public ActionResult Register(RegisterDTO register)
{
var customer = customerService.FindByEmail(register.Email);
if (customer != null || register.Password != register.ConfirmPassword)
{
return(new HttpStatusCodeResult(400));
}
CustomerM newCustomer = new CustomerM()
{
FirstName = register.FirstName,
LastName = register.LastName,
Address = register.Address,
Email = register.Email,
Password = authService.HashPassword(register.Password),
Blocked = false,
Activated = false,
IsAdmin = false,
};
customerService.Save(newCustomer);
var token = authService.GenerateJWT(newCustomer);
FormsAuthentication.SetAuthCookie(token, true);
HttpContext.Response.SetCookie(new HttpCookie("Role", "REGULAR"));
return(Redirect("/Home"));
}
public void updateCustomer(CustomerM Customer)
{
string spName = @"[dbo].[updateCustomer]";
using (SqlCommand cmd = new SqlCommand(spName, SQLConnection))
{
SqlParameter[] parms = new SqlParameter[5];
string[] names =
{
"@CustomerID", "@Fname", "@Phone_number", "@Lname", "@Address"
};
SqlDbType[] DBtypes =
{
SqlDbType.Int, SqlDbType.VarChar, SqlDbType.VarChar, SqlDbType.VarChar, SqlDbType.VarChar
};
Object[] values =
{
Customer.CustomerID, Customer.Fname, Customer.Phone_number, Customer.Lname, Customer.Address
};
for (int i = 0; i < parms.Length; i++)
{
parms[i] = new SqlParameter();
parms[i].ParameterName = names[i];
parms[i].SqlDbType = DBtypes[i];
parms[i].Value = values[i];
cmd.Parameters.Add(parms[i]);
}
cmd.CommandType = CommandType.StoredProcedure;
cmd.ExecuteNonQuery();
}
}
public CustomerM getCustomer(int Customer_id)
{
CustomerM C = null;
string spName = @"[dbo].[getCustomer]";
using (SqlCommand cmd = new SqlCommand(spName, SQLConnection))
{
SqlParameter Emp_id_Parameter = new SqlParameter();
Emp_id_Parameter.ParameterName = "@CustomerID";
Emp_id_Parameter.SqlDbType = SqlDbType.Int;
Emp_id_Parameter.Value = Customer_id;
cmd.Parameters.Add(Emp_id_Parameter);
cmd.CommandType = CommandType.StoredProcedure;
using (SqlDataReader reader = cmd.ExecuteReader())
{
if (reader.HasRows)
{
int test = 0;
while (reader.Read())
{
if (test > 0)
{
throw new Exception("more then one customer with the PK: " + Customer_id + ", key values have been destroyed");
}
C = new CustomerM(reader);
}
}
}
}
return(C);
}
public CustomerM DecodeJWT(string jwt)
{
CustomerM customer = new CustomerM();
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
var json = decoder.Decode(jwt, new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ConfigurationManager.AppSettings["JwtSecret"])).ToString(), verify: true);
customer = customerService.FindById((int)JObject.Parse(json)["id"]);
}
catch (TokenExpiredException)
{
Console.WriteLine("Token has expired");
return(null);
}
catch (SignatureVerificationException)
{
Console.WriteLine("Token has invalid signature");
return(null);
}
catch (Exception)
{
Console.WriteLine("Invalid Jwt token.");
return(null);
}
return(customer);
}
public ActionResult Edit(ChangeAccountInfo accountInfo)
{
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
if (authService.HashPassword(accountInfo.OldPassword) != customer.Password)
{
ModelState.AddModelError("Password", "Your password is incorrect.");
return(View("MyAccount", accountInfo));
}
if (accountInfo.Password != accountInfo.ConfirmPassword && (string.IsNullOrWhiteSpace(accountInfo.ConfirmPassword) || string.IsNullOrEmpty(accountInfo.ConfirmPassword)) &&
(string.IsNullOrWhiteSpace(accountInfo.Password) || string.IsNullOrEmpty(accountInfo.Password)))
{
ModelState.AddModelError("Password", "New password and confirm password does not match.");
return(View("MyAccount", accountInfo));
}
customer.LastName = accountInfo.LastName;
customer.FirstName = accountInfo.FirstName;
customer.Email = accountInfo.Email;
customer.Address = accountInfo.Address;
customer.Password = authService.HashPassword(accountInfo.Password);
customerService.Edit(customer);
return(View("Index", "Home"));
}
public bool Authenticate(string email, string password)
{
CustomerM customer = customerService.FindByEmail(email);
if (customer.Password != HashPassword(password))
{
return(false);
}
return(true);
}
public string GenerateJWT(CustomerM customer)
{
return(new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ConfigurationManager.AppSettings["JwtSecret"])).ToString())
.AddClaim("exp", DateTimeOffset.UtcNow.AddMonths(1).ToUnixTimeSeconds())
.AddClaim("email", customer.Email)
.AddClaim("id", customer.Id)
.AddClaim("isAdmin", customer.IsAdmin)
.Build());
}
public ActionResult MyAccount()
{
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
return(View(new ChangeAccountInfo()
{
Address = customer.Address,
Email = customer.Email,
FirstName = customer.FirstName,
Id = customer.Id,
LastName = customer.LastName,
}));
}
public ActionResult Buy()
{
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
foreach (var shopping in shoppingService.FindAll().Where(x => x.CustomerId == customer.Id && x.Status == "Active"))
{
shopping.Status = "Pending";
shopping.Date = DateTime.Now;
shoppingService.Edit(shopping);
}
return(RedirectToAction("Index"));
}
public ActionResult Info()
{
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
ShopM shop = new ShopM();
if (customer.ShopAdminId != -1)
{
shop = shopService.FindById(customer.ShopAdminId);
}
return(View(shop));
}
public ActionResult Edit(MobileDTO mobileDTO)
{
CustomerM admin = authService.DecodeJWT(User.Identity.Name);
ShopMobilesM shopMobiles = shopMobilesService.FindByShopAndMobile(admin.ShopAdminId, mobileDTO.Id);
if (shopMobiles != null)
{
shopMobiles.Price = mobileDTO.Price;
shopMobiles.MobilesLeft = mobileDTO.Amount;
shopMobilesService.Edit(shopMobiles);
}
return(RedirectToAction("Manage"));
}
public ActionResult Remove(int id)
{
CustomerM admin = authService.DecodeJWT(User.Identity.Name);
CustomerM customer = customerService.FindById(id);
if (customer == null || admin.ShopAdminId != customer.ShopAdminId)
{
return(RedirectToAction("Manage"));
}
customer.IsAdmin = false;
customer.ShopAdminId = -1;
customerService.Edit(customer);
return(RedirectToAction("Manage"));
}
public ActionResult Add(int id)
{
CustomerM customer = customerService.FindById(id);
if (customer != null)
{
CustomerM admin = authService.DecodeJWT(User.Identity.Name);
if (!customer.IsAdmin && customer.ShopAdminId == -1)
{
customer.IsAdmin = true;
customer.ShopAdminId = admin.ShopAdminId;
customerService.Edit(customer);
}
}
return(RedirectToAction("All"));
}
public ActionResult Manage()
{
CustomerM admin = authService.DecodeJWT(User.Identity.Name);
IEnumerable <ShopMobilesM> shopMobiles = shopMobilesService.FindAll().Where(x => x.ShopId == admin.ShopAdminId);
List <MobileDTO> mobileDTOs = new List <MobileDTO>();
foreach (var m in shopMobiles)
{
MobileM mobile = mobileService.FindById(m.MobileId);
mobileDTOs.Add(new MobileDTO()
{
Id = m.MobileId, Amount = m.MobilesLeft, Price = m.Price, Name = mobile.Name
});
}
return(View(mobileDTOs));
}
public ActionResult Add(MobileShopDTO mobileShop)
{
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
ShopMobilesM foundPair = shopMobilesService.FindByShopAndMobile(customer.ShopAdminId, mobileShop.MobileId);
if (foundPair == null)
{
shopMobilesService.Save(new ShopMobilesM()
{
MobileId = mobileShop.MobileId,
MobilesLeft = mobileShop.Amount,
ShopId = customer.ShopAdminId,
Price = mobileShop.Price,
});
}
return(RedirectToAction("All"));
}
public ActionResult Create(ShopM shop)
{
if (ModelState.IsValid)
{
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
if (customer.ShopAdminId != -1)
{
return(RedirectToAction("New"));
}
shop = shopService.Save(shop);
customer.IsAdmin = true;
customer.ShopAdminId = shop.Id;
customerService.Edit(customer);
HttpContext.Response.SetCookie(new HttpCookie("Role", "ADMIN"));
}
return(RedirectToAction("Index", "Home"));
}
public ActionResult Add(ShoppingM shopping)
{
MobileM mobile = mobileService.FindById(shopping.MobileId);
ShopM shop = shopService.FindById(shopping.ShopId);
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
ShopMobilesM shopMobiles = shopMobilesService.FindByShopAndMobile(shop.Id, mobile.Id);
if (!ModelState.IsValid || mobile == null || shop == null ||
customer == null || shopMobiles == null || shopping.Price != shopMobiles.Price)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
shopping.CustomerId = customer.Id;
shopping.Status = "Active";
shoppingService.Save(shopping);
return(new HttpStatusCodeResult(HttpStatusCode.OK));
}
public ActionResult Decline(int id)
{
ShoppingM shopping = shoppingService.FindById(id);
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
if (shopping == null || shopping.Status != "Pending")
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
if (shopping.ShopId != customer.ShopAdminId)
{
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized));
}
shopping.Status = "Declined";
shoppingService.Edit(shopping);
return(new HttpStatusCodeResult(HttpStatusCode.OK));
}
public ActionResult Index()
{
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
List <ShoppingDTO> shoppings = new List <ShoppingDTO>();
foreach (var shopping in shoppingService.FindAll().Where(x => x.CustomerId == customer.Id && x.Status == "Active"))
{
shoppings.Add(new ShoppingDTO()
{
MobileName = mobileService.FindById(shopping.MobileId).Name,
ShopName = shopService.FindById(shopping.ShopId).ShopName,
Id = shopping.Id,
Price = shopping.Price,
ShopId = shopping.ShopId,
MobileId = shopping.MobileId,
CustomerId = shopping.CustomerId,
});
}
return(View(shoppings));
}
public CustomerM Save(CustomerM customer)
{
Customer customerDb = new Customer()
{
FirstName = customer.FirstName,
LastName = customer.LastName,
Email = customer.Email,
CustomerAddress = customer.Address,
Blocked = customer.Blocked,
Activated = customer.Activated,
IsAdmin = customer.IsAdmin,
CustomerPassword = customer.Password,
ShopAdminId = null,
IsRootAdmin = customer.IsRootAdmin,
};
Context.Customers.Add(customerDb);
Context.SaveChanges();
customer.Id = customerDb.Id;
return(customer);
}
public ActionResult Accept(int id)
{
ShoppingM shopping = shoppingService.FindById(id);
CustomerM customer = authService.DecodeJWT(User.Identity.Name);
ShopMobilesM shopMobiles = shopMobilesService.FindByShopAndMobile(shopping.ShopId, shopping.MobileId);
if (shopping == null || shopping.Status != "Pending" || shopMobiles == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
if (shopping.ShopId != customer.ShopAdminId)
{
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized));
}
shopping.Status = "Accepted";
shoppingService.Edit(shopping);
shopMobiles.MobilesLeft--;
shopMobilesService.Edit(shopMobiles);
return(new HttpStatusCodeResult(HttpStatusCode.OK));
}
public ActionResult History()
{
CustomerM admin = authService.DecodeJWT(User.Identity.Name);
ShopM shop = shopService.FindById(admin.ShopAdminId);
List <ShoppingDTO> shoppings = new List <ShoppingDTO>();
foreach (var shopping in shoppingService.FindAll().Where(x => x.ShopId == shop.Id))
{
shoppings.Add(new ShoppingDTO()
{
Id = shopping.Id,
Customer = admin.Email,
CustomerId = admin.Id,
MobileId = shopping.MobileId,
MobileName = mobileService.FindById(shopping.MobileId).Name,
Price = shopping.Price,
Status = shopping.Status,
});
}
return(View(shoppings));
}
public ActionResult Login(LoginDTO login)
{
CustomerM customer = customerService.FindByEmail(login.Email);
if (customer == null || !authService.Authenticate(login.Email, login.Password))
{
ModelState.AddModelError("LoginError", "Wrong username or password.");
return(View("Login"));
}
var token = authService.GenerateJWT(customer);
FormsAuthentication.SetAuthCookie(token, true);
var httpContext = HttpContext.ApplicationInstance as MvcApplication;
HttpCookie cookie = null;
if (customer.IsAdmin)
{
if (customer.IsRootAdmin)
{
cookie = new HttpCookie("Role", "ROOT");
}
else
{
cookie = new HttpCookie("Role", "ADMIN");
}
}
else
{
cookie = new HttpCookie("Role", "REGULAR");
}
cookie.Expires.AddMonths(1);
httpContext.Response.Cookies.Set(cookie);
return(Redirect("/Home"));
}
public CustomerM Edit(CustomerM customer)
{
var found = Context.Customers.SingleOrDefault(x => x.Id == customer.Id);
if (found == null)
{
return(null);
}
found.FirstName = customer.FirstName;
found.LastName = customer.LastName;
found.Email = customer.Email;
if (customer.Password != null && customer.Password != "")
{
found.CustomerPassword = customer.Password;
}
found.IsAdmin = customer.IsAdmin;
found.Blocked = customer.Blocked;
found.Activated = customer.Activated;
found.ShopAdminId = (customer.ShopAdminId != -1) ? (int?)customer.ShopAdminId : null;
found.IsRootAdmin = customer.IsRootAdmin;
Context.SaveChanges();
customer.Password = "";
return(customer);
}
public CustomerM Save(CustomerM customer)
{
return(customerRepository.Save(customer));
}
public CustomerM Edit(CustomerM customer)
{
return(customerRepository.Edit(customer));
}
public ActionResult All()
{
CustomerM admin = authService.DecodeJWT(User.Identity.Name);
return(View(mobileService.FindAll().Where(x => shopMobilesService.FindByShopAndMobile(admin.ShopAdminId, x.Id) == null)));
}
public ActionResult All()
{
CustomerM user = authService.DecodeJWT(User.Identity.Name);
return(View(customerService.FindAll().Where(x => x.ShopAdminId == -1 && x.IsAdmin == false && x.IsRootAdmin == false && x.Id != user.Id)));
}
public ActionResult Manage()
{
CustomerM admin = authService.DecodeJWT(User.Identity.Name);
return(View(customerService.FindAll().Where(x => x.ShopAdminId == admin.ShopAdminId && x.Id != admin.Id)));
}
