ToString();
                        e.Add("UserID", aspUserId);
                        string authHash = e.ToString();

                        data.AuthHash       = authHash;
                        data.UserName       = hsRequest.UserName;
                        data.DisplayName    = fullName;
                        data.MobilePhone    = mobilePhone;
                        data.AlternatePhone = alternatePhone;
                        data.Question       = membershipUser.PasswordQuestion;

                        hrm = Request.CreateResponse(HttpStatusCode.OK, (object)data);

                        LogUserLoginHistory(hsRequest.UserName, gkei.CCHID, cnxString);

                        //Load accumulations for all dependents
                        Task.Run(async() => await LoadEmployeeAndDependentsAccumulationsAsync(
                                     Int32.Parse(employerDb.Tables[0].Rows[0].GetData("employerId")),
                                     Int32.Parse(gkei.CCHID.ToString())));
                    }
                }
            }

            return(hrm);
        }