Exemplo n.º 1
0
        public IHttpActionResult PutUser(int id, User user, HttpRequestMessage request)
        {
            var headers = request.Headers;

            if (headers.Contains("token"))
            {
                var userToken = headers.GetValues("token").First();
                Tuple <bool, string> validationResult = JwtTokenHelper.ValidateToken(userToken);
                if (validationResult.Item1)
                {
                    // Check to see if the refreshId's match.  If they do not, then it means something (i.e. invalid password)
                    //   has caused the issued token to become invalidated.  If so, then we need to send a message back to
                    //   the calling client.

                    long refreshId = 0;
                    if (long.TryParse(JwtTokenHelper.GetTokenPayloadValue(userToken, "refreshId"), out refreshId))
                    {
                        if (db.UserLogins.FirstOrDefault(p => p.RefreshId == refreshId) == null)
                        {
                            return(Content(HttpStatusCode.Unauthorized,
                                           "Token failed refresh check, User account disabled/locked-out"));
                        }
                    }

                    if (!ModelState.IsValid)
                    {
                        return(BadRequest(ModelState));
                    }

                    if (id != user.Id)
                    {
                        return(BadRequest());
                    }

                    User updUser = db.Users.Find(id);

                    db.Entry(updUser).CurrentValues.SetValues(user);

                    try
                    {
                        db.SaveChanges();
                    }
                    catch (DbUpdateConcurrencyException)
                    {
                        if (!UserExists(id))
                        {
                            return(NotFound());
                        }

                        throw;
                    }

                    return(Ok(user));
                }
                return(BadRequest(validationResult.Item2));
            }

            return(BadRequest("Token invalid or not present"));
        }
        public IHttpActionResult PutPaRequest(int id, PaRequest paRequest)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != paRequest.Id)
            {
                return(BadRequest());
            }

            // paRequest.CompletedTimeStamp = DateTime.Now;
            db.Entry(paRequest).State = EntityState.Modified;

            try
            {
                db.SaveChanges();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!PaRequestExists(id))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(StatusCode(HttpStatusCode.NoContent));
        }
Exemplo n.º 3
0
        public IHttpActionResult PutRole(int id, Role role)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != role.Id)
            {
                return(BadRequest());
            }

            db.Entry(role).State = EntityState.Modified;

            try
            {
                db.SaveChanges();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!RoleExists(id))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(StatusCode(HttpStatusCode.NoContent));
        }
        public IHttpActionResult PutPaRequestNote(int id, PaRequestNote paRequestNote)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != paRequestNote.Id)
            {
                return(BadRequest());
            }
            var headers = Request.Headers;

            if (headers.Contains("token"))
            {
                var userToken = headers.GetValues("token").First();

                string userName = JwtTokenHelper.GetTokenPayloadValue(userToken, "unique_name");
                string userRole = JwtTokenHelper.GetTokenPayloadValue(userToken, "role");

                if (userRole != "Administrator") //Need to check that the userName is the same as the created by
                {
                    if (userName != paRequestNote.CreatedBy)
                    {
                        return(BadRequest("Editing user is not an Administrator or did not create the original note."));
                    }
                }
                // paRequest.CompletedTimeStamp = DateTime.Now;
                paRequestNote.LastModified   = DateTime.Now;
                paRequestNote.LastModifiedBy = userName;

                db.Entry(paRequestNote).State = EntityState.Modified;

                try
                {
                    db.SaveChanges();
                }
                catch (DbUpdateConcurrencyException)
                {
                    if (!PaRequestNoteExists(id))
                    {
                        return(NotFound());
                    }
                    else
                    {
                        throw;
                    }
                }
            }

            return(StatusCode(HttpStatusCode.NoContent));
        }
        public IHttpActionResult Put(int id, LookupType lookupType)
        {
            if (_log.IsDebugEnabled)
            {
                _log.DebugFormat(Resource.LogDebugModeMessage);
            }

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != lookupType.Id)
            {
                return(BadRequest());
            }

            try
            {
                db.Entry(lookupType).State = EntityState.Modified;

                try
                {
                    db.SaveChanges();
                }
                catch (DbUpdateConcurrencyException dbError)
                {
                    if (!LookupTypeExists(id))
                    {
                        return(NotFound());
                    }
                    else
                    {
                        _log.Error(string.Format(Resource.DBConcurrencyError_Pre, "Put:LookupTypesController"), dbError);
                        return(InternalServerError(dbError));
                    }
                }

                return(StatusCode(HttpStatusCode.NoContent));
            }
            catch (Exception e)
            {
                _log.Error(string.Format(Resource.GeneralError_Pre, "Put:LookupTypesController"), e);
                return(InternalServerError(e));
            }
        }
        public IHttpActionResult PutInsuranceCompany(int id, InsuranceCompany insuranceCompany)
        {
            if (_log.IsDebugEnabled)
            {
                _log.DebugFormat(Resource.LogDebugModeMessage);
            }

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != insuranceCompany.Id)
            {
                return(BadRequest());
            }

            try
            {
                db.Entry(insuranceCompany).State = EntityState.Modified;

                try
                {
                    db.SaveChanges();
                }
                catch (DbUpdateConcurrencyException)
                {
                    if (!InsuranceCompanyExists(id))
                    {
                        return(NotFound());
                    }

                    throw;
                }

                return(StatusCode(HttpStatusCode.NoContent));
            }
            catch (Exception e)
            {
                _log.Error(string.Format(Resource.GeneralError_Pre, "PutInsuranceCompany"), e);
                throw;
            }
        }
        public IHttpActionResult PutFileUploadLog(int id, FileUploadLog fileUploadLog)
        {
            if (_log.IsDebugEnabled)
            {
                _log.DebugFormat(Resource.LogDebugModeMessage);
            }

            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            if (id != fileUploadLog.Id)
            {
                return(BadRequest());
            }

            db.Entry(fileUploadLog).State = EntityState.Modified;

            try
            {
                db.SaveChanges();
            }
            catch (DbUpdateConcurrencyException dbException)
            {
                _log.Error(string.Format(Resource.DBConcurrencyError_Pre, "PutFileUploadLog"), dbException);
                if (!FileUploadLogExists(id))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(StatusCode(HttpStatusCode.NoContent));
        }
        // POST: api/Security
        public IHttpActionResult Post(HttpRequestMessage request, [FromBody] string value)
        {
            var headers       = request.Headers;
            var returnMessage = string.Empty;

            //Check the request object to see if they passed a userId
            if (headers.Contains("userid"))
            {
                try
                {
                    var login = headers.GetValues("userid").First();
                    if (headers.Contains("password"))
                    {
                        var passwordTry = headers.GetValues("password").First();

                        try
                        {
                            var userDetails = db.Users.Where(p => p.UserName == login && p.Archived == false)
                                              .Include(i => i.Role)
                                              .FirstOrDefault();
                            if (userDetails == null || userDetails.Archived)
                            {
                                return(Unauthorized());
                            }
                            {
                                var userAccount = db.UserLogins.FirstOrDefault(p => p.Login == login);
                                if (userAccount != null && !UserIsLockedOut(userAccount))
                                {
                                    if (LMSDataService.SecurityHelper.Sha256Hash(passwordTry).ToUpper() ==
                                        userAccount.PasswordHash.ToUpper()) //  Success!
                                    {
                                        SecurityController securityController = new SecurityController();
                                        var token = securityController.RefreshToken(userAccount, userDetails);
                                        return(Ok(token));
                                    }
                                }

                                if (userAccount != null)
                                {
                                    returnMessage = "Token failed refresh check, User account disabled/locked-out";
                                    userAccount.AccessFailedCount = userAccount.AccessFailedCount + 1;
                                    if (userAccount.AccessFailedCount >= 5)
                                    {
                                        userAccount.LockoutEnabled = true;
                                        userAccount.RefreshId      = 0;
                                        userAccount.LockoutEnd     = DateTime.Now.AddMinutes(15);
                                    }

                                    userAccount.LastModifiedBy  = "SECURITY";
                                    userAccount.LastModified    = DateTime.Now;
                                    db.Entry(userAccount).State = EntityState.Modified;
                                }

                                try
                                {
                                    db.SaveChanges();
                                }
                                catch (Exception e)
                                {
                                    Console.WriteLine(e);
                                    throw;
                                }

                                return(Content(HttpStatusCode.Unauthorized, returnMessage));
                            }
                        }
                        catch (Exception e)
                        {
                            _log.Error("An error occurred while adding Users.", e);
                            return(InternalServerError(e));
                        }
                    }
                }
                catch (Exception e)
                {
                    _log.Error(e.Message);
                }
            }

            return(BadRequest("Header values not found."));
        }
Exemplo n.º 9
0
        // PUT: api/UserLoginCreation/5
        public IHttpActionResult Put(int id, HttpRequestMessage request, UserLoginCreation userLogin)
        {
            var headers        = request.Headers;
            var requestingUser = string.Empty;

            if (headers.Contains("token"))
            {
                try
                {
                    var userToken = headers.GetValues("token").First();
                    Tuple <bool, string> validationResult = JwtTokenHelper.ValidateToken(userToken);
                    if (validationResult.Item1)
                    {
                        // Check to see if the refreshId's match.  If they do not, then it means something (i.e. invalid password)
                        //   has caused the issued token to become invalidated.  If so, then we need to send a message back to
                        //   the calling client.

                        long refreshId = 0;
                        if (long.TryParse(JwtTokenHelper.GetTokenPayloadValue(userToken, "refreshId"), out refreshId))
                        {
                            if (db.UserLogins.FirstOrDefault(p => p.RefreshId == refreshId) == null)
                            {
                                return(Content(HttpStatusCode.Unauthorized,
                                               "Token failed refresh check, User account disabled/locked-out"));
                            }
                        }

                        requestingUser = JwtTokenHelper.GetTokenPayloadValue(userToken, "unique_name");
                        if (!ModelState.IsValid)
                        {
                            return(BadRequest(ModelState));
                        }

                        UserLogin newUserLogin = db.UserLogins.Find(id);

                        if (newUserLogin == null)
                        {
                            return(NotFound());
                        }
                        newUserLogin.Id                = userLogin.Id;
                        newUserLogin.LastModifiedBy    = requestingUser;
                        newUserLogin.LastModified      = DateTime.Now;
                        newUserLogin.Login             = userLogin.Login;
                        newUserLogin.IsAdmin           = userLogin.IsAdmin;
                        newUserLogin.LockoutEnabled    = false;
                        newUserLogin.LockoutEnd        = DateTime.Parse("1/1/1900");
                        newUserLogin.AccessFailedCount = 0;
                        newUserLogin.PasswordHash      = LMSDataService.SecurityHelper.Sha256Hash(userLogin.Password);

                        //db.UserLogins.Add(newUserLogin);
                        db.Entry(newUserLogin).State = EntityState.Modified;
                        db.SaveChanges();

                        return(Ok(newUserLogin));
                    }
                }
                catch (Exception e)
                {
                    _log.Error(string.Format(Resource.GeneralError_Pre, "UserLoginCreation:Put"), e);
                }
            }

            return(BadRequest("Token invalid or not present"));
        }