public Tuple <Admin, AdminValidation> Login(Admin admin)
{
AdminValidation validation = new AdminValidation(admin);
if (validation.IsValid)
{
Admin dbAdmin = GetAdmin(admin.Username);
if (dbAdmin == null)
{
validation.DoesNotExistOnServer(nameof(admin.Username));
}
else
{
Hashing pwdHash = new Hashing(admin.Password, dbAdmin.Salt);
if (pwdHash.Equals(dbAdmin.PasswordHash))
{
return(new Tuple <Admin, AdminValidation>(dbAdmin, validation));
}
else
{
validation.WrongPassword(nameof(admin.Password));
}
}
}
return(new Tuple <Admin, AdminValidation>(null, validation));
}
public ActionResult CreateAdmin(Admin admin)
{
AuthorizeAndRedirect(Rank.SuperAdmin);
AdminValidation valid = _Manager.SignUp(admin);
if (valid.IsValid)
{
ViewData.ModelState.Clear();
return(RedirectToAction("AdminPanel", "Admin"));
}
ValidationMessages.ConvertCodeToMsg(ModelState, valid.ErrorDict);
return(RedirectToAction("CreateAdmin", "Admin", null));
}
public AdminValidation EditAdmin(Admin admin, bool PasswordNotEdited = false)
{
AdminValidation validation = new AdminValidation(admin, PasswordNotEdited);
if (validation.IsValid)
{
Admin existingAdmin = GetAdmin(admin.Username);
if (existingAdmin != null)
{
_Repo.EditAdmin(Mapper.Map <ADMIN>(admin));
}
else
{
validation.DoesNotExistOnServer(nameof(admin.Username));
}
}
return(validation);
}
public ActionResult EditAdminPost(Admin admin)
{
if (!(admin.Username == Session["authentication"].ToString())) //Allow the user to change their own password even if not admin or higher
{
AuthorizeAndRedirect(Rank.Admin);
}
Admin oldAdmin = _Manager.GetAdmin(admin.Username);
if ((Rank)Session["Level"] < Rank.SuperAdmin) //Don't allow changing of admin level or classification access if admin who edited is not superadmin
{
admin.PermissionLevel = oldAdmin.PermissionLevel;
admin.CanEditClassifications = oldAdmin.CanEditClassifications;
}
if (admin.Password == null)
{
admin.PasswordHash = oldAdmin.PasswordHash;
admin.Salt = oldAdmin.Salt;
AdminValidation validation = _Manager.EditAdmin(admin, true);
if (validation.IsValid)
{
ViewData.ModelState.Clear();
return(RedirectToAction("AdminPanel", "Admin", null));
}
ValidationMessages.ConvertCodeToMsg(ModelState, validation.ErrorDict);
}
else
{
Hashing hashing = new Hashing(admin.Password);
admin.PasswordHash = hashing.Hash;
admin.Salt = hashing.Salt;
AdminValidation validation = _Manager.EditAdmin(admin);
if (validation.IsValid)
{
ViewData.ModelState.Clear();
return(RedirectToAction("AdminPanel", "Admin", null));
}
ValidationMessages.ConvertCodeToMsg(ModelState, validation.ErrorDict);
}
return(RedirectToAction("EditAdmin", new { id = admin.Username }));
}
public AdminValidation SignUp(Admin admin)
{
AdminValidation validation = new AdminValidation(admin);
if (validation.IsValid)
{
Admin existingAdmin = GetAdmin(admin.Username);
if (existingAdmin != null)
{
validation.DoesAlreadyExistOnServer(nameof(admin.Username));
}
else
{
Hashing hash = new Hashing(admin.Password);
admin.Password = null;
admin.PasswordHash = hash.Hash;
admin.Salt = hash.Salt;
CreateAdmin(admin);
}
}
return(validation);
}
private void loginBtn_Click(object sender, RoutedEventArgs e)
{
//Get inputted details
string username = usernameTxt.Text;
string password = UserAccount.stringToHashString(passwordBox.Password);
var aV = new AdminValidation(username, password);
if (aV.isAccountAdmin)
{
//Allow admin to pick access levels
var ui = UICreatePage.CreateNewSetAccessPage();
CreateNewAccountService.Instance.Window.Content = ui;
}
else
{
errorBlock.Text = aV.ErrorMessage;
}
/*
* //Validate if details match existing admin account
* using(var dbContext = new InventoryContext())
* {
* AdminAccount admin = AdminAccountValidation.ValidateAdminAccount(username, password, dbContext);
*
* //Validation failed
* if( admin == null)
* {
* errorBlock.Text = "Enter valid admin account details";
*
* }
* else
* {
* //Allow admin to pick access levels
* var ui = UICreatePage.CreateNewSetAccessPage();
* CreateNewAccountService.Instance.Window.Content = ui;
* }
* }*/
}
