public object UpdateMyInfo()
{
if (Request.Method == HttpMethod.Options)
{
return Request.CreateResponse(HttpStatusCode.OK);
}
try
{
var jsonString = Request.Content.ReadAsStringAsync().Result;
var propertiesToUpdate = JsonConvert.DeserializeObject<Dictionary<string, string>>(jsonString);
if (propertiesToUpdate == null)
{
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
if (propertiesToUpdate.ContainsKey("userPassword"))
{
return Request.CreateResponse(HttpStatusCode.BadRequest,
"Use ChangeMyPassword api to change your password!");
}
var tr = new TokenRepository();
var ur = new UserRepository();
var origAuthRequst = tr.GetAuthRequestFromToken(Request.Headers.GetValues("Authorization").First());
ur.ChangeUserInfo(origAuthRequst.User, origAuthRequst.Password, propertiesToUpdate);
return Request.CreateResponse(HttpStatusCode.OK);
}
catch(Exception exc)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError);
}
}
public HttpResponseMessage GetToken(AuthRequest model)
{
if (Request.Method == HttpMethod.Options)
{
return Request.CreateResponse(HttpStatusCode.OK);
}
try
{
var ur = new UserRepository();
Role[] roles;
if (string.IsNullOrEmpty(model.User) || string.IsNullOrEmpty(model.Password) ||
!ur.CheckUserCredentials(model.User, model.Password, out roles))
{
return Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid user or password!");
}
else
{
var tr = new TokenRepository();
var tokenModel = tr.GenerateAndRegisterTokenForUserWithRights(model.User,
model.Password, roles);
var tokenReponse = new TokenResponse()
{
UserRights = string.Join(",", roles),
ExpirationDateTime = tokenModel.ExpirationDateTime,
Token = tokenModel.Token
};
return Request.CreateResponse(HttpStatusCode.OK, tokenReponse);
}
}
catch (Exception)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError);
}
}
public object GetInfo(string cnUser)
{
if (Request.Method == HttpMethod.Options)
{
return Request.CreateResponse(HttpStatusCode.OK);
}
try
{
var tr = new TokenRepository();
var ur = new UserRepository();
var origAuthRequst = tr.GetAuthRequestFromToken(Request.Headers.GetValues("Authorization").First());
var userInfo = ur.GetUserInfo(origAuthRequst.User, origAuthRequst.Password, cnUser,
new[] {"displayName", "telephoneNumber", "title", "mail"});
return Request.CreateResponse(userInfo.Count > 1 ? HttpStatusCode.OK : HttpStatusCode.NotFound, userInfo);
}
catch
{
return Request.CreateResponse(HttpStatusCode.InternalServerError);
}
}
protected override bool IsAuthorized(HttpActionContext httpActionContext)
{
return true;
if (Roles == null)
{
return true;
}
if (httpActionContext.Request.Headers.Contains("Authorization"))
{
var tr = new TokenRepository();
Role[] myRoles;
if (tr.IsTokenValid(httpActionContext.Request.Headers.GetValues("Authorization").First(),
out myRoles))
{
if (Roles.Any(x=>myRoles.Contains(x)))
{
return true;
}
}
}
return false; //base.IsAuthorized(httpActionContext);
}
public object ChangeMyPassword()
{
if (Request.Method == HttpMethod.Options)
{
return Request.CreateResponse(HttpStatusCode.OK);
}
var jsonString = Request.Content.ReadAsStringAsync().Result;
var dict = JsonConvert.DeserializeObject<Dictionary<string, string>>(jsonString);
if (dict == null || !dict.ContainsKey("newPassword"))
{
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
var newPassword = dict["newPassword"];
try
{
var tr = new TokenRepository();
var ur = new UserRepository();
var origAuthRequst = tr.GetAuthRequestFromToken(Request.Headers.GetValues("Authorization").First());
if (ur.ChangeUserInfo(origAuthRequst.User, origAuthRequst.Password,
new Dictionary<string, string> {{"userPassword", newPassword}}))
{
tr.InvalidateTokensForUser(origAuthRequst.User,
Request.Headers.GetValues("Authorization").FirstOrDefault());
}
return Request.CreateResponse(HttpStatusCode.OK);
}
catch(Exception exc)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError);
}
}
