public string SaveWebSession(WebSessionModel model) { try { if (string.IsNullOrEmpty(model.Id)) { model.Id = CommonHelper.GenerateUuid(); model.SignedIn = (int)CommonHelper.GetUnixTimestamp(); Context.WebSessions.Add(model); } else { model.SignedIn = (int)CommonHelper.GetUnixTimestamp(); Context.WebSessions.Update(model); } if (Context.SaveChanges() > 0) { return(model.Id); } return(null); } catch (Exception e) { _logger.LogError("WebSession ==>> SaveWebSession: " + e.Message); return(null); } }
public static ActionResult <WebSessionModel> Execute(Guid webSessionId, string connectionString) { try { using (var connection = new SqlConnection(connectionString)) { // create command object var command = new SqlCommand(); command.Connection = connection; command.Connection.Open(); // expire given web session on user logout command.CommandText = @$ " UPDATE web_sessions SET web_sessions.expired = GETDATE() OUTPUT inserted.* WHERE web_sessions.id = '{webSessionId}' "; var reader = command.ExecuteReader(); // if no rows returned, web session was not found if (!reader.HasRows) { reader.Close(); return(new BadRequestResult()); } // read returned row to get expired web session reader.Read(); var expiredWebSession = new WebSessionModel(reader); reader.Close(); return(new OkObjectResult(expiredWebSession)); } }
public void DeleteWebSession(WebSessionModel model) { try { Context.WebSessions.Remove(model); Context.SaveChanges(); } catch (Exception e) { _logger.LogError("WebSession ==>> DeleteWebSession: " + e.Message); } }
public WebSessionModel FindWebSession(WebSessionModel model) { try { var result = Context.WebSessions .Where(b => b.Browser == model.Browser) .FirstOrDefault(b => b.Ip == model.Ip); return(result); } catch (Exception e) { _logger.LogError("WebSession ==>> FindWebSession: " + e.Message); return(null); } }
public static ActionResult <WebSessionModel> Execute(PostUserLoginType data, string connectionString) { try { using (var connection = new SqlConnection(connectionString)) { // create command object var command = new SqlCommand(); command.Connection = connection; command.Connection.Open(); // get user with the same username as given value command.CommandText = @$ " SELECT users.id , passwords.hashed_password , passwords.salt FROM users JOIN passwords ON users.id = passwords.user_id WHERE users.username = '******' AND passwords.expired IS NULL "; var reader = command.ExecuteReader(); // if nothing was returned, user does not exist with given username if (!reader.HasRows) { reader.Close(); return(new BadRequestResult()); } // read returned row to get user id and password reader.Read(); var userId = reader["id"].ToString(); var passwordSalt = reader["salt"].ToString(); var passwordHashed = reader["hashed_password"].ToString(); reader.Close(); // hash given password var credentialsHashedPassword = UserController.ApplyHash( UserController.DecodeSalt(passwordSalt), data.password ); // if given password does not match database, unauthorized if (credentialsHashedPassword != passwordHashed) { return(new UnauthorizedResult()); } // if here, the password is correct and a web session can be made command.CommandText = @$ " INSERT INTO web_sessions ( user_id ) OUTPUT inserted.* VALUES ( '{userId}' ) "; reader = command.ExecuteReader(); // if nothing was returned, web session was not created if (!reader.HasRows) { reader.Close(); return(new BadRequestResult()); } // reader return row to get web session id reader.Read(); var webSession = new WebSessionModel(reader); reader.Close(); // if here, everything ran properly return(new OkObjectResult(webSession)); }