/// <summary>
/// Starts a new session for the user by validating their username and password
/// credentials.
/// </summary>
public bool StartSession(string username, string password, out string token, out DateTime expiration)
{
SqlGenerator sqlGen = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGen.AddField("*");
sqlGen.AddWhereParameter("User", "UserName", username, SqlWhereComparison.SqlComparer.Equal);
System.Data.DataTable dt = Adocls.FetchDataTable(sqlGen, modelDataBindings.DatabaseName);
if (dt.Rows.Count > 0)
{
if (dt.Rows[0]["HashPassword"].ToString() == CryptoHelper.ComputeHash(password, dt.Rows[0]["SALT"].ToString()))
{
string sessionKey = Guid.NewGuid().ToString("N");
DateTime sessionExpires = DateTime.Now.AddMinutes(C_SESSION_LIFESPAN);
SqlGenerator sqlGenUpdate = new SqlGenerator(SqlGenerator.SqlTypes.Update, "User");
sqlGenUpdate.AddField("AuthGUID", "User", sessionKey);
sqlGenUpdate.AddField("AuthDate", "User", sessionExpires);
sqlGenUpdate.AddWhereParameter("User", "User_Key", dt.Rows[0]["User_Key"].ToString(), SqlWhereComparison.SqlComparer.Equal);
Adocls.ExecuteSql(sqlGenUpdate, true, modelDataBindings.DatabaseName);
token = sessionKey;
expiration = sessionExpires;
return(true);
}
}
token = null;
expiration = DateTime.MinValue;
return(false);
}
private AuthUserInformationModel BuildAuthUserInformationModel(DataTable userInfoTable)
{
// Get basic user information from the databases
AuthUserInformationModel userInfo = new AuthUserInformationModel();
userInfo.UserKey = userInfoTable.Rows[0]["User_Key"].ToString();
userInfo.OldUserKey = userInfoTable.Rows[0]["SecurityUser_Key"].ToString();
userInfo.Username = userInfoTable.Rows[0]["UserName"].ToString();
userInfo.FullName = userInfo.Username.Split('@')[0]; // TODO: This should be changed to use the real Full Name of the users
userInfo.RoleLookup = new Dictionary <string, int>();
// Lookup roles for this current user
SqlGenerator sqlGenLevels = new SqlGenerator(SqlGenerator.SqlTypes.Select, "UserRight", true);
sqlGenLevels.AddTable("SecurityObject", SqlGenerator.SqlJoins.Inner, "SecurityObject_Key");
sqlGenLevels.AddField("ObjectTitle", "SecurityObject");
sqlGenLevels.AddField("SecurityLevel", "UserRight");
sqlGenLevels.AddWhereParameter("UserRight", "SecurityUser_Key", userInfo.OldUserKey, SqlWhereComparison.SqlComparer.Equal);
// Loop through all of our role levels and assign them to our AuthUserInformationModel.RoleLookup dictionarys
using (SqlDataReader r = Adocls.FetchDataReader(sqlGenLevels, "UserDatabase"))
{
while (r.Read())
{
userInfo.RoleLookup.Add((string)r["ObjectTitle"], (byte)r["SecurityLevel"]);
}
}
return(userInfo);
}
/// <summary>
/// Validate a session GUID string with the database to make sure a session exists
/// for this GUID.s
/// </summary>
public bool ValidateSessionKey(string sessionGuid)
{
SqlGenerator sqlGen = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGen.AddField("User_Key");
sqlGen.AddWhereParameter("User", "AuthGUID", sessionGuid, SqlWhereComparison.SqlComparer.Equal);
return(Adocls.FetchValueString(sqlGen, "UserDatabase").ToString().Length > 0);
}
/// <summary>
/// Get AuthUserInformationModel using the session GUID string
/// </summary>
public AuthUserInformationModel GetAuthUserInformation(string sessionGuid)
{
try
{
SqlGenerator sqlGenUser = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGenUser.AddField("*");
sqlGenUser.AddWhereParameter("User", "AuthGUID", sessionGuid, SqlWhereComparison.SqlComparer.Equal);
sqlGenUser.AddWhereParameter("User", "AuthDate", DateTime.Now, SqlWhereComparison.SqlComparer.GreaterThan | SqlWhereComparison.SqlComparer.Equal);
// TODO: Optimize this to use reader instead of data table
DataTable dt = Adocls.FetchDataTable(sqlGenUser, "UserDatabase");
return(BuildAuthUserInformationModel(dt));
}
catch { return(null); }
}
public T Create(T model)
{
SqlGenerator sqlgen = new SqlGenerator(SqlGenerator.SqlTypes.Insert, modelDataBindings.TableName);
Type t = typeof(T);
PropertyInfo keyProp = t.GetProperty(modelDataBindings.KeyFieldName, BindingFlags.Public | BindingFlags.Instance);
// Set a unique key for this model
string newKey = Adocls.GetUniqueKey();
keyProp.SetValue(model, newKey);
sqlgen.InsertFromModel <T>(model);
sqlgen.DoNotFullyQualifyFields = true;
ModelBase.InsertModel <T>(model, modelDataBindings.DatabaseName, sqlgen);
return(model);
}
/// <summary>
/// Get AuthUserInformationmodel using the email and active state of the user account
/// </summary>
public AuthUserInformationModel GetAuthUserInformation(string email, bool activeFlag)
{
try
{
SqlGenerator sqlGen = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGen.AddField("*");
sqlGen.AddWhereParameter("User", "UserName", email, SqlWhereComparison.SqlComparer.Equal);
sqlGen.AddWhereParameter("User", "Active", activeFlag.ToString(), SqlWhereComparison.SqlComparer.Equal);
// TODO: Should transition this to a data reader
DataTable dt = Adocls.FetchDataTable(sqlGen, "UserDatabase");
return(BuildAuthUserInformationModel(dt));
}
catch (Exception)
{
}
return(null);
}