public List <ReturnUser> GetUsers()
{
List <ReturnUser> users = new List <ReturnUser>();
try
{
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand(SQL_GET_USERS, conn);
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
ReturnUser user = GetReturnUserFromReader(rdr);
users.Add(user);
}
}
return(users);
}
catch (SqlException ex)
{
throw;
}
}
public decimal GetMyBalance(int userID)
{
ReturnUser access = new ReturnUser();
decimal myBalance = 0;
try
{
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand("SELECT balance FROM accounts WHERE user_id = @user_id;", conn);
cmd.Parameters.AddWithValue("@user_id", userID);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
myBalance = Convert.ToDecimal(reader["balance"]);
}
return(myBalance);
}
}
catch (SqlException ex)
{
throw;
}
}
//returning a user profile. We could add this info to the db and pull it from returnUser
public ReturnUser GetUserProfile(int id, ReturnUser returnUser)
{
try
{
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
string sqlText = "SELECT username, role, name from user where user_id = @user_id";
SqlCommand cmd = new SqlCommand(sqlText, conn);
cmd.Parameters.AddWithValue("@user_id", id);
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
returnUser.Username = Convert.ToString(reader["username"]);
returnUser.Role = Convert.ToString(reader["role"]);
returnUser.Name = Convert.ToString(reader["name"]);
}
return(returnUser);
}
}
catch (Exception)
{
throw;
}
}
public IActionResult Authenticate(LoginUser userParam)
{
// Default to bad username/password message
IActionResult result = BadRequest(new { message = "Username or password is incorrect" });
// Get the user by username
User user = userDAO.GetUser(userParam.Username);
// If we found a user and the password hash matches
if (user != null && passwordHasher.VerifyHashMatch(user.PasswordHash, userParam.Password, user.Salt))
{
// Create an authentication token
string token = tokenGenerator.GenerateToken(user.UserId, user.Username /*, user.Role*/);
// Create a ReturnUser object to return to the client
ReturnUser retUser = new ReturnUser()
{
UserId = user.UserId, Username = user.Username, /*Role = user.Role,*/ Token = token
};
// Switch to 200 OK
result = Ok(retUser);
}
return(result);
}
public IActionResult Authenticate(LoginUser userParam)
{
// Get the user by username
User user = userDao.GetUser(userParam.Username);
// If no user was found or it was a password mismatch, return a generic bad request.
if (user == null || !passwordHasher.VerifyHashMatch(user.PasswordHash, userParam.Password, user.Salt))
{
return(BadRequest(new { message = "Username or password is incorrect" }));
}
// Create an authentication token
string token = tokenGenerator.GenerateToken(user.Id, user.Username, user.Role);
// Create a ReturnUser object to return to the client
ReturnUser retUser = new ReturnUser()
{
Id = user.Id,
Username = user.Username,
Role = user.Role,
Token = token
};
return(Ok(retUser));
}
public List <ReturnUser> GetUsers(string username)
{
username = $"%{username}%";
List <ReturnUser> users = new List <ReturnUser>();
try
{
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand(SQL_GET_USERS_FILTERED, conn);
cmd.Parameters.AddWithValue("@username", username);
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
ReturnUser user = GetReturnUserFromReader(rdr);
users.Add(user);
}
}
return(users);
}
catch (SqlException ex)
{
throw;
}
}
public IActionResult Authenticate(LoginUser userParam)
{
// Default to bad username/password message
IActionResult result = BadRequest(new { message = "Username or password is incorrect" });
// Get the user by username
User user = userDao.GetUser(userParam.Username);
// If we found a user and the password hash matches
// TODO 03: Note: we do not store password, we store a hash, so that's how we compare.
if (user != null && passwordHasher.VerifyHashMatch(user.PasswordHash, userParam.Password, user.Salt))
{
// Create an authentication token
string token = tokenGenerator.GenerateToken(user.Id, user.Username, user.Role);
// Create a ReturnUser object to return to the client
ReturnUser retUser = new ReturnUser()
{
Id = user.Id, Username = user.Username, Role = user.Role, Token = token
};
// Switch to 200 OK
result = Ok(retUser);
}
// TODO 04: After we return a token, take a look at it on http://jwt.io
return(result);
}
private ReturnUser GetReturnUserFromReader(SqlDataReader reader)
{
ReturnUser user = new ReturnUser();
user.UserId = Convert.ToInt32(reader["user_id"]);
user.Username = Convert.ToString(reader["username"]);
user.Role = Convert.ToString(reader["user_role"]);
return(user);
}
private async void LoginButton_Click(object sender, Windows.UI.Xaml.RoutedEventArgs e)
{
//_navigationFacade.NavigateToMainPage();
//this.Frame.Navigate(typeof(MainPage));
string username = UsernameTextBox.Text;
string password = PassWordPasswordBox.Password;
ReturnUser user = new ReturnUser();
user.Password = password;
user.Username = username;
RequestToApi(user);
}
public ActionResult <ReturnUser> GetReturnUser(string username)
{
ReturnUser user = new ReturnUser();
user = this.accountDAO.GetReturnUser(username);
if (user == null)
{
return(NotFound());
}
return(Ok(user));
}
private ReturnUser GetReturnUserFromReader(SqlDataReader reader)
{
ReturnUser u = new ReturnUser()
{
UserId = Convert.ToInt32(reader["user_id"]),
Username = Convert.ToString(reader["username"]),
Role = Convert.ToString(reader["user_role"]),
//Extra stuff we added
FirstName = Convert.ToString(reader["FirstName"]),
LastName = Convert.ToString(reader["LastName"]),
Email = Convert.ToString(reader["Email"]),
PhoneNumber = Convert.ToString(reader["PhoneNumber"])
};
return(u);
}
public async Task <object> Login([FromBody] LoginDto model)
{
var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, false, false);
if (result.Succeeded)
{
var appUser = _userManager.Users.SingleOrDefault(r => r.Email == model.Email);
var loggedInUser = new ReturnUser
{
Email = model.Email,
Token = await GenerateJwtToken(model.Email, appUser)
};
return(Json(loggedInUser));
}
throw new ApplicationException("UNKNOWN_ERROR");
}
public async void RequestToApi(ReturnUser user)
{
//request POST to api
using (var client = new HttpClient())
{
var resourceLoader = ResourceLoader.GetForCurrentView();
client.BaseAddress = new Uri(resourceLoader.GetString("ServerURL"));
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
// New code:
try
{
HttpResponseMessage response = await client.PostAsJsonAsync("api/Users/info", user);
if (response.IsSuccessStatusCode)
{
//UserInfo info = await response.Content.ReadAsAsync<UserInfo>();
//encode password
user.Password = Base64Encode(user.Password);
//write to file "user.json"
await SerelizeDataToJson(user, "user");
// To do: Login to home page
this.Frame.Navigate(typeof(MainPage));
}
else
{
ErrorProviderTextBlock.Text = "Incorrect username or password!";
ErrorProviderTextBlock.Visibility = Visibility.Visible;
}
}
catch (HttpRequestException)
{
var dialog = new MessageDialog("Can not connect to server!", "Message");
//dialog.Commands.Add(new UICommand("Yes") { Id = 0 });
//dialog.Commands.Add(new UICommand("No") { Id = 1 });
await dialog.ShowAsync();
}
}
}
public static async Task <string> SerelizeDataToJson(ReturnUser user, string filename)
{
try
{
var folder = Windows.Storage.ApplicationData.Current.LocalFolder;
var file = await folder.CreateFileAsync(filename + ".json", Windows.Storage.CreationCollisionOption.ReplaceExisting);
var data = await file.OpenStreamForWriteAsync();
using (StreamWriter r = new StreamWriter(data))
{
var serelizedfile = JsonConvert.SerializeObject(user);
r.Write(serelizedfile);
}
return(filename);
}
catch (Exception e)
{
throw e;
}
}
public ReturnUser GetUserById(int id)
{
using (SqlConnection conn = new SqlConnection(connectionString))
{
ReturnUser user = new ReturnUser();
conn.Open();
string sqlQuery = @"SELECT * from users where user_id = @userId";
SqlCommand cmd = new SqlCommand(sqlQuery, conn);
cmd.Parameters.AddWithValue("@userid", id);
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
user = new ReturnUser();
user.UserId = Convert.ToInt32(rdr["user_id"]);
user.Username = Convert.ToString(rdr["username"]);
}
return(user);
}
}
public List <ReturnUser> ListOfUsers()
{
List <ReturnUser> returnUsers = new List <ReturnUser>();
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand("SELECT users.user_id, users.username, accounts.account_id, accounts.balance FROM users JOIN accounts ON users.user_id = accounts.user_id", conn);
// cmd.Parameters.AddWithValue("@user_id", userId);
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
ReturnUser user = GetUserFromReader(reader);
returnUsers.Add(user);
}
}
return(returnUsers);
}
// Metod för att uppdatera kontoinformation, tar emot ett objekt av en användare
public bool UpdateAccountInfo(ReturnUser UpdatedAccountInfo)
{
// Hitta rätt användare i databasen
var user = db.Users.Where(x => x.ID == UpdatedAccountInfo.ID).FirstOrDefault();
// Kolla om användarnamnet redan finns i databasen, man ska inte kunna byta till ett användarnamn som redan finns
Users userUsername = (from x in db.Users
where x.Username == UpdatedAccountInfo.Username
select x).FirstOrDefault();
// Om en användare hittas
if (user != null)
{
// Om användarnamnet inte är upptaget
if (userUsername == null)
{
// Användarobjektet får värdena av det objekt vi skickade in i metoden, alltså den uppdaterade kontoinformationen
user.Email = UpdatedAccountInfo.Email;
user.Username = UpdatedAccountInfo.Username;
user.Firstname = UpdatedAccountInfo.Firstname;
user.Surname = UpdatedAccountInfo.Surname;
db.SaveChanges();
return(true);
}
// Om användarnamnet är upptaget
else
{
return(false);
}
}
else
{
return(false);
}
}
public List <ReturnUser> GetListOfUsers()
{
List <ReturnUser> listOfUsers = new List <ReturnUser>();
using (SqlConnection conn = new SqlConnection(ConnectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand("SELECT username, user_id FROM users;", conn);
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
ReturnUser user = new ReturnUser();
user.Username = Convert.ToString(reader["username"]);
user.UserId = Convert.ToInt32(reader["user_id"]);
listOfUsers.Add(user);
}
}
return(listOfUsers);
}
public List <ReturnUser> GetUsersForTransfer()
{
List <ReturnUser> allUsers = new List <ReturnUser>();
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
string sqlCommand = @"SELECT * FROM users";
SqlCommand cmd = new SqlCommand(sqlCommand, conn);
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
ReturnUser user = new ReturnUser();
user.UserId = Convert.ToInt32(rdr["user_id"]);
user.Username = Convert.ToString(rdr["username"]);
allUsers.Add(user);
}
}
return(allUsers);
}
public async Task <object> Register([FromBody] RegisterDto model)
{
var user = new IdentityUser
{
UserName = model.Email,
Email = model.Email
};
var result = await _userManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
await _signInManager.SignInAsync(user, false);
var registeredUser = new ReturnUser
{
Email = model.Email,
Token = await GenerateJwtToken(model.Email, user)
};
return(Json(registeredUser));
}
throw new ApplicationException("UNKNOWN_ERROR");
}
public ActionResult CheckLogin(string userid, string password)
{
//---------------------------------------------------------------------
if (Request.HttpMethod == "GET")
{
return(RedirectToAction("Login"));
}
//check validation.
string errorNotify = "";
if (String.IsNullOrEmpty(userid))
{
errorNotify = " Nhập tên đăng nhập/Input UserName.";
}
if (String.IsNullOrEmpty(password))
{
errorNotify += " Nhập mật khẩu/Input password.";
}
if (!String.IsNullOrEmpty(errorNotify))
{
ViewBag.error = errorNotify;
return(RedirectToAction("Login"));
}
var passwordMd5 = SMCommon.MD5Endcoding(password.Trim()).ToLower();
ReturnUser returnUser = (new UserDB()).CheckLogin(userid.Trim(), passwordMd5);
if (returnUser.Code == "01")
{
errorNotify += " Tên đăng nhập hoặc mật khẩu không đúng/UserName or Password is incorrect!";
}
if (returnUser.Code == "99")
{
errorNotify += " Kiểm tra lại đường truyền/Check connection.";
}
if (!String.IsNullOrEmpty(errorNotify))
{
ViewBag.error = " Lỗi đăng nhập/Error Login: "******"Login"));
}
//Validation is successful.
if (returnUser.Code == "00") // exist user.
{
User user = returnUser.lstUser[0];
MyShareInfo.ID = user.ID;
MyShareInfo.UserName = user.UserName;
MyShareInfo.PassWord = user.PassWord;
MyShareInfo.FullName = user.FullName;
MyShareInfo.MobileNumber = user.MobileNumber;
MyShareInfo.FactoryID = user.FactoryID;
MyShareInfo.RoleID = user.RoleID;
//Session["UserLogin"] = user;
Session["UserID"] = user.ID;
Session["UserName"] = user.UserName;
Session["FactoryID"] = user.FactoryID;
#region dynamic menu by userid
MenuDB menuDB = new MenuDB();
User currentUser = new User()
{
ID = Convert.ToInt32(Session["UserID"].ToString())
};
ReturnMenuRole returnMenuRole = menuDB.GetMenusByUserID(currentUser);
var menuViewModel = new MenuViewModel
{
returnMenuRole = returnMenuRole,
user = currentUser
};
Session["MenuPermission"] = menuViewModel;
#endregion
//Permission
Session["UserPermission"] = (new UserDB()).ListAllControllerName_PermissionByUserID(user.ID);
return(RedirectToAction("Index"));
}
return(RedirectToAction("Login"));
}
// Metod för att skapa ny användare, tar ett användarobjekt som inparameter och returnerar ett nytt objekt med användarens uppgifter
public ReturnUser CreateUser(NewUser NewUser)
{
// Kolla i databasen om E-mail och användarnamn redan finns, om inte, gå vidare och skapa användaren
Users EmailCheck = (from x in db.Users
where x.Email.ToUpper() == NewUser.Email.ToUpper()
select x).FirstOrDefault();
Users UsernameCheck = (from x in db.Users
where x.Username.ToUpper() == NewUser.Username.ToUpper()
select x).FirstOrDefault();
var LoggUser = new Users // Dettta är loggning av objektet NewUser.
{
Email = NewUser.Email,
Username = NewUser.Username,
Firstname = NewUser.Firstname,
Surname = NewUser.Surname,
Password = NewUser.Password,
};
var jsonPerson = JsonConvert.SerializeObject(LoggUser);
Log.Information(jsonPerson);
// Om inget E-mail eller användarnamn kan hittas
if (EmailCheck == null & UsernameCheck == null)
{
// Hashing av lösenord med tillhörande salt
byte[] salt;
new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);
var pass = new Rfc2898DeriveBytes(NewUser.Password, salt, 1000);
byte[] passwordHash = pass.GetBytes(20);
byte[] total = new byte[36];
Array.Copy(salt, 0, total, 0, 16);
Array.Copy(passwordHash, 0, total, 16, 20);
string savedPassword = Convert.ToBase64String(total);
/*
* Här skapas ett nytt användarobjekt som används av resterande servicar.
* Eftersom endast vår service skall hantera lösenord behöver vill vi inte skicka med lösenord till andra, varför detta objekt skapas.
*/
ReturnUser returUser = new ReturnUser();
// Det nya objektet tilldelas värdena från användarens inmatade uppgifter
returUser.Email = NewUser.Email;
returUser.Username = NewUser.Username;
returUser.Firstname = NewUser.Firstname;
returUser.Surname = NewUser.Surname;
// Nytt objekt som sparas i databasen, innehållande samtliga användaruppgifter
Users CompleteUser = new Users();
CompleteUser.Email = NewUser.Email;
CompleteUser.Firstname = NewUser.Firstname;
CompleteUser.Surname = NewUser.Surname;
CompleteUser.Username = NewUser.Username;
// Lösenordet får värdet av det tidigare hashade lösenordet, eftersom det är detta som skall sparas i databasen
CompleteUser.Password = savedPassword;
// Status-Id blir automatiskt 1, som innebär aktiv
CompleteUser.StatusID = 1;
// Role-Id 3 innebär vanlig användare
CompleteUser.RoleID = 3;
// Det nya användarobjektet läggs till i databasen
db.Users.Add(CompleteUser);
db.SaveChanges();
// Säkerställ att det användar-id vi har överensstämmer med andra servicars Id, vilket minimerar risken för att olika användare visas upp
returUser.ID = CompleteUser.ID;
return(returUser);
}
// Om E-mail och användarnamn redan finns i databasen
else
{
return(null);
}
}
private static void MenuSelection()
{
int menuSelection = -1;
while (menuSelection != 0)
{
Console.WriteLine("");
Console.WriteLine("Welcome to TEnmo! Please make a selection: ");
Console.WriteLine("1: View your current balance");
Console.WriteLine("2: View your past transfers");
Console.WriteLine("3: View your pending requests");
Console.WriteLine("4: Send TE bucks");
Console.WriteLine("5: Request TE bucks");
Console.WriteLine("6: Log in as different user");
Console.WriteLine("0: Exit");
Console.WriteLine("---------");
Console.Write("Please choose an option: ");
if (!int.TryParse(Console.ReadLine(), out menuSelection))
{
Console.WriteLine("Invalid input. Please enter only a number.");
menuSelection = -1;
}
else if (menuSelection == 1)
{
string output;
IRestResponse <decimal> response = accountService.GetBalance();
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
output = $"Balance: {response.Data:c}";
}
else
{
output = "Unable to reach server.";
}
Console.WriteLine(output);
}
else if (menuSelection == 2)
{
//view your past transfers
List <Transfer> transferList = accountService.GetPreviousTransfers();
if (transferList != null)
{
List <ReturnUser> userList = accountService.GetListOfUsers(); //get username
if (userList != null)
{
bool pending = false;
consoleService.PrintPreviousTransfers(transferList, userList, pending);
Transfer selectedTransfer = consoleService.ValidateTransferDetailsChoice(transferList, pending);
if (selectedTransfer != null)
{
consoleService.PrintTransferDetails(selectedTransfer, userList);
}
else
{
Console.WriteLine("Couldn't get transfer details.");
}
}
else
{
Console.WriteLine("Couldn't retreive User List while getting past transfers.");
}
}
else
{
Console.WriteLine("Couldn't get list of past transfers.");
}
}
else if (menuSelection == 3)
{
//view your pending requests
List <Transfer> transferList = accountService.GetPreviousTransfers();
if (transferList != null)
{
List <ReturnUser> userList = accountService.GetListOfUsers();
if (userList != null)
{
bool pending = true;
consoleService.PrintPreviousTransfers(transferList, userList, pending);
Transfer selectedTransfer = consoleService.ValidateTransferDetailsChoice(transferList, pending);
if (selectedTransfer != null)
{
IRestResponse <decimal> response = accountService.GetBalance();
if (response.StatusCode != System.Net.HttpStatusCode.OK)
{
Console.WriteLine("Unable to reach server.");
}
decimal balance = response.Data;
int userChoice = consoleService.ValidateApproveOrReject(selectedTransfer.amount, balance);
bool approved = userChoice == 1 ? true : false;
if (userChoice == 1 || userChoice == 2)
{
//approve
accountService.UpdateTransfer(selectedTransfer, approved);
}
}
else
{
Console.WriteLine("Couldn't get transfer details.");
}
}
else
{
Console.WriteLine("Couldn't retreive User List while getting past transfers.");
}
}
else
{
Console.WriteLine("Couldn't get list of past transfers.");
}
}
else if (menuSelection == 4)
{
//sending TE Bucks
IRestResponse <decimal> response = accountService.GetBalance();
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
decimal balance = response.Data;
//GetUserFromListOfUsers(list of users)
List <ReturnUser> userList = accountService.GetListOfUsers();
if (userList.Count != 0)
{
//pass the user list to Console Service(listOfUsers) => This displays the list of users, prompts of a selection, returns the selected user
ReturnUser transferToThisUser = consoleService.GetValidUserFromList(userList, true);
if (transferToThisUser != null)
{
//verifytransferamount(fromUser)
decimal transferAmount = consoleService.GetValidTransferAmount(balance);
if (transferAmount != 0)
{
//send te bucks to specified user
Transfer transfer = consoleService.PopulateTransfer("Send", "Approved", transferToThisUser.UserId, UserService.GetUserId(), transferAmount);
accountService.MakeTransfer(transfer);
}
}
else
{
Console.WriteLine("Unable to retreive User from List of Users while making a transfer");
}
}
else
{
Console.WriteLine("Unable to get User List while making a transfer.");
}
}
else
{
Console.WriteLine("Unable to get balance.");
}
}
else if (menuSelection == 5)
{
//request TE bucks
IRestResponse <decimal> response = accountService.GetBalance();
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
//GetUserFromListOfUsers(list of users)
List <ReturnUser> userList = accountService.GetListOfUsers();
if (userList.Count != 0)
{
//pass the user list to Console Service(listOfUsers) => This displays the list of users, prompts of a selection, returns the selected user
ReturnUser requestFromThisUser = consoleService.GetValidUserFromList(userList, false);
if (requestFromThisUser != null)
{
//verifytransferamount(fromUser)
decimal transferAmount = consoleService.GetValidTransferAmount();
if (transferAmount != 0)
{
//send te bucks to specified user
Transfer transfer = consoleService.PopulateTransfer("Request", "Pending", UserService.GetUserId(), requestFromThisUser.UserId, transferAmount);
accountService.MakeTransfer(transfer);
}
}
else
{
Console.WriteLine("Unable to retreive User from List of Users while making a request");
}
}
else
{
Console.WriteLine("Unable to get User List while making a request.");
}
}
else
{
Console.WriteLine("Unable to get balance.");
}
}
else if (menuSelection == 6)
{
Console.WriteLine("");
UserService.SetLogin(new API_User()); //wipe out previous login info
Run(); //return to entry point
}
else
{
Console.WriteLine("Goodbye!");
Environment.Exit(0);
}
}
}
// check balance is greater than 0, deduct transfer amount from sender, deposit trasnfer amt to receiver
public bool BalanceIsSufficient(string username, decimal amtToTransfer)
{
ReturnUser user = GetReturnUser(username);
return(user.AccountBalance >= amtToTransfer);
}
