public void AuthToken(ref HttpRequest request)
{
string message = null;
string admin_email = request.FormField("admin_email");
string admin_password = request.FormField("admin_password");
AdminCache admin = new AdminCache();
admin.admin_role = "admin";
if (Database.admin.SelectAdmin(ref admin_email, ref admin))
{
if (Validator.VerifyHashedPassword(ref admin.admin_password, ref admin_password))
{
string admin_bearer_token = AdminPanel.AddAdminSession(admin.admin_role, admin_email);
request.ResponseJsonData(admin_bearer_token);
Logger.WriteLog("Auth token for admin.admin_email->" + admin.admin_email, LogLevel.Usual);
return;
}
else
{
message = "Wrong password.";
}
}
else
{
message = "Server can't identify admin. Invalid email.";
}
request.ResponseJsonAnswer(false, message);
Logger.WriteLog(message, LogLevel.Usual);
}
public static void AddAdmin(string email, string password)
{
string message = string.Empty;
if (Validator.ValidatePassword(ref password, ref message))
{
if (!Database.admin.CheckAdminByEmail(email))
{
AdminCache admin = new AdminCache();
admin.admin_email = email;
admin.admin_password = Validator.HashPassword(ref password);
admin.admin_created_at = (int)(DateTime.Now - new DateTime(1970, 1, 1, 1, 1, 1)).TotalSeconds;
admin.admin_role = "admin";
admin.recovery_code = 0;
Database.admin.AddAdmin(ref admin);
Logger.WriteLog("Add new admin to server, admin_id=" + admin.admin_id, LogLevel.Usual);
return;
}
else
{
message = "Server have this admin address. Check admin_email or admin_login.";
}
}
Logger.WriteLog(message, LogLevel.Warning);
}
public bool ChangePassword(AdminCache cache, ref string message)
{
Admin admin = context.Admins.Where(a => a.recoveryCode == cache.recovery_code).FirstOrDefault();
if (admin != null)
{
if (cache.admin_password.Equals(cache.confirm_password))
{
if (profileCondition.PasswordIsTrue(cache.admin_password, ref message))
{
admin.adminPassword = profileCondition.HashPassword(cache.admin_password);
admin.recoveryCode = null;
context.Admins.Update(admin);
context.SaveChanges();
log.Information("Change password for admin, id -> " + admin.adminId);
return(true);
}
}
else
{
message = "Passwords aren't equal to each other.";
}
}
else
{
message = "Incorrect code entered";
}
return(false);
}
public ActionResult <dynamic> ChangePassword(AdminCache cache)
{
string message = null;
if (admins.ChangePassword(cache, ref message))
{
return(new { success = true, message = "Your password was changed." });
}
return(Return500Error(message));
}
public ActionResult <dynamic> RecoveryPassword(AdminCache cache)
{
string message = null;
if (admins.RecoveryPassword(cache.admin_email, ref message))
{
return(new { success = true,
message = "Every thing is fine. Check your email to get recovery code." });
}
return(Return500Error(message));
}
public ActionResult <dynamic> SignIn(AdminCache cache)
{
string message = string.Empty;
string authToken = admins.AuthToken(cache, ref message);
if (!string.IsNullOrEmpty(authToken))
{
return(new { success = true, data = new { auth_token = authToken } });
}
return(Return500Error(message));
}
public ActionResult <dynamic> AuthToken(AdminCache cache)
{
Admin admin = null;
string message = string.Empty, authToken;
if ((authToken = module.AuthToken(cache, ref admin, ref message)) != null)
{
return new { success = true, data = new { auth_token = authToken } }
}
;
return(Error500(message));
}
public string AuthToken(AdminCache cache, ref string message)
{
Admin admin = GetNonDelete(cache.admin_email, ref message);
if (admin != null)
{
if (profileCondition.VerifyHashedPassword(admin.adminPassword, cache.admin_password))
{
return(Token(admin));
}
else
{
message = "Wrong password.";
}
}
return(string.Empty);
}
public void RecoveryPassword(ref HttpRequest request)
{
string admin_email = request.FormField("admin_email");
AdminCache admin = new AdminCache();
if (Database.admin.SelectAdmin(ref admin_email, ref admin))
{
admin.recovery_code = Validator.random.Next(100000, 999999);
MailF.SendEmail(admin.admin_email, "Recovery password", "Recovery code=" + admin.recovery_code);
Database.admin.UpdateRecoveryCode(admin.admin_id, admin.recovery_code);
request.ResponseJsonAnswer(true, "Recovery password. Send message with code to email=" + admin.admin_email);
Logger.WriteLog("Recovery password, admin_id=" + admin.admin_id, LogLevel.Usual);
}
else
{
request.ResponseJsonAnswer(false, "No admin with that email.");
Logger.WriteLog("No admin with that email.", LogLevel.Error);
}
}
public Admin CreateAdmin(AdminCache cache, ref string message)
{
if (profileCondition.EmailIsTrue(cache.admin_email, ref message) &&
FullNameIsTrue(cache.admin_fullname, ref message) &&
profileCondition.PasswordIsTrue(cache.admin_password, ref message))
{
if (GetNonDelete(cache.admin_email, ref message) == null)
{
cache.admin_fullname = WebUtility.UrlDecode(cache.admin_fullname);
Admin admin = AddAdmin(cache);
return(admin);
}
else
{
message = "Admin with this email is exist";
}
}
return(null);
}
public Admin AddAdmin(AdminCache cache)
{
Admin admin = new Admin()
{
adminEmail = cache.admin_email,
adminFullname = cache.admin_fullname,
adminPassword = profileCondition.HashPassword(cache.admin_password),
adminRole = "default",
passwordToken = profileCondition.CreateHash(10),
createdAt = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds(),
lastLoginAt = 0,
recoveryCode = null,
deleted = false,
};
context.Admins.Add(admin);
context.SaveChanges();
log.Information("Add new admin, id -> " + admin.adminId);
return(admin);
}
public void ChangePassword(ref HttpRequest request)
{
string message = null;
string recovery_token = request.FormField("recovery_token");
AdminCache admin = new AdminCache();
if (Database.admin.SelectByRecoveryToken(ref recovery_token, ref admin))
{
string admin_password = request.FormField("admin_password");
string admin_confirm_password = request.FormField("admin_confirm_password");
if (Validator.EqualsPasswords(ref admin_password, ref admin_confirm_password))
{
if (Validator.ValidatePassword(ref admin_password, ref message))
{
admin.admin_password = Validator.HashPassword(ref admin_password);
Database.admin.UpdateRecoveryToken(admin.admin_id, "");
Database.admin.UpdateAdminPassword(admin.admin_id, admin.admin_password);
Logger.WriteLog("Change admin password, admin_id=" + admin.admin_id, LogLevel.Usual);
request.ResponseJsonAnswer(true, "Change admin password, admin_id=" + admin.admin_id);
}
else
{
message = "Validation password - unsuccessfully. " + message;
}
}
else
{
message = "Password are not match to each other.";
}
}
else
{
message = "Can't find user by recovery_token. Try again get request CheckRecoveryCode.";
}
request.ResponseJsonAnswer(false, message);
Logger.WriteLog(message, LogLevel.Warning);
}
public void CheckRecoveryCode(ref HttpRequest request)
{
string message = null;
int recovery_code = 0;
if (Int32.TryParse(request.FormField("recovery_code"), out recovery_code) && recovery_code != 0)
{
AdminCache admin = new AdminCache();
admin.admin_email = request.FormField("admin_email");
if (Database.admin.SelectAdmin(ref admin.admin_email, ref admin))
{
if (admin.recovery_code == recovery_code)
{
admin.recovery_token = Validator.GenerateHash(40);
Database.admin.UpdateRecoveryToken(admin.admin_id, admin.recovery_token);
Database.admin.UpdateRecoveryCode(admin.admin_id, 0);
request.ResponseJsonData(admin.recovery_token);
Logger.WriteLog("Check recovery code - successfully", LogLevel.Usual);
return;
}
else
{
message = "Recovery code doesn't match with server's code.";
}
}
else
{
message = "Can't find this user by user_email.";
}
}
else
{
message = "Server can't get recovery_code from request.";
}
request.ResponseJsonAnswer(false, message);
Logger.WriteLog(message, LogLevel.Warning);
}
