public IActionResult User_EditAccountLogin(int id, int account_id, [FromBody] string login)
{
// attempt to edit the login
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV))
{
ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information.");
return(new UnauthorizedObjectResult(error));
}
// validate ownership of said account
if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id))
{
ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID.");
return(new BadRequestObjectResult(error));
}
// get account and modify
Account accToEdit = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id);
accToEdit.Login = HelperMethods.EncryptStringToBytes_Aes(login, HelperMethods.GetUserKeyAndIV(id));;
accToEdit.LastModified = HelperMethods.EncryptStringToBytes_Aes(DateTime.Now.ToString(), HelperMethods.GetUserKeyAndIV(id));
_context.SaveChanges();
return(Ok());
}
public IActionResult User_EditAccount(int id, int acc_id, [FromBody] NewAccount acc)
{
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV))
{
ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information.");
return(new UnauthorizedObjectResult(error));
}
// validate ownership of said account
if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == acc_id))
{
ErrorMessage error = new ErrorMessage("Failed to delete account", "User does not have an account matching that ID.");
return(new BadRequestObjectResult(error));
}
// get account and modify
Account accToEdit = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == acc_id);
accToEdit.Title = HelperMethods.EncryptStringToBytes_Aes(acc.Title, HelperMethods.GetUserKeyAndIV(id));
accToEdit.Login = HelperMethods.EncryptStringToBytes_Aes(acc.Login, HelperMethods.GetUserKeyAndIV(id));
accToEdit.Password = HelperMethods.EncryptStringToBytes_Aes(acc.Password, HelperMethods.GetUserKeyAndIV(id));
accToEdit.Url = HelperMethods.EncryptStringToBytes_Aes(acc.Url, HelperMethods.GetUserKeyAndIV(id));
accToEdit.Description = HelperMethods.EncryptStringToBytes_Aes(acc.Description, HelperMethods.GetUserKeyAndIV(id));
accToEdit.LastModified = HelperMethods.EncryptStringToBytes_Aes(DateTime.Now.ToString(), HelperMethods.GetUserKeyAndIV(id));
_context.SaveChanges();
// return the new object to easily update on frontend without making another api call
return(new OkObjectResult(new ReturnableAccount(accToEdit)));
}
[HttpPut("{id:int}/accounts/{account_id:int}/password")] // in progress
public string User_EditAccountPassword(int id, int account_id, [FromBody] string password)
{
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id))
{
Response.StatusCode = 401;
return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString());
}
try {
Account acc = _context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id);
acc.Password = HelperMethods.EncryptStringToBytes_Aes(password, HelperMethods.GetUserKeyAndIV(id)); // this logic will need to be changed to use a unique key
_context.Accounts.Update(acc);
_context.SaveChanges();
} catch (Exception ex) {
Response.StatusCode = 500;
return(JObject.FromObject(new ErrorMessage("Error editing password", "n/a", ex.Message)).ToString());
}
return(SuccessMessage._result);
}
public IActionResult User_EditFolderName(int id, int folder_id, [FromBody] string name)
{
// attempt to edit the title
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV))
{
ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information.");
return(new UnauthorizedObjectResult(error));
}
// validate ownership of said folder
if (!_context.Users.Single(a => a.ID == id).Folders.Exists(b => b.ID == folder_id))
{
ErrorMessage error = new ErrorMessage("Invalid Folder", "User does not have a folder matching that ID.");
return(new BadRequestObjectResult(error));
}
// modify
_context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == folder_id).FolderName = HelperMethods.EncryptStringToBytes_Aes(name, HelperMethods.GetUserKeyAndIV(id));
_context.SaveChanges();
return(Ok());
}
public IActionResult User_AddAccount(int id, [FromBody] NewAccount accToAdd)
{
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id, _keyAndIV))
{
ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information.");
return(new UnauthorizedObjectResult(error));
}
// account limit is 50 for now
if (_context.Users.Single(a => a.ID == id).Accounts.Count >= 50)
{
ErrorMessage error = new ErrorMessage("Failed to create new account", "User cannot have more than 50 passwords saved at once.");
return(new BadRequestObjectResult(error));
}
// if this user does not own the folder we are adding to, then error
if (accToAdd.FolderID != null && !_context.Users.Single(a => a.ID == id).Folders.Exists(b => b.ID == accToAdd.FolderID))
{
ErrorMessage error = new ErrorMessage("Failed to create new account", "User does not have a folder matching that ID.");
return(new BadRequestObjectResult(error));
}
// create new account and save it
Account new_account = new Account(accToAdd, id);
new_account.LastModified = HelperMethods.EncryptStringToBytes_Aes(DateTime.Now.ToString(), HelperMethods.GetUserKeyAndIV(id));
_context.Accounts.Add(new_account);
_context.SaveChanges();
// return the new object to easily update on frontend without making another api call
return(new OkObjectResult(new ReturnableAccount(new_account)));
}
[HttpPut("{id:int}/accounts/{account_id:int}/password")] // in progress
public IActionResult User_EditAccountPassword(int id, int account_id, [FromBody] string password)
{
try
{
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id))
{
ErrorMessage error = new ErrorMessage("Invalid User", "Caller can only access their information.");
return(new UnauthorizedObjectResult(error));
}
// validate ownership of said account
if (!_context.Users.Single(a => a.ID == id).Accounts.Exists(b => b.ID == account_id))
{
ErrorMessage error = new ErrorMessage("Invalid account", "User does not have an account matching that ID.");
return(new BadRequestObjectResult(error));
}
_context.Users.Single(a => a.ID == id).Accounts.Single(b => b.ID == account_id).Password = HelperMethods.EncryptStringToBytes_Aes(password, HelperMethods.GetUserKeyAndIV(id));
_context.SaveChanges();
return(Ok());
}
catch (Exception ex)
{
ErrorMessage error = new ErrorMessage("Error editing password", ex.Message);
return(new InternalServerErrorResult(error));
}
}
[HttpPost("{id:int}/accounts")] // working
public string User_AddAccount(int id, [FromBody] string accJson)
{
// verify that the user is either admin or is requesting their own data
if (!HelperMethods.ValidateIsUserOrAdmin(_httpContextAccessor, _context, id))
{
Response.StatusCode = 401;
return(JObject.FromObject(new ErrorMessage("Invalid User", "id accessed: " + id.ToString(), "Caller can only access their information.")).ToString());
}
JObject json = null;
// might want Json verification as own function since all will do it.. we will see
try { json = JObject.Parse(accJson); } catch (Exception ex) {
Response.StatusCode = 400;
ErrorMessage error = new ErrorMessage("Invalid Json", accJson, ex.Message);
return(JObject.FromObject(error).ToString());
}
try {
// if folder id is present, then use it, if not we use standard null for top parent
int?folder_id;
if (json["folder_id"] == null)
{
folder_id = null;
}
else
{
folder_id = _context.Users.Single(a => a.ID == id).Folders.Single(b => b.ID == int.Parse(json["folder_id"].ToString())).ID; // makes sure folder exists and is owned by user
}
// use token in header to to
Account new_account = new Account {
UserID = id,
FolderID = folder_id,
Title = json["account_title"]?.ToString(),
Login = json["account_login"]?.ToString(),
Password = json["account_password"] != null?HelperMethods.EncryptStringToBytes_Aes(json["account_password"].ToString(), HelperMethods.GetUserKeyAndIV(id)) : null,
Description = json["account_description"]?.ToString()
};
_context.Accounts.Add(new_account);
_context.SaveChanges();
} catch (Exception ex) {
Response.StatusCode = 500;
return(JObject.FromObject(new ErrorMessage("Error creating new account.", accJson, ex.Message)).ToString());
}
return(SuccessMessage._result);
}
