public ActionResult <string> SelectUser([FromBody] dynamic json)
{
lock (_system)
{
var res = JsonSerializer.Serialize(json);
JObject job = JObject.Parse(res);
String email = job.GetValue("email").ToString();
if (!_system.isUserOnline(job.GetValue("valueST").ToString()))
{
return(Unauthorized("Client Offline"));
}
InterfaceUtilizador u = _system.GetUser(email);
var user = new JObject();
user.Add("name", u.GetName());
user.Add("email", email);
user.Add("cat", u.GetType().Name);
user.Add("localidade", u.GetLocalidade());
if (u.GetType().Name == "Cliente")
{
user.Add("categoria", "Cliente " + ((Cliente)u).categoria);
}
var ret = new JObject();
ret.Add("user", user);
return(Ok(ret.ToString()));
}
}
public bool createUser(InterfaceUtilizador user, int tipo, string passwordHash)
{
lock (utilizadoresDAO)
{
return(utilizadoresDAO.InsertUser(user, tipo, passwordHash));
}
}
public ActionResult <string> AtualizarUtilizador([FromBody] dynamic json)
{
lock (_system)
{
try
{
var res = JsonSerializer.Serialize(json);
var createUserObject = JObject.Parse(res);
string email = (string)createUserObject.userEmail;
string localidadeNova = (string)createUserObject.newLocalidade;
InterfaceUtilizador user = null;
int typeOfUser = _system.TypeUser(email);
string passHash = (string)createUserObject.newPasswordHash == ""? _system.GetPass(email, typeOfUser) : createUserObject.newPasswordHash;
if (typeOfUser != -1)
{
switch (typeOfUser)
{
case 0:
{
user = (Cliente)_system.GetUser(email);
((Cliente)user).localidade = localidadeNova;
break;
}
case 1:
{
user = (Instrutor)_system.GetUser(email);
((Instrutor)user).localidade = localidadeNova;
break;
}
case 2:
{
user = (Rececionista)_system.GetUser(email);
((Rececionista)user).localidade = localidadeNova;
break;
}
}
}
_system.UpdateUser(user, typeOfUser, passHash);
}
catch (Exception)
{
return(BadRequest("Dados Invalidos"));
}
return(Ok());
}
}
public ActionResult <InterfaceUtilizador> Authenticate([Bind] UserAuthenticationDto userDto)
{
lock (_system)
{
InterfaceUtilizador user = null;
int typeOfUser = _system.TypeUser(userDto.email);
string token = CalculateHash.GetHashString(userDto.email + DateTime.Now);
if (typeOfUser != -1)
{
switch (typeOfUser)
{
case 0:
{
user = (Cliente)_system.Authenticate(userDto.email, userDto.password, token);
break;
}
case 1:
{
user = (Instrutor)_system.Authenticate(userDto.email, userDto.password, token);
break;
}
case 2:
{
user = (Rececionista)_system.Authenticate(userDto.email, userDto.password, token);
break;
}
}
}
if (user == null || typeOfUser == -1)
{
return(Unauthorized(new
{
message = "Credentials are wrong..."
}));
}
StringBuilder a = new StringBuilder()
.Append("{")
.Append("\"token\":\"")
.Append(token)
.Append("\",\"user\":")
.Append(JsonSerializer.Serialize(user, user.GetType()))
.Append("}");
return(Ok(a.ToString()));
}
}
public void UpdateUser(InterfaceUtilizador user, int type, string hashPass)
{
try
{
MySqlCommand command;
string sqlCommand;
if (type == 0)
{
Cliente u = (Cliente)user;
sqlCommand = "update Cliente set hashPass = @HASHPASS, data_nascimento = @DATA_NASCIMENTO, " +
"categoria = @CATEGORIA, localidade = @LOCALIDADE " +
"where email = @EMAIL";
/*
* Verfica se a Localidade inserida existe.
* Senão existir, adiciona à Base de Dados
*/
ExisteLocal(user.GetLocalidade());
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add("@HASHPASS", MySqlDbType.VarChar);
command.Parameters["@HASHPASS"].Value = hashPass;
command.Parameters.Add("@DATA_NASCIMENTO", MySqlDbType.DateTime);
command.Parameters["@DATA_NASCIMENTO"].Value = u.data_nascimento.ToString("yyyy-MM-dd HH:mm:ss");
command.Parameters.Add("@CATEGORIA", MySqlDbType.VarChar);
command.Parameters["@CATEGORIA"].Value = u.categoria;
command.Parameters.Add("@LOCALIDADE", MySqlDbType.VarChar);
command.Parameters["@LOCALIDADE"].Value = u.localidade;
command.Parameters.Add("@EMAIL", MySqlDbType.VarChar);
command.Parameters["@EMAIL"].Value = u.email;
command.ExecuteScalar();
}
else if (type == 1)
{
Instrutor u = (Instrutor)user;
sqlCommand = "update Instrutor set hashPass = @HASHPASS, data_nascimento = @DATA_NASCIMENTO, " +
"localidade = @LOCALIDADE " +
"where email = @EMAIL";
/*
* Verfica se a Localidade inserida existe.
* Senão existir, adiciona à Base de Dados
*/
ExisteLocal(user.GetLocalidade());
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add("@HASHPASS", MySqlDbType.VarChar);
command.Parameters["@HASHPASS"].Value = hashPass;
command.Parameters.Add("@DATA_NASCIMENTO", MySqlDbType.DateTime);
command.Parameters["@DATA_NASCIMENTO"].Value = u.data_nascimento.ToString("yyyy-MM-dd HH:mm:ss");
command.Parameters.Add("@LOCALIDADE", MySqlDbType.VarChar);
command.Parameters["@LOCALIDADE"].Value = u.localidade;
command.Parameters.Add("@EMAIL", MySqlDbType.VarChar);
command.Parameters["@EMAIL"].Value = u.email;
command.ExecuteScalar();
}
else if (type == 2)
{
Rececionista u = (Rececionista)user;
sqlCommand = "update Rececionista set hashPass = @HASHPASS, data_nascimento = @DATA_NASCIMENTO, " +
"localidade = @LOCALIDADE " +
"where email = @EMAIL";
/*
* Verfica se a Localidade inserida existe.
* Senão existir, adiciona à Base de Dados
*/
ExisteLocal(user.GetLocalidade());
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add("@HASHPASS", MySqlDbType.VarChar);
command.Parameters["@HASHPASS"].Value = hashPass;
command.Parameters.Add("@DATA_NASCIMENTO", MySqlDbType.DateTime);
command.Parameters["@DATA_NASCIMENTO"].Value = u.data_nascimento.ToString("yyyy-MM-dd HH:mm:ss");
command.Parameters.Add("@LOCALIDADE", MySqlDbType.VarChar);
command.Parameters["@LOCALIDADE"].Value = u.localidade;
command.Parameters.Add("@EMAIL", MySqlDbType.VarChar);
command.Parameters["@EMAIL"].Value = u.email;
command.ExecuteScalar();
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
finally
{
connection.Close();
}
}
/*
* Recebe a interface do utilizador, o tipo de utilizador(0, 1 ou 2), ou seja,
* Cliente, Instrutor ou Rececionista
* e recebe a hash da password
*/
public bool InsertUser(InterfaceUtilizador user, int type, string hashPass)
{
object res = false;
try
{
string sqlCommand;
MySqlCommand command = null;
// 0 - Cliente, 1 - Instrutor, 2 - Rececionista
if (type == 0)
{
Cliente u = (Cliente)user;
ExisteLocal(u.localidade);
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
sqlCommand = "insert into Cliente (email, nif, nome, hashpass, data_nascimento, " +
"genero, categoria, localidade) " +
"select * from (select @EMAIL as em, @NIF as ni, @NOME as nom, @HASHPASS as hashp," +
"@DATA_NASCIMENTO as dat, @GENERO as gen, @CATEGORIA as cat, @LOCALIDADE as loc" +
") as tmp " +
"where not exists (select email from Cliente " +
"where email = @EMAIL or nif = @NIF) limit 1";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@HASHPASS", MySqlDbType.VarChar));
command.Parameters["@HASHPASS"].Value = hashPass;
u.IniParamSql(command);
}
else if (type == 1)
{
Instrutor u = (Instrutor)user;
ExisteLocal(u.localidade);
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
sqlCommand = "insert into Instrutor (email, nif, nome, hashpass, data_nascimento, " +
"genero, localidade) " +
"select * from (select @EMAIL as em, @NIF as ni, @NOME as nom, @HASHPASS as hashp," +
"@DATA_NASCIMENTO as dat, @GENERO as gen, @LOCALIDADE as loc" +
") as tmp " +
"where not exists (select email from Instrutor " +
"where email = @EMAIL or nif = @NIF) limit 1";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@HASHPASS", MySqlDbType.VarChar));
command.Parameters["@HASHPASS"].Value = hashPass;
u.IniParamSql(command);
}
else if (type == 2)
{
Rececionista u = (Rececionista)user;
ExisteLocal(u.localidade);
if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
sqlCommand = "insert into Rececionista (email, nif, nome, hashpass, data_nascimento, " +
"genero, localidade) " +
"select * from (select @EMAIL as em, @NIF as ni, @NOME as nom, @HASHPASS as hashp," +
"@DATA_NASCIMENTO as dat, @GENERO as gen, @LOCALIDADE as loc" +
") as tmp " +
"where not exists (select email from Rececionista " +
"where email = @EMAIL or nif = @NIF) limit 1";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@HASHPASS", MySqlDbType.VarChar));
command.Parameters["@HASHPASS"].Value = hashPass;
u.IniParamSql(command);
}
res = command.ExecuteNonQuery();
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
finally
{
connection.Close();
}
return(res.ToString().Equals("1") ? true : false);
}
public void UpdateUser(InterfaceUtilizador user, in int typeOfUser, string passHash)
public ActionResult <string> Status([FromBody] StringDto token)
{
lock (_system)
{
var validToken = _system.isUserOnline(token.valueST);
if (!validToken)
{
return(Unauthorized("Client offline"));
}
String statusToken = validToken ? "online" : "offline";
InterfaceUtilizador user = null;
if (validToken)
{
_system.RenovaToken(token.valueST);
var email = _system.getUserGivenToken(token.valueST);
user = _system.GetUser(email);
int typeOfUser = _system.TypeUser(user.GetEmail());
if (typeOfUser != -1)
{
switch (typeOfUser)
{
case 0:
{
user = (Cliente)user;
break;
}
case 1:
{
user = (Instrutor)user;
break;
}
case 2:
{
user = (Rececionista)user;
break;
}
}
}
}
string userData = JsonSerializer.Serialize(user, user.GetType());
StringBuilder a = new StringBuilder()
.Append("{")
.Append("\"status\":\"")
.Append(statusToken)
.Append("\",\"user\":")
.Append(userData)
.Append("}");
return(Ok(a.ToString()));
}
}
public ActionResult <string> InserirUtilizador([FromBody] dynamic json)
{
lock (_system)
{
var res = JsonSerializer.Serialize(json);
var createUserObject = JObject.Parse(res);
var userJson = createUserObject.newUser;
if (_system.GetUser((string)userJson.email) != null)
{
return(Conflict("Email já registado"));
}
InterfaceUtilizador user = null;
var tipo = -1;
try
{
switch (Convert.ToString(userJson.tipoDeUser))
{
case "Cliente":
{
user = new Cliente((string)userJson.email,
(int)Convert.ToInt32(userJson.nif),
(string)userJson.nome,
(int)Convert.ToInt16(userJson.genero),
(DateTime)Convert.ToDateTime(userJson.data_nascimento),
(string)userJson.localidade,
(string)userJson.categoria);
tipo = 0;
break;
}
case "Instrutor":
{
user = new Instrutor((string)userJson.email,
(int)Convert.ToInt32(userJson.nif),
(string)userJson.nome,
(int)Convert.ToInt16(userJson.genero),
(DateTime)Convert.ToDateTime(userJson.data_nascimento),
(string)userJson.localidade);
tipo = 1;
break;
}
case "Rececionista":
{
user = new Rececionista((string)userJson.email,
(int)Convert.ToInt32(userJson.nif),
(string)userJson.nome,
(int)Convert.ToInt16(userJson.genero),
(DateTime)Convert.ToDateTime(userJson.data_nascimento),
(string)userJson.localidade);
tipo = 2;
break;
}
}
}
catch (Exception)
{
return(BadRequest("Credenciais Invalidas"));
}
if (!_system.createUser(user, tipo, (string)Convert.ToString(createUserObject.passwordHash)))
{
return(BadRequest("Credenciais Invalidas"));
}
return(Ok());
}
}
public static InterfaceUtilizador LogIn(string email, string hashPassInserida, string token)
{
DateTime today = DateTime.Now;
DateTime time_to_expire = today.AddDays(5);
InterfaceUtilizador user = null;
int typeUser = TypeUser(email); // 0 - Cliente, 1 - Instrutor, 2 - Rececionista
if (typeUser == -1)
{
return(null);
}
try
{
connection.Open();
MySqlCommand command;
string sqlCommand;
switch (typeUser)
{
// Cliente
case 0:
{
sqlCommand = "select * from Cliente where email = @EMAIL";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
MySqlDataReader reader = command.ExecuteReader();
reader.Read();
string hashUser = reader.GetString(3);
if (hashUser.Equals(hashPassInserida))
{
user = new Cliente(email, reader.GetInt32(1), reader.GetString(2),
reader.GetInt16(5), reader.GetDateTime(4), reader.GetString(7), reader.GetString(6));
// Adicionar o Cliente à tabela de utilizadores online...
reader.Close();
sqlCommand = "insert into UtilizadoresOnline values (@EMAIL, @TIME_TO_EXPIRE, @TOKEN)";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
command.Parameters.Add(new MySqlParameter("@TIME_TO_EXPIRE", MySqlDbType.DateTime));
command.Parameters["@TIME_TO_EXPIRE"].Value = time_to_expire;
command.Parameters.Add(new MySqlParameter("@TOKEN", MySqlDbType.VarChar));
command.Parameters["@TOKEN"].Value = token;
command.ExecuteScalar();
}
reader.Close();
break;
}
// Instrutor
case 1:
{
sqlCommand = "select * from Instrutor where email = @EMAIL";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
MySqlDataReader reader = command.ExecuteReader();
reader.Read();
string hashUser = reader.GetString(3);
if (hashUser.Equals(hashPassInserida))
{
user = new Instrutor(email, reader.GetInt32(1), reader.GetString(2),
reader.GetInt16(5), reader.GetDateTime(4), reader.GetString(6));
reader.Close();
// Adicionar o Cliente à tabela de utilizadores online...
sqlCommand = "insert into UtilizadoresOnline values (@EMAIL, @TIME_TO_EXPIRE, @TOKEN)";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
command.Parameters.Add(new MySqlParameter("@TIME_TO_EXPIRE", MySqlDbType.DateTime));
command.Parameters["@TIME_TO_EXPIRE"].Value = time_to_expire;
command.Parameters.Add(new MySqlParameter("@TOKEN", MySqlDbType.VarChar));
command.Parameters["@TOKEN"].Value = token;
command.ExecuteScalar();
}
reader.Close();
break;
}
// Rececionista
case 2:
{
sqlCommand = "select * from Rececionista where email = @EMAIL";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
MySqlDataReader reader = command.ExecuteReader();
reader.Read();
string hashUser = reader.GetString(3);
if (hashUser.Equals(hashPassInserida))
{
user = new Rececionista(email, reader.GetInt32(1), reader.GetString(2),
reader.GetInt16(5), reader.GetDateTime(4), reader.GetString(6));
reader.Close();
// Adicionar o Cliente à tabela de utilizadores online...
sqlCommand = "insert into UtilizadoresOnline values (@EMAIL, @TIME_TO_EXPIRE, @TOKEN)";
command = new MySqlCommand(sqlCommand, connection);
command.Parameters.Add(new MySqlParameter("@EMAIL", MySqlDbType.VarChar));
command.Parameters["@EMAIL"].Value = email;
command.Parameters.Add(new MySqlParameter("@TIME_TO_EXPIRE", MySqlDbType.DateTime));
command.Parameters["@TIME_TO_EXPIRE"].Value = time_to_expire;
command.Parameters.Add(new MySqlParameter("@TOKEN", MySqlDbType.VarChar));
command.Parameters["@TOKEN"].Value = token;
command.ExecuteScalar();
}
reader.Close();
break;
}
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
finally
{
connection.Close();
}
return(user);
}
