} // decrypted user public UserControllerIntegrationTest(WebApplicationFactory <SafeAccountsAPI.Startup> fixture) { _client = fixture.CreateClient(); // get reference to app settings and local db _config = new ConfigurationBuilder().AddJsonFile("appsettings.Development.json").Build(); DbContextOptions <APIContext> options = new DbContextOptions <APIContext>(); _context = new APIContext(options, _config); // set default header for our api_key... Development key only, doesnt work with online api _client.DefaultRequestHeaders.Add("ApiKey", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYXBpX2tleSIsImV4cCI6MTY1MzkxODQyNiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIn0.ZBagEGyp7dJBozJ7HoQ8nZVNpK-h-rzjXL9SmEvIYgA"); // set reference to our user for testing string[] keyAndIV = { _config.GetValue <string>("UserEncryptionKey"), _config.GetValue <string>("UserEncryptionIV") }; // for user encryption there is a single key _testUser = _context.Users.Single(a => a.Email.SequenceEqual(HelperMethods.EncryptStringToBytes_Aes("*****@*****.**", keyAndIV))); _retTestUser = new ReturnableUser(_testUser, keyAndIV); // if we dont have the keys file, lets copy it over for testing if (!File.Exists(HelperMethods.keys_file)) { // Use static Path methods to extract only the file name from the path. string destFile = System.IO.Path.Combine(Directory.GetCurrentDirectory(), HelperMethods.keys_file); System.IO.File.Copy("../../../../SafeAccountsAPI/" + HelperMethods.keys_file, destFile, true); } }
public async Task GET_Should_Retrieve_User_information() { /* * HttpGet("users/{id}") * Get the user information and validate that what is returned is as expected. */ using (var requestMessage = new HttpRequestMessage(HttpMethod.Get, _client.BaseAddress + "users/" + _testUser.ID)) { // add cookie, make request and validate status code requestMessage.Headers.Add("AccessToken", _accessToken); var response = await _client.SendAsync(requestMessage); Assert.Equal(HttpStatusCode.OK, response.StatusCode); // expected and returned users ReturnableUser returnedUser = JsonConvert.DeserializeObject <ReturnableUser>(response.Content.ReadAsStringAsync().Result); // check that the returned user is the user we were expecting.. checking for the correct hex strings Assert.Equal(_retTestUser.ID, returnedUser.ID); Assert.Equal(_retTestUser.Email, returnedUser.Email); Assert.Equal(_retTestUser.Role, returnedUser.Role); Assert.Equal(_retTestUser.First_Name, returnedUser.First_Name); Assert.Equal(_retTestUser.Last_Name, returnedUser.Last_Name); } }
public async Task GET_Should_Retrieve_User_information() { /* * HttpGet("users/{id}") * Get the user information and validate that what is returned is as expected. */ using (var requestMessage = new HttpRequestMessage(HttpMethod.Get, _client.BaseAddress + "users/" + _testUser.ID)) { // generate access code and set header string accessToken = HelperMethods.GenerateJWTAccessToken(_testUser.ID, _config["UserJwtTokenKey"]); string cookie = "AccessToken=" + accessToken; requestMessage.Headers.Add("Cookie", cookie); // make request and validate status code var response = await _client.SendAsync(requestMessage); Assert.Equal(HttpStatusCode.OK, response.StatusCode); // expected and returned users ReturnableUser returnedUser = JsonConvert.DeserializeObject <ReturnableUser>(response.Content.ReadAsStringAsync().Result); // check that the returned user is the user we were expecting Assert.Equal(_retTestUser.ID, returnedUser.ID); Assert.Equal(_retTestUser.Email, returnedUser.Email); Assert.Equal(_retTestUser.Role, returnedUser.Role); Assert.Equal(_retTestUser.First_Name, returnedUser.First_Name); Assert.Equal(_retTestUser.Last_Name, returnedUser.Last_Name); } }
[HttpGet] //working public IActionResult GetAllUsers() { try { if (!HelperMethods.ValidateIsAdmin(_httpContextAccessor)) { ErrorMessage error = new ErrorMessage("Invalid Role", "Caller must have admin role."); return(new UnauthorizedObjectResult(error)); } // get and return all users List <ReturnableUser> users = new List <ReturnableUser>(); foreach (User user in _context.Users.ToArray()) { ReturnableUser retUser = new ReturnableUser(user); users.Add(retUser); } return(new OkObjectResult(users)); } catch (Exception ex) { ErrorMessage error = new ErrorMessage("Error retrieving users.", ex.Message); return(new InternalServerErrorResult(error)); } }
public JsonResult OnPost() { if (!_context.User.Any()) { var returnable = new ReturnableUser("", "", "", "", "No users in Database."); return(new JsonResult(returnable)); } string error = string.Empty; string is_observing = ""; string group_name = ""; User userObj = new User(); try { string username = Request.Form["username"]; string passwordHash = Request.Form["passwordHash"]; userObj = _context.User.Where(x => x.UserName == username).First(); } catch (Exception e) { error = "Username or password not found"; var returnableError = new ReturnableUser(userObj.UserName, userObj.Salt, is_observing, group_name, error); return(new JsonResult(returnableError)); } is_observing = userObj.IsObserver; group_name = _context.Group.First(x => x.ID == userObj.GroupID).Name; var returnableUser = new ReturnableUser(userObj.UserName, userObj.Salt, is_observing, group_name, error); return(new JsonResult(returnableUser)); }
//[BindProperty] //public User createUser { get; set; } // To protect from overposting attacks, enable the specific properties you want to bind to, for // more details, see https://aka.ms/RazorPagesCRUD. public JsonResult OnPost() { string username = Request.Form["username"].First(); string passwordHash = Request.Form["passwordHash"].First(); string salt = Request.Form["salt"].First(); string group_name = Request.Form["group_name"]; string is_observer = Request.Form["is_observer"]; var userObjArray = _context.User.Where(x => x.UserName == username); string error = ""; var any_group = _context.Group.Where(x => x.Name == group_name); Group group; if (any_group.Count() == 0 || !any_group.Any()) { group = new Group { Name = group_name, }; } else { group = _context.Group.First(x => x.Name == group_name); } if (userObjArray.Any()) { error = "Username already exists."; } else { //if (group == null) //{ // group = new Group // { // Name = group_name, // }; //} User createdUser = new User { UserName = username, PasswordHash = passwordHash, Salt = salt, IsObserver = is_observer, GroupID = group.ID, Group = group }; _context.User.Add(createdUser); _context.SaveChanges(); } var returnableUser = new ReturnableUser("", "", "", "", error); return(new JsonResult(returnableUser)); }
public IActionResult User_GetUser(int id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information."); return(new UnauthorizedObjectResult(error)); } // strips out private data that is never to be sent back and returns user info ReturnableUser retUser = new ReturnableUser(_context.Users.Where(a => a.ID == id).Single(), _keyAndIV); return(new OkObjectResult(retUser)); }
[HttpGet("{id:int}")] // working public string User_GetUser(int id) { // verify that the user is either admin or is requesting their own data if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString()); } //format response JObject message = JObject.Parse(SuccessMessage._result); ReturnableUser retUser = new ReturnableUser(_context.Users.Where(a => a.ID == id).Single()); // strips out private data that is never to be sent back message.Add(new JProperty("user", JToken.FromObject(retUser))); return(message.ToString()); }
/// <summary> /// this function is called to save time entries to the database /// </summary> public JsonResult OnPostSubmitTime() { DateTime tempStartTime = new DateTime(); DateTime tempEndTime = new DateTime(); string error = ""; try { tempStartTime = DateTime.Parse(Request.Form["StartTime"].First()); tempEndTime = DateTime.Parse(Request.Form["EndTime"].First()); } catch (FormatException) { Console.WriteLine("Unable to parse the specified date"); error = "Unable to parse the specified date"; } int index = 0; for (int j = 0; j < _context.User.Count(); j++) { if (_context.User.ToArray()[j].UserName == Request.Form["name"].First()) { index = j; break; } } TimeLog newTimeEntry = new TimeLog { StarTime = tempStartTime, EndTime = tempEndTime, UserID = _context.User.ToArray()[index].ID, User = _context.User.ToArray()[index], Description = Request.Form["Description"].First() }; _context.TimeLog.Add(newTimeEntry); _context.SaveChanges(); var returnableUser = new ReturnableUser("", "", "", "", error); return(new JsonResult(returnableUser)); }
public IActionResult GetAllUsers() { if (!HelperMethods.ValidateIsAdmin(_context, int.Parse(_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.Actor).Value), _keyAndIV)) { ErrorMessage error = new ErrorMessage("Invalid Role", "Caller must have admin role."); return(new UnauthorizedObjectResult(error)); } // get and return all users List <ReturnableUser> users = new List <ReturnableUser>(); foreach (User user in _context.Users.ToArray()) { ReturnableUser retUser = new ReturnableUser(user, _keyAndIV); users.Add(retUser); } return(new OkObjectResult(users)); }
[HttpGet] //working public string GetAllUsers() { if (!HelperMethods.ValidateIsAdmin(_httpContextAccessor)) { Response.StatusCode = 401; return(JObject.FromObject(new ErrorMessage("Invalid Role", "n/a", "Caller must have admin role.")).ToString()); // n/a for no args there } // format success response.. maybe could be done better but not sure yet JObject message = JObject.Parse(SuccessMessage._result); JArray users = new JArray(); foreach (User user in _context.Users.ToArray()) { ReturnableUser retUser = new ReturnableUser(user); users.Add(JToken.FromObject(retUser)); } message.Add(new JProperty("users", users)); return(message.ToString()); }
/// <summary> /// /// </summary> /// <param name="user"></param> /// <remarks>TODO Move this to the helpers</remarks> private void SendConfirmationEmail(User user) { ReturnableUser retUser = new ReturnableUser(user, _keyAndIV); // decrypt user data // generate token string token = HelperMethods.GenerateJWTEmailConfirmationToken(retUser.ID, _configuration.GetValue <string>("EmailConfirmationTokenKey")); // handle to our smtp client var smtpClient = new SmtpClient(_configuration.GetValue <string>("Smtp:Host")) { Port = int.Parse(_configuration.GetValue <string>("Smtp:Port")), Credentials = new NetworkCredential(_configuration.GetValue <string>("Smtp:Username"), _configuration.GetValue <string>("Smtp:Password")), EnableSsl = true, }; // format the body of the message string body = "Hello " + retUser.First_Name + ",\n\n"; body += "A new account has been registered with SafeAccounts using your email address.\n\n"; body += "To confirm your new account, please go to this web address:\n\n"; body += _configuration.GetValue <string>("WebsiteUrl") + "emailconfirmation/?token=" + token + "&email=" + retUser.Email; body += "\n\nThis should appear as a blue link which you can just click on. If that doesn't work,"; body += "then cut and paste the address into the address line at the top of your web browser window.\n\n"; body += "If you need help, please contact the site administrator.\n\n"; body += "SafeAccounts Administrator,\n"; body += _configuration.GetValue <string>("Smtp:Username"); // handle to our message settings var mailMessage = new MailMessage { From = new MailAddress(_configuration.GetValue <string>("Smtp:Username")), Subject = "Confirm Your SafeAccounts Registration", Body = body, IsBodyHtml = false, }; mailMessage.To.Add(retUser.Email); // send message smtpClient.Send(mailMessage); }
} // encryption key and iv used for all users base data,, this key cannot unluck user stored passwords/accounts public UserControllerIntegrationTest(WebApplicationFactory <SafeAccountsAPI.Startup> fixture) { _client = fixture.CreateClient(); // get reference to app settings and local db _config = new ConfigurationBuilder().AddJsonFile("appsettings.Development.json").Build(); DbContextOptions <APIContext> options = new DbContextOptions <APIContext>(); _context = new APIContext(options, _config); // set default header for our api_key... Development key only, doesnt work with online api _client.DefaultRequestHeaders.Add("ApiKey", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYXBpX2tleSIsImV4cCI6MTY2Mjk4NzA4MywiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNjYiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo0NDM2NiJ9.NUf-fL3g72Z8XqihXJIuaG_z8_NEHmSwckb94VgVK3Q"); // set reference to our user for testing _keyAndIv = new string[] { _config.GetValue <string>("UserEncryptionKey"), _config.GetValue <string>("UserEncryptionIV") }; // for user encryption there is a single key _testUser = _context.Users.Single(a => a.Email.SequenceEqual(HelperMethods.EncryptStringToBytes_Aes("*****@*****.**", _keyAndIv))); // encrypted user _retTestUser = new ReturnableUser(_testUser, _keyAndIv); // decrypted user // generate access code and refresh token for use with endpoints that need to be logged in _accessToken = HelperMethods.GenerateJWTAccessToken(_testUser.ID, _config["UserJwtTokenKey"], _config.GetValue <string>("ApiUrl")); _refreshToken = new ReturnableRefreshToken(HelperMethods.GenerateRefreshToken(_testUser, _context, _keyAndIv), _keyAndIv).Token; }