public static otpview updateEntity(otpview entityObjct, DTOotpview dto)
{
if (entityObjct == null)
{
entityObjct = new otpview();
}
entityObjct.User_ID = dto.User_ID;
entityObjct.otpCode = dto.otpCode;
entityObjct.otpRetryCount = dto.otpRetryCount;
entityObjct.otpExpirationTime = dto.otpExpirationTime;
entityObjct.otpNextAllowedTime = dto.otpNextAllowedTime;
entityObjct.otpRecordCreated = dto.otpRecordCreated;
return(entityObjct);
}
public string checkEnteredOTP(int UserID, string enteredOTP)
{
//cases: 1. expired OTP, 2. Valid OTP, 3. Invalid OTP
otpview otpView = (from c in db.otpviews where c.User_ID == UserID select c).SingleOrDefault();
//co check this user's current OTP expiration time:
Nullable <DateTime> expiryDate = otpView.otpExpirationTime;
Nullable <DateTime> nowTime = DateTime.Now;
if (Nullable.Compare(nowTime, expiryDate) > 0) //now is later than expiry: so OTP has expired!
{
return("OTP Expired"); //, please retry the transaction"; //access denied?
}
else //OTP has not expired
{
//check if OTP is valid:
if (enteredOTP.Equals(otpView.otpCode))
{
//need to update the database so that the expiry becomes now
otpView.otpExpirationTime = DateTime.Now;
db.Entry(otpView).State = EntityState.Modified;
db.SaveChanges();
return("OTP Valid");
}
else
{ //generate new otp??
sendUserOTPAndSaveOTP(UserID, true); //resend-has 2 paths
if (otpView.otpRetryCount < 3)
{
return("OTP Invalid");
}
else
{
return("User Blocked");
}
}
}
}
public IHttpActionResult sendUserOTPAndSaveOTP(int UserID, bool isResend)
{
string userPhoneNum = getPhoneNumFromUserID(UserID);
string correctPhoneNum = getCorrectPhoneNumFormat(userPhoneNum);
string newOTP = generateOTP();
otpview toUpdate = (from c in db.otpviews where c.User_ID == UserID select c).SingleOrDefault();
DTOotpview dtoOtpView = new DTOotpview(toUpdate);
if (isResend)
{
dtoOtpView.otpRetryCount += 1; //increment the retrycount
if (dtoOtpView.otpRetryCount < 3) //still a valid attempt
{
sendEmailViaWebApi(correctPhoneNum, "Hello from Nanofin! Your OTP for your transaction is: " + newOTP);
dtoOtpView.otpCode = newOTP;
//dtoOtpView.otpRetryCount has been set above
dtoOtpView.otpExpirationTime = DateTime.Now.AddMinutes(3);
dtoOtpView.otpNextAllowedTime = null; //remains null as long as the user isn't blocked
dtoOtpView.otpRecordCreated = DateTime.Now;
toUpdate = EntityMapper.updateEntity(toUpdate, dtoOtpView);
db.Entry(toUpdate).State = EntityState.Modified;
db.SaveChanges();
return(Content(HttpStatusCode.OK, "OTP Resent Successfully"));
}
if (dtoOtpView.otpRetryCount == 3)//too many attempts: user can request new OTP after a defined time=>blocked
{
dtoOtpView.otpCode = null;
dtoOtpView.otpRetryCount = 3;
dtoOtpView.otpExpirationTime = null;
dtoOtpView.otpNextAllowedTime = DateTime.Now.AddMinutes(2);//block time
dtoOtpView.otpRecordCreated = DateTime.Now;
toUpdate = EntityMapper.updateEntity(toUpdate, dtoOtpView);
db.Entry(toUpdate).State = EntityState.Modified;
db.SaveChanges();
return(Content(HttpStatusCode.OK, "User blocked, OTP not Resent"));
}
return(StatusCode(HttpStatusCode.NoContent));
}
else //not a resend: first time being sent
{
Nullable <DateTime> nowTime = DateTime.Now;
//check if user is blocked: User is not blocked timeNow>next allowed time
if (dtoOtpView.otpNextAllowedTime == null || (Nullable.Compare(nowTime, dtoOtpView.otpNextAllowedTime) > 0))
{
sendEmailViaWebApi(correctPhoneNum, "Hello from Nanofin! Your OTP for your transaction is: " + newOTP);
dtoOtpView.otpCode = newOTP;
dtoOtpView.otpRetryCount = 0;
dtoOtpView.otpExpirationTime = DateTime.Now.AddMinutes(1); //expiry time
dtoOtpView.otpNextAllowedTime = null; //remains null as long as the user isn't blocked
dtoOtpView.otpRecordCreated = DateTime.Now;
toUpdate = EntityMapper.updateEntity(toUpdate, dtoOtpView);
db.Entry(toUpdate).State = EntityState.Modified;
db.SaveChanges();
return(Content(HttpStatusCode.OK, "OTP Sent sucessfully first time"));
}
else //user is still blocked
{
return(Content(HttpStatusCode.OK, "User is still blocked"));
}
}
}
