public async Task <IActionResult> PostUsers([FromBody] PassedData <PassedNewEmail> data) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } DateTime now = DateTime.UtcNow; if (data.UserToken == null) { return(BadRequest(new DataError("securityErr", "No authorization controll."))); } UserToken dbtoken = Security.CheckUserToken(this._context, data.UserToken); if (dbtoken == null) { return(BadRequest(new DataError("securityErr", "Your data has probably been stolen or modified manually. We suggest password's change."))); } else { if (!dbtoken.IsTimeValid(now)) { return(BadRequest(new DataError("timeoutErr", "You have been too long inactive. Relogin is required."))); } else { dbtoken.UpdateToken(now); } } Users user = _context.Users.FirstOrDefault(e => e.Name == dbtoken.UserName); if (user.Password != HashClass.GenHash(data.Data.Password)) { return(BadRequest(new DataError("passwordErr", "Password is incorrect."))); } if (data.Data.NewEmail != data.Data.ConfirmEmail) { return(BadRequest(new DataError("newEmailErr", "New email was not confirmed correctly."))); } //all went well user.Email = data.Data.NewEmail; try { await _context.SaveChangesAsync(); } catch (DbUpdateException) { if (_context.Users.FirstOrDefault(e => ((e.Email == data.Data.NewEmail) && (e.Name != dbtoken.UserName))) != null) { return(BadRequest(new DataError("newEmailErr", "New email has been already used."))); } return(BadRequest(new DataError("serverErr", "Failed to save new password."))); } return(Ok(new { success = true })); }
public async Task <IActionResult> PostUsers([FromBody] RegistrationUser users) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (UsersExists(users.Username)) { return(BadRequest(new DataError("sameloginErr", "Login with same name already exists."))); } if (EmailExists(users.Email)) { return(BadRequest(new DataError("sameemailErr", "Email already used."))); } if (users.Password != users.Password_Confrim) { return(BadRequest(new DataError("confirmErr", "Bad confirmation password."))); } //TODO: regex validation Users user = new Users() { Email = users.Email, Name = users.Username, Password = HashClass.GenHash(users.Password), RegistryDate = DateTime.UtcNow, LastLogin = DateTime.UtcNow }; _context.Users.Add(user); try { await _context.SaveChangesAsync(); } catch (DbUpdateException) { if (UsersExists(users.Username)) { return(new StatusCodeResult(StatusCodes.Status409Conflict)); } else { throw; } } try { SendEmail.SendInvitationEmail(user, users.Password); } catch (Exception e) { Console.WriteLine(e.ToString()); } return(Ok()); }
public async Task <IActionResult> PostHeros([FromBody] PassedData <PassedRemoveCharacter> passedData) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } DateTime now = DateTime.UtcNow; if (passedData.UserToken == null) { return(BadRequest(new DataError("securityErr", "No authorization controll."))); } UserToken dbtoken = Security.CheckUserToken(this._context, passedData.UserToken); if (dbtoken == null) { return(BadRequest(new DataError("securityErr", "Your data has probably been stolen or modified manually. We suggest password's change."))); } else { if (!dbtoken.IsTimeValid(now)) { return(BadRequest(new DataError("timeoutErr", "You have been too long inactive. Relogin is required."))); } else { dbtoken.UpdateToken(now); } } Users user = _context.Users.FirstOrDefault(e => e.Name == dbtoken.UserName); if (user.Password != HashClass.GenHash(passedData.Data.Password)) { return(BadRequest(new DataError("passwordErr", "Password is incorrect."))); } Heros herotoremove = _context.Heros.FirstOrDefault(e => e.Name == passedData.Data.HeroName); UsersHeros conntoremove = _context.UsersHeros.FirstOrDefault(e => e.UserName == dbtoken.UserName && e.HeroId == herotoremove.HeroId); var tokentoremove = _context.ActionToken.Where(e => e.HeroId == herotoremove.HeroId); var locationstoremove = _context.HerosLocations.Where(e => e.HeroId == herotoremove.HeroId); var travelingtoremove = _context.Traveling.Where(e => e.HeroId == herotoremove.HeroId); var equipmenttoremove = _context.Equipment.Where(e => e.HeroId == herotoremove.HeroId); var backpacktoremove = _context.Backpack.Where(e => e.HeroId == herotoremove.HeroId); var healingremove = _context.Healing.Where(e => e.HeroId == herotoremove.HeroId); var fightingremove = _context.Fighting.Where(e => e.HeroId == herotoremove.HeroId); // TODO: remove other features if (tokentoremove.Count() > 0) { _context.ActionToken.RemoveRange(tokentoremove); } if (locationstoremove.Count() > 0) { _context.HerosLocations.RemoveRange(locationstoremove); } if (travelingtoremove.Count() > 0) { _context.Traveling.RemoveRange(travelingtoremove); } if (equipmenttoremove.Count() > 0) { _context.Equipment.RemoveRange(equipmenttoremove); } if (backpacktoremove.Count() > 0) { _context.Backpack.RemoveRange(backpacktoremove); } if (healingremove.Count() > 0) { _context.Healing.RemoveRange(healingremove); } if (fightingremove.Count() > 0) { _context.Fighting.RemoveRange(fightingremove); } _context.Heros.Remove(herotoremove); _context.UsersHeros.Remove(conntoremove); try { await _context.SaveChangesAsync(); } catch (DbUpdateException) { return(BadRequest(new DataError("serverErr", "Failed to remove hero."))); } return(Ok(new { success = true, removedHero = herotoremove.Name })); }
public async Task <IActionResult> PostUsers([FromBody] PassedData <PassedRemoveAccount> data) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } DateTime now = DateTime.UtcNow; if (data.UserToken == null) { return(BadRequest(new DataError("securityErr", "No authorization controll."))); } UserToken dbtoken = Security.CheckUserToken(this._context, data.UserToken); if (dbtoken == null) { return(BadRequest(new DataError("securityErr", "Your data has probably been stolen or modified manually. We suggest password's change."))); } else { if (!dbtoken.IsTimeValid(now)) { return(BadRequest(new DataError("timeoutErr", "You have been too long inactive. Relogin is required."))); } else { dbtoken.UpdateToken(now); } } Users user = _context.Users.FirstOrDefault(e => e.Name == dbtoken.UserName); if (user.Password != HashClass.GenHash(data.Data.Password)) { return(BadRequest(new DataError("passwordErr", "Password is incorrect."))); } //all went well Users deluser = _context.Users.FirstOrDefault(e => e.Name == dbtoken.UserName); var usersheros = _context.UsersHeros.Where(e => e.UserName == deluser.Name); var delheros = _context.Heros.Join(usersheros, e => e.HeroId, e => e.HeroId, (a, b) => a); var delusertoken = _context.UserToken.Where(e => e.UserName == deluser.Name); var deltoken = _context.Tokens.Where(e => e.UserName == deluser.Name); var delactiontokens = _context.ActionToken.Join(delheros, e => e.HeroId, f => f.HeroId, (a, b) => a); var delheroslocations = _context.HerosLocations.Join(delheros, e => e.HeroId, f => f.HeroId, (a, b) => a); var delherostraveling = _context.Traveling.Join(delheros, e => e.HeroId, f => f.HeroId, (a, b) => a); var delherosequipment = _context.Equipment.Join(delheros, e => e.HeroId, f => f.HeroId, (a, b) => a); var delherosbackpack = _context.Backpack.Join(delheros, e => e.HeroId, f => f.HeroId, (a, b) => a); var delheroshealing = _context.Healing.Join(delheros, e => e.HeroId, f => f.HeroId, (a, b) => a); var delherosfighting = _context.Fighting.Join(delheros, e => e.HeroId, f => f.HeroId, (a, b) => a); if (delactiontokens.Count() > 0) { _context.ActionToken.RemoveRange(delactiontokens); } if (delheroslocations.Count() > 0) { _context.HerosLocations.RemoveRange(delheroslocations); } if (delherostraveling.Count() > 0) { _context.Traveling.RemoveRange(delherostraveling); } if (delherosequipment.Count() > 0) { _context.Equipment.RemoveRange(delherosequipment); } if (delherosbackpack.Count() > 0) { _context.Backpack.RemoveRange(delherosbackpack); } if (delheroshealing.Count() > 0) { _context.Healing.RemoveRange(delheroshealing); } if (delherosfighting.Count() > 0) { _context.Fighting.RemoveRange(delherosfighting); } if (usersheros.Count() > 0) { _context.UsersHeros.RemoveRange(usersheros); } if (delheros.Count() > 0) { _context.Heros.RemoveRange(delheros); } if (delusertoken.Count() > 0) { _context.UserToken.RemoveRange(delusertoken); } if (deltoken.Count() > 0) { _context.Tokens.RemoveRange(deltoken); } _context.Users.Remove(deluser); try { await _context.SaveChangesAsync(); } catch (DbUpdateException) { return(BadRequest(new DataError("serverErr", "Failed delete account."))); } return(Ok(new { success = true })); }
private bool PasswordMatches(string name, string password) { return(_context.Users.First(e => e.Name == name).Password == HashClass.GenHash(password)); }