// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.Run(async(context) =>
{
string authHeader = context.Request.Headers["Authorization"];
string[] parts = authHeader.Split(" ");
string token = parts[1];
context.Response.ContentType = "application/json";
JwtAuthManager jwtAuthManager = new JwtAuthManager();
bool isValid = jwtAuthManager.ValidateToken(token);
if (isValid)
{
await context.Response.WriteAsync("{\"Hello\": \"World\"}");
}
else
{
string newToken = jwtAuthManager.GenerateJWTToken();
Console.WriteLine(newToken);
await context.Response.WriteAsync("{\"Hello\": \"Error\"}");
}
});
}
public static clsKeyValue GetKeys()
{
DP_TPEntities db = new DP_TPEntities();
JwtAuthManager jwt = new JwtAuthManager();
string Key = db.AppKeys.Where(x => x.vKey == "key").FirstOrDefault().vvalue;
string XIBMClientId = db.AppKeys.Where(x => x.vKey == "XIBMClientId").FirstOrDefault().vvalue;
string easebuzzsalt = db.AppKeys.Where(x => x.vKey == "easebuzzsalt").FirstOrDefault().vvalue;
string easebuzzkey = db.AppKeys.Where(x => x.vKey == "easebuzzkey").FirstOrDefault().vvalue;
string easebuzzenv = db.AppKeys.Where(x => x.vKey == "easebuzzenv").FirstOrDefault().vvalue;
string payUsalt = db.AppKeys.Where(x => x.vKey == "payUsalt").FirstOrDefault().vvalue;
string payUkey = db.AppKeys.Where(x => x.vKey == "payUkey").FirstOrDefault().vvalue;
string payUzenv = db.AppKeys.Where(x => x.vKey == "payUenv").FirstOrDefault().vvalue;
string XIBMClientSecret = db.AppKeys.Where(x => x.vKey == "XIBMClientSecret").FirstOrDefault().vvalue;
string SessionKey = DateTime.Now.ToString("yyyyMMddHHmmssfffffff");
string AxisSetuAPIURL = db.AppKeys.Where(x => x.vKey == "AxisSetuAPIURL").FirstOrDefault().vvalue;
string JWT = "Bearer " + jwt.GenerateJWTToken();
return(new clsKeyValue()
{
Key = Key, XIBMClientId = XIBMClientId,
XIBMClientSecret = XIBMClientSecret, SessionID = SessionKey, JWT = JWT,
easebuzzenv = easebuzzenv,
easebuzzkey = easebuzzkey,
easebuzzsalt = easebuzzsalt,
AxisSetuAPIURL = AxisSetuAPIURL,
payUsalt = payUsalt,
payUkey = payUkey,
payUenv = payUzenv
});
}
public async Task <LoggedUserResponse> FacebookLoginAsync(FacebookLoginRequest facebookLoginRequest)
{
if (string.IsNullOrEmpty(facebookLoginRequest.FacebookToken))
{
throw new Exception("Token is null or empty");
}
var facebookUser = await _facebookService.GetUserFromFacebookAsync(facebookLoginRequest.FacebookToken);
var applicationUser = await _appDbContext.Users.SingleOrDefaultAsync(user => user.Email == facebookUser.Email);
string token;
if (applicationUser == null)
{
var user = await CreateFacebookUser(facebookUser);
await _appDbContext.SaveChangesAsync(CancellationToken.None);
token = await Task.Run(() => JwtAuthManager.GenerateToken(user));
return(LoggedUser(user, token));
}
token = await Task.Run(() => JwtAuthManager.GenerateToken(applicationUser));
return(LoggedUser(applicationUser, token));
}
public IHttpActionResult PostNewPost(int courseId, Post post)
{
Course course = db.Courses.Find(courseId);
if (course == null)
{
var resp = new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(
string.Format("Cannot add post. Course with ID = {0} doesn't exist", courseId)
)
};
throw new HttpResponseException(resp);
}
post.CreatedAt = DateTime.Now;
int userId = JwtAuthManager.GetUserIdFromRequest(Request);
post.UserDetailsId = userId;
course.Posts.Add(post);
InitPopularityIfAbsent(userId, course);
db.SaveChanges();
return(Ok(post));
}
public IHttpActionResult GetToken([FromBody] string[] credentials)
{
string username = credentials[0];
string password = credentials[1];
LoginService loginService = new LoginService();
ILoginToken loginToken;
try
{
loginToken = loginService.TryLoginAllUsers(username, password);
}
catch (WrongPasswordException ex)
{
ex.GetType();
return(Unauthorized());
}
if (loginToken != null)
{
return(Ok(JwtAuthManager.GenerateJWTToken(loginToken)));
}
else
{
return(Unauthorized());
}
}
public HttpResponseMessage Authentication(AuthenticationDTO authentication)
{
try
{
AuthenticationValidation(authentication);
IAuthentication blAuthentication = ApplicationInstance.ucApplication.Resolve <IAuthentication>();
UserBE objUserBE = blAuthentication.Login(authentication.username, authentication.password);
if (objUserBE != null)
{
// crear token
string strToken = JwtAuthManager.GenerateJWTToken(Convert.ToString(objUserBE.Id));
// establecer la cache de la session, permisos, roles, tiempo de session
new ApplicationController().SetPrincipal(objUserBE.Id.Value, strToken);
return(Request.CreateResponse(HttpStatusCode.OK, new { token = strToken, user = new { id = objUserBE.Id.ToString(), name = objUserBE.Name } }));
}
else
{
throw new ArgumentException(messageLoginError);
}
}
catch (Exception ex)
{
ExceptionHandler.HandleException(ex, PolicyType.Api);
return(Request.CreateResponse(HttpStatusCode.Unauthorized, ex.Message));
}
}
public IHttpActionResult PostToggleFavourites(int courseId)
{
Course course = db.Courses.Find(courseId);
if (course == null)
{
var resp = new HttpResponseMessage(HttpStatusCode.NotFound)
{
Content = new StringContent(string.Format("Course with ID = {0} " +
"doesn't exists", courseId))
};
throw new HttpResponseException(resp);
}
int userId = JwtAuthManager.GetUserIdFromRequest(Request);
User user = db.Users.Find(userId);
if (user.Favorites.Count(c => c.Id == courseId) > 0)
{
user.Favorites.Remove(course);
}
else
{
user.Favorites.Add(course);
}
db.SaveChanges();
return(Ok());
}
public IHttpActionResult PostComment(int postId, Comment comment)
{
Post post = db.Posts.Find(postId);
if (post == null)
{
var resp = new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(
string.Format("Post with ID = {0} doesn't exist", postId)
)
};
throw new HttpResponseException(resp);
}
int userId = JwtAuthManager.GetUserIdFromRequest(Request);
comment.UserDetails = db.Users.Find(userId).UserDetails;
post.Comments.Add(comment);
InitPopularityIfAbsent(userId, post.Course);
db.SaveChanges();
return(Ok(comment));
}
public HttpResponseMessage PostChangePassword(ChangePasswordDTO changePasswordDTO)
{
string email = JwtAuthManager.GetEmailFromRequest(Request);
if (CheckCredentials(email, changePasswordDTO.Password))
{
int userId = JwtAuthManager.GetUserIdFromRequest(Request);
User user = db.Users.Find(userId);
byte[] salt;
rngCsp.GetBytes(salt = new byte[16]);
var pdkdf2 = new Rfc2898DeriveBytes(changePasswordDTO.NewPassword, salt, 1000);
byte[] hash = pdkdf2.GetBytes(20);
byte[] hashBytes = new byte[36];
Array.Copy(salt, 0, hashBytes, 0, 16);
Array.Copy(hash, 0, hashBytes, 16, 20);
user.Password = Convert.ToBase64String(hashBytes);
user.Salt = Convert.ToBase64String(salt);
db.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK));
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Промената на лозинка е неуспешна, бидејќи внесовте погрешна стара лозинка"));
}
public HttpResponseMessage PostRequestToken(UserDTO userDto)
{
if (CheckCredentials(userDto.Email, userDto.Password))
{
DateTime expiration = DateTime.UtcNow.AddHours(1);
string token = JwtAuthManager.GenerateJWTToken(userDto.Email, expiration, db);
User user = db.Users.Where(u => u.Email.Equals(userDto.Email)).FirstOrDefault();
user.FavouritesIds = user.Favorites.Select(f => f.Id).ToList();
long expirationMillis = Convert.ToInt64(
expiration
.Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc))
.TotalMilliseconds
);
var resp = new SuccessfulSignInDTO
{
Token = token,
Expiration = expirationMillis,
User = user
};
return(Request.CreateResponse(HttpStatusCode.OK, resp));
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Внесената email адреса или лозинка е погрешна"));
}
public AccountController(ILogger <AccountController> logger,
UserService userService, JwtAuthManager jwtAuthManager)
{
this.logger = logger;
this.jwtAuthManager = jwtAuthManager;
this.userService = userService;
}
public async Task <IHttpActionResult> PatchUser()
{
if (!Request.Content.IsMimeMultipartContent())
{
return(StatusCode(HttpStatusCode.UnsupportedMediaType));
}
int userId = JwtAuthManager.GetUserIdFromRequest(Request);
UserDetails userDetails = db.UserDetails.Find(userId);
var filesReadToProvider = await Request.Content.ReadAsMultipartAsync();
var imageBytes = await filesReadToProvider.Contents[0].ReadAsByteArrayAsync();
int?oldImageId = Image.ExtractImageId(userDetails.ImageUrl);
if (oldImageId != null)
{
ImageController.DeleteImage(oldImageId.Value, db);
}
userDetails.ImageUrl = ImageController.SaveImage(imageBytes, Request, db);
db.SaveChanges();
return(Ok(userDetails));
}
public HttpResponseMessage PostDeactivateAccount(UserDTO userDTO)
{
string email = JwtAuthManager.GetEmailFromRequest(Request);
if (CheckCredentials(email, userDTO.Password))
{
int userId = JwtAuthManager.GetUserIdFromRequest(Request);
User user = db.Users.Find(userId);
List <Comment> allComments = db.Comments.Where(c => c.UserDetails.UserDetailsId == userId).ToList();
allComments.ForEach(c => db.Comments.Remove(c));
int?imageId = Image.ExtractImageId(user.UserDetails.ImageUrl);
if (imageId != null)
{
ImageController.DeleteImage(imageId.Value, db);
}
db.UserDetails.Remove(user.UserDetails);
db.Users.Remove(user);
db.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK));
}
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Профилот не е деактивиран бидејќи лозинката која ја внесовте е погрешна."));
}
private static bool ValidateToken(string token, out string username)
{
username = null;
var simplePrinciple = JwtAuthManager.GetPrincipal(token);
var identity = simplePrinciple?.Identity as ClaimsIdentity;
if (identity == null)
{
return(false);
}
if (!identity.IsAuthenticated)
{
return(false);
}
var usernameClaim = identity.FindFirst(ClaimTypes.Name);
username = usernameClaim?.Value;
if (string.IsNullOrEmpty(username))
{
return(false);
}
/*VALIDA SE O UTILIZADOR EXISTE**/
if (!AuthUser.UserExists(username))
{
return(false);
}
return(true);
}
public IActionResult logout()
{
HttpContext.Request.Headers.TryGetValue("HEADER_AUTHORIZATION", out var mbsExternal);
var userName = User.FindFirstValue(Consts.CLAIM_USERNAME);
string token = mbsExternal;
JwtAuthManager.AddTokenToBlacklist(userName, token, token);
return(Ok(ResultObject.Ok <NullDataType>(null, "Đăng xuất thành công.")));
}
public IHttpActionResult GetFavouriteCourses(int page = 1, int pageSize = 10)
{
int userId = JwtAuthManager.GetUserIdFromRequest(Request);
IQueryable <Course> favCourses = db.Users.Find(userId).Favorites.AsQueryable();
var coursesPage = Pagination.CreateMappedPage <Course, CourseCard>(
favCourses, page, pageSize, "Title", true
);
return(Ok(coursesPage));
}
public IHttpActionResult PutEditUser(UserDTO userDTO)
{
int userId = JwtAuthManager.GetUserIdFromRequest(Request);
UserDetails userDetails = db.UserDetails.Find(userId);
userDetails.FirstName = userDTO.FirstName;
userDetails.LastName = userDTO.LastName;
db.SaveChanges();
return(Ok(userDetails));
}
public async Task <LoggedUserResponse> Registration(RegisterRequest registerRequest)
{
var base64Encode = PasswordHelper.EncodeAndHash(registerRequest.Password, out var passwordHash);
var user = await CreateUser(registerRequest, passwordHash, base64Encode);
await _appDbContext.SaveChangesAsync(CancellationToken.None);
var token = JwtAuthManager.GenerateToken(user);
return(LoggedUser(user, token));
}
public HttpResponseMessage Post(Users user)
{
if (CheckUser(user))
{
return(Request.CreateResponse(HttpStatusCode.OK,
JwtAuthManager.GenerateJWTToken(user.username)));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
"Invalid Request"));
}
}
public HttpResponseMessage Get(string username, string password)
{
if (CheckUser(username, password))
{
return(Request.CreateResponse(HttpStatusCode.OK,
JwtAuthManager.GenerateJWTToken(username)));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
"Invalid Request"));
}
}
public bool ValidateToken(string token)
{
var simplePrinciple = JwtAuthManager.GetPrincipal(token);
Console.WriteLine(simplePrinciple);
if (simplePrinciple == null)
{
return(false);
}
// You can implement more validation to check whether username exists in your DB or not or something else.
return(true);
}
public HttpResponseMessage PostLogin(User user)
{
var message = new HttpResponseMessage(HttpStatusCode.NotAcceptable);
if (!ModelState.IsValid)
{
message.Content = new StringContent("Invalid Model");
return(message);
}
if (repository.ValidateRegisteredUser(user))
{
var mId = repository.GetLoggedUserID(user);
User mUser = db.User.Find(mId);
mUser.Token = JwtAuthManager.GenerateJWTToken(mId + "");
if (mUser != null)
{
db.Entry(mUser).State = EntityState.Modified;
try
{
db.SaveChanges();
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.OK, mUser);
return(response);
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(mId))
{
message.Content = new StringContent("User not exist");
return(message);
}
else
{
throw;
}
}
}
else
{
message.Content = new StringContent("User not exist");
return(message);
}
}
else
{
message.Content = new StringContent("Wrong user name or password");
return(message);
}
}
public IHttpActionResult GetCourses([FromUri] CourseFilter courseFilter)
{
var queryable = Course.FilterCourses(db.Courses, courseFilter);
if (courseFilter.Favourites)
{
int userId = JwtAuthManager.GetUserIdFromRequest(Request);
var favouriteIds = db.Users.Find(userId).Favorites.Select(course => course.Id).ToList();
queryable = queryable.Where(c => favouriteIds.Contains(c.Id));
}
var coursesPage = Pagination.CreateMappedPage <Course, CourseCard>(
queryable, courseFilter.Page, courseFilter.PageSize, "Title", true
);
return(Ok(coursesPage));
}
public HttpResponseMessage CreateToken([FromBody] UserDTO userDTO)
{
string username = null, password = null, clientId = null;
username = userDTO.UserName;
password = userDTO.UserPassword;
clientId = userDTO.ClientID;
if (CheckUser(username, password))
{
return(Request.CreateResponse(HttpStatusCode.OK, JwtAuthManager.GenerateJWTToken(username)));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid Request"));
}
}
public authReponse Authenticate(AuthRequest model)
{
string sql = "getUserByUnameAndPassWord";
DynamicParameters parameter = new DynamicParameters();
parameter.Add("@Username", model.Username, DbType.String, ParameterDirection.Input);
parameter.Add("@Password", Helper.ToMD5(model.Password), DbType.String, ParameterDirection.Input);
User user = _query.Query <User>(1, sql, parameter).FirstOrDefault();
if (user == null)
{
return(null);
}
var tokenResult = JwtAuthManager.GenerateTokens(model, user.access);
return(new authReponse(tokenResult.AccessToken.ToString(), user));
}
public async Task <LoggedUserResponse> Authenticate(LoginRequest loginRequest)
{
var user = await _appDbContext.Users.FirstOrDefaultAsync(u => u.Email == loginRequest.Email);
if (user == null)
{
return(null);
}
var passwordHash = HashingHelper.HashUsingPbkdf2(loginRequest.Password, user.PasswordSalt);
if (user.Password != passwordHash)
{
return(null);
}
var token = JwtAuthManager.GenerateToken(user);
return(LoggedUser(user, token));
}
public async Task <ActionResult> Login(LoginDTO loginDto)
{
var user = _context.TblUser.FirstOrDefault(x => x.Email == loginDto.Email);
if (user == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized));
}
if (!VerifyPasswordHash(loginDto.Password, user.Password, user.Salt))
{
return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized));
}
return(new HttpStatusCodeResult(HttpStatusCode.OK,
JwtAuthManager.GenerateJWTToken(loginDto.Email)));
// return Ok(new { token = tokenHandler.WriteToken(token), email = userFromRepo.Email, fullname = userFromRepo.FullName });
}
public HttpResponseMessage Validate(string email, string password)
{
loggerService.Logger().Info("Calling with parameter as : email and password: "******" and " + password);
UserDTO user = _userService.ValidateUser(email, password);
if (user == null)
{
var errorPayload = new
{
code = HttpStatusCode.Forbidden,
message = "Invalid username or password",
type = "ERROR"
};
return(Request.CreateResponse(HttpStatusCode.Unauthorized, errorPayload, Configuration.Formatters.JsonFormatter));
}
var tokenPayload = new
{
access_token = JwtAuthManager.GenerateJWTToken(user)
};
return(Request.CreateResponse(HttpStatusCode.OK, tokenPayload, Configuration.Formatters.JsonFormatter));
}
public TokenController(IUserService userService, JwtAuthManager jwtAuthManager)
{
_userService = userService;
_jwtAuthManager = jwtAuthManager;
}
public HttpResponseMessage Post([FromBody] AuthUser user)
{
if (user == null)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest,
"Invalid Request"));
}
if (CheckUser(user.Email, user.Password))
{
return(Request.CreateResponse(HttpStatusCode.OK, JObject.Parse("{'token':'" + JwtAuthManager.GenerateJWTToken(user.Email) + "'}")
, JsonMediaTypeFormatter.DefaultMediaType));
}
else
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized,
"Unauthorized"));
}
}
