public HttpResponseMessage Delete([FromBody] Delete delete) { SLW_DatabaseInfo db = new SLW_DatabaseInfo(); KeyDetail key_detail = db.GetKeyDetail(delete.key); if (IsKeyValid(key_detail)) { int user_type_requirement = 9; Utilities.PasswordManager mgr = new Utilities.PasswordManager(); if (db.GetUserType(delete.key) == user_type_requirement) { if (db.CheckUserExist(delete.user)) { db.DeleteUser(delete.user); db.SaveActivity(new UserActivity(delete.user, Commons.Constants.ACTIVITY_DELETE_ACCOUNT, delete.user, "", 0)); return(Request.CreateResponse(HttpStatusCode.OK, "user_deleted")); } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "invalid_user")); } } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "unauthorized")); } } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "access_key_invalid")); } }
public HttpResponseMessage ResetPassword([FromBody] dynamic data) { SLW_DatabaseInfo db = new SLW_DatabaseInfo(); Utilities.PasswordManager manager = new Utilities.PasswordManager(); string password = ""; if ((string)data.new_password == "" || (string)data.new_password == null) { password = Utilities.Generator.GeneratePassword(); } else { password = (string)data.new_password; } manager.ResetPassword((string)data.username, password); UserDetails userDetails = db.GetUserDetails((string)data.username); if (userDetails == null) { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "user not found")); } else { Utilities.Email.Send(userDetails.email, "Password reset", "Your password has been reset. New password: "******""); return(Request.CreateResponse(HttpStatusCode.OK, "password reset")); } }
public HttpResponseMessage RegisterCompanyUser([FromBody] CompanyUser user) { if (user != null) { //can be used to call client functions var connection = GlobalHost.ConnectionManager.GetHubContext <CrossDomainHub>(); Utilities.PasswordManager mgr = new Utilities.PasswordManager(); SLW_DatabaseInfo db = new SLW_DatabaseInfo(); bool valid_user_type = false; List <UserType> user_types = db.GetUserTypes(); for (int i = 0; i < user_types.Count; i++) { if (user_types[i].user_type == user.user_role) { valid_user_type = true; break; } } if (valid_user_type) { if (!db.CheckUserExist(user.username)) { string source = ""; if (db.CheckLocalClientExist(user.clientId)) { source = Commons.Constants.LOCAL_SOURCE; } else { source = Commons.Constants.ASMS_SOURCE; } string hash = mgr.GetHash(user.password); user.user_type = "company"; int id = db.NewCompanyUser(user.username, user.first_name, user.last_name, DateTime.Now, user.user_role, user.user_type, DateTime.Now, (DateTime)System.Data.SqlTypes.SqlDateTime.MinValue, hash, false, user.email, user.company, user.clientId, source); db.SaveActivity(new UserActivity(user.username, Commons.Constants.ACTIVITY_CREATE_ACCOUNT, "", "", 0)); //Utilities.Email.Send(user.email, "New Account", "Your account was created sucessfully. Username: "******""); return(Request.CreateResponse(HttpStatusCode.OK, id)); } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "user exists")); } } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "invalid user type")); } } else { return(Request.CreateResponse(HttpStatusCode.BadRequest, "bad request")); } }
public HttpResponseMessage Login([FromBody] Models.Login login) { Utilities.FileManager.GetEmailKey(); Utilities.PasswordManager mgr = new Utilities.PasswordManager(); SLW_DatabaseInfo db = new SLW_DatabaseInfo(); if (login != null) { if (db.CheckUserExist(login.username)) { UserCredentials credentials = db.GetUserCredentials(login.username); bool passed = mgr.VerifyCredentials(login.password, credentials.hash); if (passed) { string access_key = mgr.GenerateNewAccessKey(login.username); db.SetNewAccessKey(login.username, access_key); db.SaveActivity(new UserActivity(login.username, Commons.Constants.ACTIVITY_LOGIN, "login successful", "", 1)); db.CheckForApplicationUpdates(login.username); return(Request.CreateResponse(HttpStatusCode.OK, new Models.LoginResult("credentials verified", access_key, credentials.user_role, credentials.name, login.username))); } else { db.SaveActivity(new UserActivity(login.username, Commons.Constants.ACTIVITY_LOGIN, "incorrect credentials. login failed", "", 1)); return(Request.CreateResponse(HttpStatusCode.Unauthorized, new Models.LoginResult("incorrect credentials", "", -1, "", login.username))); } } else { db.SaveActivity(new UserActivity(login.username, Commons.Constants.ACTIVITY_LOGIN, "invalid user", "", 1)); return(Request.CreateResponse(HttpStatusCode.Unauthorized, new LoginResult("invalid user", "", -1, "", login.username))); } } else { return(Request.CreateResponse(HttpStatusCode.BadRequest, new LoginResult("bad request", "", -1, "", login.username))); } }
public HttpResponseMessage ChangePassword([FromBody] dynamic data) { SLW_DatabaseInfo db = new SLW_DatabaseInfo(); KeyDetail key_detail = db.GetKeyDetail((string)data.access_key); if (IsKeyValid(key_detail)) { Utilities.PasswordManager psw_manager = new Utilities.PasswordManager(); if (psw_manager.ChangePassword((string)data.username, (string)data.old_psw, (string)data.new_psw)) { db.SaveActivity(new UserActivity((string)data.username, Commons.Constants.ACTIVITY_CHANGE_PASSWORD, "", "", 0)); return(Request.CreateResponse(HttpStatusCode.OK, "password_updated")); } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "password_incorrect")); } } else { return(Request.CreateResponse(HttpStatusCode.Unauthorized, "invalid key")); } }