public string Post([FromBody] TbIuser value)
{
//Check existing
if (dbContext.TbIusers.Any(user => user.Username.Equals(value.Username)))
{
TbIuser user = dbContext.TbIusers.Where(user => user.Username.Equals(value.Username)).First();
//Calculate hash password from data of Client and compare with hash in server with salt.
var client_post_hash_password = Convert.ToBase64String(
Common.SaltHashPassword(
Encoding.ASCII.GetBytes(value.Password),
Convert.FromBase64String(user.Salt)));
if (client_post_hash_password.Equals(user.Password))
{
Response.StatusCode = StatusCodes.Status200OK;
return(JsonConvert.SerializeObject(user));
}
else
{
Response.StatusCode = StatusCodes.Status403Forbidden;
return(JsonConvert.SerializeObject("Wrong Password"));
}
}
else
{
Response.StatusCode = StatusCodes.Status403Forbidden;
return(JsonConvert.SerializeObject("User is not existing in Database"));
}
}
/// <summary>
/// Registration with username, password and Customer id.
/// </summary>
/// <param name="userRegisterDTO">User model</param>
/// <returns>
/// Returns the result message of the request.
/// </returns>
public HttpResponseMessage Post([FromBody] UserRegisterDTO userRegisterDTO)
{
var response = new HttpResponseMessage(HttpStatusCode.OK);
//check User have existing in database
if (!(northwindContext.TbIuser.Any(u => u.Username.Equals(userRegisterDTO.Username))) &&
!(northwindContext.TbIuser.Any(u => u.CustomerId.Equals(userRegisterDTO.CustomerId))))
{
ValidatorResult validatorResult = UserValidator.IsValidUser(userRegisterDTO);
if (!validatorResult.IsValid)
{
response.StatusCode = HttpStatusCode.PreconditionFailed;
response.Content = new StringContent(JsonConvert.SerializeObject(validatorResult.ValidationMessage));
return(response);
}
TbIuser user = new TbIuser();
user.Username = userRegisterDTO.Username.Trim();
var customer = northwindContext.Customers.Find(userRegisterDTO.CustomerId);
if (customer == null)
{
response.StatusCode = HttpStatusCode.PreconditionFailed;
response.Content = new StringContent(JsonConvert.SerializeObject("Wrong CustomerId."));
return(response);
}
user.CustomerId = userRegisterDTO.CustomerId;
user.Salt = Convert.ToBase64String(Common.GetRandomSalt(16));
user.Password = Convert.ToBase64String(Common.SaltHashPassword(
Encoding.ASCII.GetBytes(userRegisterDTO.Password),
Convert.FromBase64String(user.Salt)));
user.FullName = userRegisterDTO.FullName.Trim();
//Add to DB
try
{
northwindContext.Add(user);
northwindContext.SaveChanges();
response.Content = new StringContent(JsonConvert.SerializeObject("Register successfully"));
return(response);
}
catch (Exception e)
{
response.StatusCode = HttpStatusCode.InternalServerError;
response.Content = new StringContent(JsonConvert.SerializeObject(e.Message));
return(response);
}
}
else
{
response.StatusCode = HttpStatusCode.PreconditionFailed;
response.Content = new StringContent(JsonConvert.SerializeObject("User is existing in Database."));
return(response);
}
}
public static UserForJson ConvertUserToJsonUser(TbIuser tbIuser)
{
UserForJson userForJson = new UserForJson(
username: tbIuser.Username,
password: tbIuser.Password,
fullName: tbIuser.FullName,
email: tbIuser.Email,
phoneNumber: tbIuser.PhoneNumber,
gender: tbIuser.Gender == Gender.Male?1: tbIuser.Gender == Gender.Female?2: tbIuser.Gender == Gender.Other?3:0,
role: tbIuser.Role == Role.Administrator ? 1 : tbIuser.Role == Role.User ?2:0,
salt: tbIuser.Salt,
dateOfBirth: tbIuser.DateOfBirth.ToString()
);
return(userForJson);
}
public static TbIuser ConvertJsonUserToUser(UserForJson userForJson)
{
DateTime dateTime = new DateTime();
DateTime.TryParse(userForJson.DateOfBirth, out dateTime);
TbIuser tbIuser = new TbIuser(
username: userForJson.Username,
password: userForJson.Password,
fullName: userForJson.FullName,
email: userForJson.Email,
phoneNumber: userForJson.PhoneNumber,
gender: userForJson.Gender == 1?Gender.Male: userForJson.Gender == 2?Gender.Female: userForJson.Gender == 3?Gender.Other:0,
role: userForJson.Role == 1?Role.Administrator:userForJson.Role == 2?Role.User:0,
salt: userForJson.Salt,
dateOfBirth: dateTime
);
return(tbIuser);
}
public string Post([FromBody] UserForJson value)
{
//check User have existing in database
if (!dbContext.TbIusers.Any(user => user.Username.Equals(value.Username)))
{
TbIuser tbIuser = UserConverter.ConvertJsonUserToUser(value);
ValidatorResult validatorResult = UserValidator.IsValidUser(tbIuser);
if (!validatorResult.IsValid)
{
return(JsonConvert.SerializeObject(validatorResult.ValidationMessage));
}
TbIuser user = new TbIuser();
user.Username = tbIuser.Username;
user.Email = tbIuser.Email;
user.DateOfBirth = tbIuser.DateOfBirth;
user.FullName = tbIuser.FullName;
user.Gender = tbIuser.Gender;
user.Role = Role.User;
user.PhoneNumber = tbIuser.PhoneNumber;
user.Salt = Convert.ToBase64String(Common.GetRandomSalt(16));
user.Password = Convert.ToBase64String(Common.SaltHashPassword(
Encoding.ASCII.GetBytes(tbIuser.Password),
Convert.FromBase64String(user.Salt)));
//Add to DB
try
{
dbContext.Add(user);
dbContext.SaveChanges();
return(JsonConvert.SerializeObject("Register successfully"));
}
catch (Exception e)
{
return(JsonConvert.SerializeObject(e.Message));
}
}
else
{
return(JsonConvert.SerializeObject("User is existing in Database."));
}
}
/// <summary>
/// Login with username and password
/// </summary>
/// <param name="userLoginDTO">User model</param>
/// <returns>
/// Returns the result message of the request.
/// </returns>
public HttpResponseMessage Post([FromBody] UserLoginDTO userLoginDTO)
{
var response = new HttpResponseMessage(HttpStatusCode.OK);
//Check existing
if (northwindContext.TbIuser.Any(user => user.Username.Equals(userLoginDTO.Username)))
{
TbIuser user = northwindContext.TbIuser.Where(u => u.Username.Equals(userLoginDTO.Username)).FirstOrDefault();
//Calculate hash password from data of Client and compare with hash in server with salt.
var client_post_hash_password = Convert.ToBase64String(
Common.SaltHashPassword(
Encoding.ASCII.GetBytes(userLoginDTO.Password),
Convert.FromBase64String(user.Salt)));
if (client_post_hash_password.Equals(user.Password))
{
UserRegisterDTO userModel = new UserRegisterDTO()
{
FullName = user.FullName,
Username = user.Username,
Password = user.Password,
CustomerId = user.CustomerId
};
response.Content = new StringContent(JsonConvert.SerializeObject(userModel));
return(response);
}
else
{
response.StatusCode = HttpStatusCode.PreconditionFailed;
response.Content = new StringContent(JsonConvert.SerializeObject("Wrong Password"));
return(response);
}
}
else
{
response.StatusCode = HttpStatusCode.Unauthorized;
response.Content = new StringContent(JsonConvert.SerializeObject("User is not existing in Database"));
return(response);
}
}
public static ValidatorResult IsValidUser(TbIuser user)
{
ValidatorResult validatorResult = new ValidatorResult(true);
if (user == null)
{
validatorResult.IsValid = false;
validatorResult.ValidationMessage = "The user is null.";
return(validatorResult);
}
if (user.DateOfBirth == null)
{
validatorResult.IsValid = false;
validatorResult.ValidationMessage = "The user date of birth is null.";
return(validatorResult);
}
if (user.Email.Trim().Equals(""))
{
validatorResult.IsValid = false;
validatorResult.ValidationMessage = "The user email is empty.";
return(validatorResult);
}
if (user.FullName.Trim().Equals(""))
{
validatorResult.IsValid = false;
validatorResult.ValidationMessage = "The user Full name is empty.";
return(validatorResult);
}
if (user.PhoneNumber.Trim().Equals(""))
{
validatorResult.IsValid = false;
validatorResult.ValidationMessage = "The user phone number is empty.";
return(validatorResult);
}
if (user.Gender == 0)
{
validatorResult.IsValid = false;
validatorResult.ValidationMessage = "The user gender is null.";
return(validatorResult);
}
if (user.Username.Trim().Equals(""))
{
validatorResult.IsValid = false;
validatorResult.ValidationMessage = "The user username is empty.";
return(validatorResult);
}
if (user.Password.Trim().Equals(""))
{
validatorResult.IsValid = false;
validatorResult.ValidationMessage = "The user password is empty.";
return(validatorResult);
}
else if (user.Password.Trim().Length < 8)
{
validatorResult.IsValid = false;
validatorResult.ValidationMessage = "The user password length is short.Password length must be at less 8 characters.";
return(validatorResult);
}
return(validatorResult);
}
