Пример #1
0
    /// <summary>
    /// Note that the user.Password should already have been hashed.
    /// </summary>
    public bool IsLoginValid(UserModel user)
    {
        if (!EmailExists(user.Email))
        {
            user.SetId(DbBaseEntity.InvalidId);
            return(false); // Note: This is efficient but hackers could measure the time it takes to return an invalid e-mail address. However, for this project such security measures are rather overkill.
        }

        using (IDbConnection con = SqliteHelper.CreateConnection())
            using (IDbCommand cmd = con.CreateCommand())
            {
                cmd.CommandText = "SELECT Id FROM User WHERE Email=@pEmail AND Password=@pPassword";
                cmd.Parameters.Add(new SqliteParameter("@pEmail", user.Email));
                cmd.Parameters.Add(new SqliteParameter("@pPassword", user.Password));

                object idFromDb = Convert.ToInt32(SqliteHelper.ExecuteScalar(con, cmd));

                if (idFromDb == null)
                {
                    user.SetId(DbBaseEntity.InvalidId);
                    return(false);
                }
                else
                {
                    user.SetId(Convert.ToInt32(idFromDb));
                    return(DbBaseEntity.IsIdValid(user.Id));
                }
            }
    }
Пример #2
0
    public List <ContactModel> ReadAll()
    {
        if (!DbBaseEntity.IsIdValid(Db.ActiveUser.Id))
        {
            return(new List <ContactModel>());
        }

        List <ContactModel> allContacts = new List <ContactModel>();

        using (IDbConnection con = SqliteHelper.CreateConnection())
        {
            using (IDbCommand cmd = con.CreateCommand())
            {
                cmd.CommandText = "SELECT * FROM Contact WHERE Owner=@pOwner";
                cmd.Parameters.Add(new SqliteParameter("@pOwner", Db.ActiveUser.Id));
                con.Open();
                using (IDataReader r = cmd.ExecuteReader())
                {
                    while (r.Read())
                    {
                        allContacts.Add(MapContact(r));
                    }
                }
            }

            con.Close();
        }
        return(allContacts);
    }
Пример #3
0
    public List <ContactModel> ReadAll()
    {
        if (!DbBaseEntity.IsIdValid(Db.ActiveUser.Id))
        {
            return(new List <ContactModel>());
        }

        return(ContactModel.CreateRandom(100));
    }
Пример #4
0
 protected static void CheckOperationAllowed(ContactModel contact)
 {
     // The Owner must be valid.
     if (!DbBaseEntity.IsIdValid(contact.Owner))
     {
         throw new Exception("Got an invalid user Id for the Owner. A valid Id is required for most CRUD operations.");
     }
     // The ActiveUser must be valid.
     if (!Db.ActiveUser.IsMyIdValid)
     {
         throw new Exception("Got an invalid user Id for the active user. A valid Id is required for most CRUD operations.");
     }
     // Only allowed to CRUD on contact records that belong to the current ActiveUser.
     if (contact.Owner != Db.ActiveUser.Id)
     {
         throw new SecurityException("Not allowed to update/insert/delete another owners contact.");
     }
 }