/// <summary> /// Reset Password /// </summary> /// <param name="obj">Request object</param> /// <returns>User object</returns> public ActionResponse ResetPasswordAction(ResetPasswordRequest obj) { ActionResponse output = new ActionResponse(); try { int maxTmpPass = Int32.Parse(functions.ConfigItem("MAX_TMP_PASS")); int idProduct = obj.idProduct.Value; int idChannel = obj.idChannel.Value; // STEP 0: Need to verify if product and channel exist or not ProductData prodData = new ProductData(); Product oProduct = prodData.GetProductById(idProduct); if (oProduct == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "El producto no existe en el sistema", null)); } ChannelData channelData = new ChannelData(); Channel oChannel = channelData.GetChannelById(idChannel); if (oChannel == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "El canal no existe en el sistema", null)); } // STEP 1: Check if user identify already exists UserIdentifyData uiData = new UserIdentifyData(); UserIdentify ui = uiData.FindByIdChannelAndValue(idChannel, obj.value); if (ui.id_cliente == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "La identidad del usuario no existe en el sistema", null)); } // STEP 2: Find Credential related to UserIdentify and Product int idUserIdentify = ui.idUserIdentify.Value; CredentialData credData = new CredentialData(); List <Credential> lstCredential = credData.FindByProductAndUserIdentify(idProduct, idUserIdentify); if (lstCredential.Count <= 0) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "No existen credenciales asociadas", null)); } // Generate password and create temporal credential string rndString = ""; using (MD5 md5Hash = MD5.Create()) { rndString = functions.GetUniqueKey(maxTmpPass); string rndStringMD5 = functions.GetMd5Hash(md5Hash, rndString); int idCredentialTmp = credData.CreateCredential(idProduct, idUserIdentify, (int)StateEnum.TEMPORAL_PASSWORD, rndStringMD5); if (idCredentialTmp == 0) { return(functions.Response((int)CodeStatusEnum.INTERNAL_ERROR, "No se pudo crear la credencial temporal", null)); } } // Will send email with new pass generated (only if channel is email) if (idChannel == (int)ChannelEnum.EMAIL) { /*string productEmailFrom = "FROM_EMAIL_" + idProduct; * string productEmailPass = "******" + idProduct; * * string emailFrom; * string emailPass; * * string checkProductEmailFrom = System.Web.Configuration.WebConfigurationManager.AppSettings[productEmailFrom]; * string checkProductEmailPass = System.Web.Configuration.WebConfigurationManager.AppSettings[productEmailPass]; * * // Send mail if exists user and pass for the product * // else send by default user and pass * if (checkProductEmailFrom != null && checkProductEmailPass != null) * { * emailFrom = functions.ConfigItem(productEmailFrom); * emailPass = functions.ConfigItem(productEmailPass); * } * else * { * emailFrom = functions.ConfigItem("FROM_EMAIL"); * emailPass = functions.ConfigItem("PASS_EMAIL"); * } * * MailMessage mail = new MailMessage(); * * mail.From = new MailAddress(emailFrom, oProduct.name, System.Text.Encoding.UTF8); * mail.To.Add(new MailAddress(obj.value)); * mail.SubjectEncoding = System.Text.Encoding.UTF8; * mail.Subject = oProduct.name + " | Solicitud cambio de contraseña"; * mail.Body = "Estimado usuario, <br><br> Tu contraseña temporal es: " + rndString + ", ingresa con esta contraseña para luego generar una nueva." + "<br><br><br> <i>Este correo fue enviado de forma automática, no lo respondas.</i>"; + mail.BodyEncoding = System.Text.Encoding.UTF8; + mail.IsBodyHtml = true; + + SmtpClient client = new SmtpClient(); + + client.Host = functions.ConfigItem("HOST_EMAIL"); + client.Port = Int32.Parse(functions.ConfigItem("PORT_EMAIL")); + client.EnableSsl = true; + client.DeliveryMethod = SmtpDeliveryMethod.Network; + client.UseDefaultCredentials = false; + client.Credentials = new System.Net.NetworkCredential(emailFrom, emailPass); + client.Send(mail);*/ } // OK, return temporal password ResetPasswordResponse response = new ResetPasswordResponse(); response.idClient = (int)ui.id_cliente; response.newPassword = rndString; return(functions.Response((int)CodeStatusEnum.OK, "OK", response)); } catch (Exception e) { logger.Fatal(e.Message); return(functions.Response((int)CodeStatusEnum.INTERNAL_ERROR, e.Message, null)); } }
/// <summary> /// Update Password /// </summary> /// <param name="obj">Request object</param> /// <returns>User object</returns> public ActionResponse UpdatePasswordAction(UpdatePasswordRequest obj) { try { int idProduct = obj.idProduct.Value; int idChannel = obj.idChannel.Value; decimal idClient = obj.idClient.Value; // STEP 0: Need to verify if product and channel exist or not ProductData prodData = new ProductData(); Product oProduct = prodData.GetProductById(idProduct); if (oProduct == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "El producto no existe en el sistema", null)); } ChannelData channelData = new ChannelData(); Channel oChannel = channelData.GetChannelById(idChannel); if (oChannel == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "El canal no existe en el sistema", null)); } // STEP 0.1: Verify if user exists ClienteData clientData = new ClienteData(); Cliente oClient = clientData.GetUserById(idClient); if (oClient.id_cliente == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "No existe el usuario en el sistema", null)); } // STEP 1: Check if user identify already exists by id_cliente + channel UserIdentifyData uiData = new UserIdentifyData(); UserIdentify ui = uiData.FindByIdUserAndIdChannel(idClient, idChannel); if (ui.id_cliente == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "La identidad del usuario no existe en el sistema", null)); } int idUserIdentify = ui.idUserIdentify.Value; // STEP 2: Check credential string oldPassAsMD5 = ""; string newPassAsMD5 = ""; using (MD5 md5Hash = MD5.Create()) { string oldPass = obj.oldPassword.Trim(); string newPass = obj.newPassword.Trim(); // Password integrity if (String.IsNullOrEmpty(newPass)) { return(functions.Response((int)CodeStatusEnum.BAD_REQUEST, "La contraseña no puede ser una cadena vacía", null)); } int minLengthPass = Int32.Parse(functions.ConfigItem("MIN_PASS_LENGTH")); if (newPass.Length < minLengthPass) { return(functions.Response((int)CodeStatusEnum.BAD_REQUEST, "La contraseña debe tener un mínimo de " + minLengthPass + " caracteres", null)); } if (oldPass == newPass) { return(functions.Response((int)CodeStatusEnum.BAD_REQUEST, "La nueva contraseña no puede ser igual a la actual", null)); } // Passwords as MD5 oldPassAsMD5 = functions.GetMd5Hash(md5Hash, oldPass); newPassAsMD5 = functions.GetMd5Hash(md5Hash, newPass); } CredentialData credData = new CredentialData(); Credential oCredential = credData.FindByProductAndUserIdentifyAndPass(idProduct, idUserIdentify, oldPassAsMD5); if (oCredential.idCredential == null) { return(functions.Response((int)CodeStatusEnum.BAD_REQUEST, "La contraseña no es válida", null)); } int idCredential = oCredential.idCredential.Value; // STEP 3: If Credential is OK, need to check if credential is NORMAL or TEMPORAL if (oCredential.idState.Value == (int)StateEnum.ACTIVE) { // Normal process bool updCredential = credData.UpdatePassword(idCredential, newPassAsMD5, (int)StateEnum.ACTIVE); if (!updCredential) { return(functions.Response((int)CodeStatusEnum.INTERNAL_ERROR, "No se pudo actualizar la contraseña", null)); } } else if (oCredential.idState.Value == (int)StateEnum.TEMPORAL_PASSWORD) { // Will set normal credential with new password // Firstly, need to find it List <Credential> lstCredentials = credData.FindByProductAndUserIdentify(idProduct, idUserIdentify); foreach (Credential o in lstCredentials) { // Finding normal credential related to product and useridentify if (o.idState.Value == (int)StateEnum.ACTIVE) { bool updCredential = credData.UpdatePassword(o.idCredential.Value, newPassAsMD5, (int)StateEnum.ACTIVE); if (!updCredential) { return(functions.Response((int)CodeStatusEnum.INTERNAL_ERROR, "No se pudo actualizar la contraseña", null)); } } } // Pass temporal credential to TEMPORAL_PASSWORD_USED bool updTmpCredential = credData.UpdatePassword(idCredential, oldPassAsMD5, (int)StateEnum.TEMPORAL_PASSWORD_USED); if (!updTmpCredential) { return(functions.Response((int)CodeStatusEnum.INTERNAL_ERROR, "No se pudo actualizar la credencial temporal", null)); } } else { // Desactive, I can´t do anything return(functions.Response((int)CodeStatusEnum.CONFLICT, "La credencial se encuentra inactiva y no se puede actualizar", null)); } // OK, return true/false UpdatePasswordResponse response = new UpdatePasswordResponse(); response.updated = DateTime.Now; return(functions.Response((int)CodeStatusEnum.OK, "OK", response)); } catch (Exception e) { logger.Fatal(e.Message); return(functions.Response((int)CodeStatusEnum.INTERNAL_ERROR, e.Message, null)); } }
/// <summary> /// Registration over any channel defined in module. Credential concept is implicated too. /// </summary> /// <param name="obj">Request object</param> /// <returns>ID user if it's ok or null when it's error</returns> public ActionResponse RegisterAction(RegisterRequest obj) { ActionResponse output = new ActionResponse(); try { // OPERATOR registration bool asOperatorRegistration = false; if (obj.code != null) { asOperatorRegistration = true; } // Code doesn't exist, will enter by normal registration flow int idProduct = obj.idProduct.Value; int idChannel = obj.idChannel.Value; string passReq = null; if (!String.IsNullOrEmpty(obj.password)) { passReq = obj.password.Trim(); } // STEP 0: Need to verify if product and channel exist or not ProductData prodData = new ProductData(); Product oProduct = prodData.GetProductById(idProduct); if (oProduct == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "El producto no existe en el sistema", null)); } ChannelData channelData = new ChannelData(); Channel oChannel = channelData.GetChannelById(idChannel); if (oChannel == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "El canal no existe en el sistema", null)); } // We need to check if code is setted // If code exists, will check for this first (custody) CustodyController custodyController = new CustodyController(); Custody oCustody = new Custody(); if (asOperatorRegistration) { // Find Custody object linked to code received oCustody = custodyController.FindCustodyByCode(idProduct, obj.code, obj.codeType.ToLower()); if (oCustody == null) { return(functions.Response((int)CodeStatusEnum.NO_CONTENT, "No hay ninguna custodia vinculada al código proporcionado", null)); } } // Normal flow for registration. Distinct to get code or not, it will do same actions // Firstly, will check consistency value in function of channel switch (obj.idChannel.Value) { case (int)ChannelEnum.EMAIL: try { MailAddress m = new MailAddress(obj.value); break; } catch (FormatException) { return(functions.Response((int)CodeStatusEnum.BAD_REQUEST, "El formato del email es incorrecto", null)); } case (int)ChannelEnum.ANI: int l = 11; string prefix = "569"; bool error = true; string val = obj.value; // Check for prefix (569) considerating solution for Chile (need to be dynamic as soon as possible) if (val.Contains(prefix)) { // Check for length (11) adding prefix if (val.Length == l) { error = false; } } if (error) { return(functions.Response((int)CodeStatusEnum.BAD_REQUEST, "El formato del ani es incorrecto", null)); } break; case (int)ChannelEnum.FACEBOOK: // Will check if ID is a numeric number break; } // STEP 1: Check if user identify already exists // If UserIdentify doesn't exist, it won't check credential because of it doesn't exist too obviously // If UserIdentify exists, we need to check for credentials vinculated. UserIdentifyData uiData = new UserIdentifyData(); UserIdentify ui = uiData.FindByIdChannelAndValue(idChannel, obj.value); string passMD5 = null; if (ui.id_cliente != null) { // STEP 2: Check if credential already exists CredentialData cdData = new CredentialData(); List <Credential> lstCredential = cdData.FindByProductAndUserIdentify(idProduct, ui.idUserIdentify.Value); if (lstCredential.Count > 0) { return(functions.Response((int)CodeStatusEnum.CONFLICT, "La credencial del usuario ya existe en el sistema", null)); } } // If entire data is ok, try to create user // Will return ID user or null (transaction) ClienteData u = new ClienteData(); // string ani, string email, string usuario, decimal id_operador int?res = 0; // Create a random value for ani, it must to be fixed to correct logic with registration operator (custody) int max = Int32.Parse(functions.ConfigItem("MAX_RANDOM_ANI_USER")); string rndString = "user_" + functions.GetUniqueKey(max); // If password is setted, it becomes as MD5 if (!String.IsNullOrEmpty(passReq)) { // Will check password integrity int minLengthPass = Int32.Parse(functions.ConfigItem("MIN_PASS_LENGTH")); if (passReq.Length < minLengthPass) { return(functions.Response((int)CodeStatusEnum.BAD_REQUEST, "La contraseña debe tener un mínimo de " + minLengthPass + " caracteres", null)); } using (MD5 md5Hash = MD5.Create()) { passMD5 = functions.GetMd5Hash(md5Hash, passReq); } } else { // Without password passMD5 = passReq; } // Will create user, receiving UserIdentify or making it within other actions if (ui.idUserIdentify == null) { // Operator registration always won´t have UserIdentify associated (will be created later) // UserIdentify unknown res = u.CreateUser(idChannel, idProduct, obj.value, passMD5, 0, rndString, "", "", 0, false, 0, obj.idGuide.Value); } else { // UserIdentify already known res = u.CreateUser(idChannel, idProduct, obj.value, passMD5, 0, rndString, "", "", 0, true, ui.idUserIdentify.Value, obj.idGuide.Value); } // Sp's response if (res == null) { return(functions.Response((int)CodeStatusEnum.CONFLICT, "No se pudo registrar al usuario en la plataforma", res)); } // OK (will return ID cliente generated -last insert-) RegisterResponse response = new RegisterResponse(); response.idClient = (decimal)res; // Normal or custody registration if (asOperatorRegistration) { // Reserved value into response response.reservedValue = oCustody.value; // Try to close custody int idCustody = oCustody.idCustody.Value; int idClient = (int)oCustody.id_cliente.Value; // Need to close Custody, it will be the end of this process // Will check custody is valid or not ActionResponse resX = custodyController.CloseCustodyByIdAction(idCustody); if (resX.code != (int)CodeStatusEnum.OK) { logger.Error(resX.message); } } return(functions.Response((int)CodeStatusEnum.OK, "OK", response)); } catch (Exception e) { logger.Fatal(e.Message); return(functions.Response((int)CodeStatusEnum.INTERNAL_ERROR, e.Message, null)); } }