public IHttpActionResult PutUser(int id, User user, HttpRequestMessage request)
{
var headers = request.Headers;
if (headers.Contains("token"))
{
var userToken = headers.GetValues("token").First();
Tuple <bool, string> validationResult = JwtTokenHelper.ValidateToken(userToken);
if (validationResult.Item1)
{
// Check to see if the refreshId's match. If they do not, then it means something (i.e. invalid password)
// has caused the issued token to become invalidated. If so, then we need to send a message back to
// the calling client.
long refreshId = 0;
if (long.TryParse(JwtTokenHelper.GetTokenPayloadValue(userToken, "refreshId"), out refreshId))
{
if (db.UserLogins.FirstOrDefault(p => p.RefreshId == refreshId) == null)
{
return(Content(HttpStatusCode.Unauthorized,
"Token failed refresh check, User account disabled/locked-out"));
}
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != user.Id)
{
return(BadRequest());
}
User updUser = db.Users.Find(id);
db.Entry(updUser).CurrentValues.SetValues(user);
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(id))
{
return(NotFound());
}
throw;
}
return(Ok(user));
}
return(BadRequest(validationResult.Item2));
}
return(BadRequest("Token invalid or not present"));
}
public IHttpActionResult PutPaRequest(int id, PaRequest paRequest)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != paRequest.Id)
{
return(BadRequest());
}
// paRequest.CompletedTimeStamp = DateTime.Now;
db.Entry(paRequest).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!PaRequestExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public IHttpActionResult PutRole(int id, Role role)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != role.Id)
{
return(BadRequest());
}
db.Entry(role).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!RoleExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public IHttpActionResult PutPaRequestNote(int id, PaRequestNote paRequestNote)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != paRequestNote.Id)
{
return(BadRequest());
}
var headers = Request.Headers;
if (headers.Contains("token"))
{
var userToken = headers.GetValues("token").First();
string userName = JwtTokenHelper.GetTokenPayloadValue(userToken, "unique_name");
string userRole = JwtTokenHelper.GetTokenPayloadValue(userToken, "role");
if (userRole != "Administrator") //Need to check that the userName is the same as the created by
{
if (userName != paRequestNote.CreatedBy)
{
return(BadRequest("Editing user is not an Administrator or did not create the original note."));
}
}
// paRequest.CompletedTimeStamp = DateTime.Now;
paRequestNote.LastModified = DateTime.Now;
paRequestNote.LastModifiedBy = userName;
db.Entry(paRequestNote).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!PaRequestNoteExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public IHttpActionResult Put(int id, LookupType lookupType)
{
if (_log.IsDebugEnabled)
{
_log.DebugFormat(Resource.LogDebugModeMessage);
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != lookupType.Id)
{
return(BadRequest());
}
try
{
db.Entry(lookupType).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException dbError)
{
if (!LookupTypeExists(id))
{
return(NotFound());
}
else
{
_log.Error(string.Format(Resource.DBConcurrencyError_Pre, "Put:LookupTypesController"), dbError);
return(InternalServerError(dbError));
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
catch (Exception e)
{
_log.Error(string.Format(Resource.GeneralError_Pre, "Put:LookupTypesController"), e);
return(InternalServerError(e));
}
}
public IHttpActionResult PutInsuranceCompany(int id, InsuranceCompany insuranceCompany)
{
if (_log.IsDebugEnabled)
{
_log.DebugFormat(Resource.LogDebugModeMessage);
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != insuranceCompany.Id)
{
return(BadRequest());
}
try
{
db.Entry(insuranceCompany).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!InsuranceCompanyExists(id))
{
return(NotFound());
}
throw;
}
return(StatusCode(HttpStatusCode.NoContent));
}
catch (Exception e)
{
_log.Error(string.Format(Resource.GeneralError_Pre, "PutInsuranceCompany"), e);
throw;
}
}
public IHttpActionResult PutFileUploadLog(int id, FileUploadLog fileUploadLog)
{
if (_log.IsDebugEnabled)
{
_log.DebugFormat(Resource.LogDebugModeMessage);
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != fileUploadLog.Id)
{
return(BadRequest());
}
db.Entry(fileUploadLog).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException dbException)
{
_log.Error(string.Format(Resource.DBConcurrencyError_Pre, "PutFileUploadLog"), dbException);
if (!FileUploadLogExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
// POST: api/Security
public IHttpActionResult Post(HttpRequestMessage request, [FromBody] string value)
{
var headers = request.Headers;
var returnMessage = string.Empty;
//Check the request object to see if they passed a userId
if (headers.Contains("userid"))
{
try
{
var login = headers.GetValues("userid").First();
if (headers.Contains("password"))
{
var passwordTry = headers.GetValues("password").First();
try
{
var userDetails = db.Users.Where(p => p.UserName == login && p.Archived == false)
.Include(i => i.Role)
.FirstOrDefault();
if (userDetails == null || userDetails.Archived)
{
return(Unauthorized());
}
{
var userAccount = db.UserLogins.FirstOrDefault(p => p.Login == login);
if (userAccount != null && !UserIsLockedOut(userAccount))
{
if (LMSDataService.SecurityHelper.Sha256Hash(passwordTry).ToUpper() ==
userAccount.PasswordHash.ToUpper()) // Success!
{
SecurityController securityController = new SecurityController();
var token = securityController.RefreshToken(userAccount, userDetails);
return(Ok(token));
}
}
if (userAccount != null)
{
returnMessage = "Token failed refresh check, User account disabled/locked-out";
userAccount.AccessFailedCount = userAccount.AccessFailedCount + 1;
if (userAccount.AccessFailedCount >= 5)
{
userAccount.LockoutEnabled = true;
userAccount.RefreshId = 0;
userAccount.LockoutEnd = DateTime.Now.AddMinutes(15);
}
userAccount.LastModifiedBy = "SECURITY";
userAccount.LastModified = DateTime.Now;
db.Entry(userAccount).State = EntityState.Modified;
}
try
{
db.SaveChanges();
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
return(Content(HttpStatusCode.Unauthorized, returnMessage));
}
}
catch (Exception e)
{
_log.Error("An error occurred while adding Users.", e);
return(InternalServerError(e));
}
}
}
catch (Exception e)
{
_log.Error(e.Message);
}
}
return(BadRequest("Header values not found."));
}
// PUT: api/UserLoginCreation/5
public IHttpActionResult Put(int id, HttpRequestMessage request, UserLoginCreation userLogin)
{
var headers = request.Headers;
var requestingUser = string.Empty;
if (headers.Contains("token"))
{
try
{
var userToken = headers.GetValues("token").First();
Tuple <bool, string> validationResult = JwtTokenHelper.ValidateToken(userToken);
if (validationResult.Item1)
{
// Check to see if the refreshId's match. If they do not, then it means something (i.e. invalid password)
// has caused the issued token to become invalidated. If so, then we need to send a message back to
// the calling client.
long refreshId = 0;
if (long.TryParse(JwtTokenHelper.GetTokenPayloadValue(userToken, "refreshId"), out refreshId))
{
if (db.UserLogins.FirstOrDefault(p => p.RefreshId == refreshId) == null)
{
return(Content(HttpStatusCode.Unauthorized,
"Token failed refresh check, User account disabled/locked-out"));
}
}
requestingUser = JwtTokenHelper.GetTokenPayloadValue(userToken, "unique_name");
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
UserLogin newUserLogin = db.UserLogins.Find(id);
if (newUserLogin == null)
{
return(NotFound());
}
newUserLogin.Id = userLogin.Id;
newUserLogin.LastModifiedBy = requestingUser;
newUserLogin.LastModified = DateTime.Now;
newUserLogin.Login = userLogin.Login;
newUserLogin.IsAdmin = userLogin.IsAdmin;
newUserLogin.LockoutEnabled = false;
newUserLogin.LockoutEnd = DateTime.Parse("1/1/1900");
newUserLogin.AccessFailedCount = 0;
newUserLogin.PasswordHash = LMSDataService.SecurityHelper.Sha256Hash(userLogin.Password);
//db.UserLogins.Add(newUserLogin);
db.Entry(newUserLogin).State = EntityState.Modified;
db.SaveChanges();
return(Ok(newUserLogin));
}
}
catch (Exception e)
{
_log.Error(string.Format(Resource.GeneralError_Pre, "UserLoginCreation:Put"), e);
}
}
return(BadRequest("Token invalid or not present"));
}