public static ActionResult <UserModel> Execute(Guid webSessionId, PostVerifyUserType data, string connectionString)
{
try
{
using (var connection = new SqlConnection(connectionString))
{
// create command object
var command = new SqlCommand();
command.Connection = connection;
command.Connection.Open();
// authenticate web session
if (!WebSessionCheck.Check(webSessionId, connection, command))
{
return(new UnauthorizedResult());
}
// update user, set verified time to now and set verifier user id to given value
command.CommandText = @$ "
UPDATE users
SET verified = GETDATE()
, verifier_user_id = (SELECT users.id
FROM users
JOIN web_sessions
ON users.id = web_sessions.user_id
WHERE web_sessions.id = '{data.webSessionId}')
WHERE username = '******'
";
var rowsAffected = command.ExecuteNonQuery();
// if no rows affected, user was not updated
if (rowsAffected != 1)
{
return(new BadRequestResult());
}
// select updated user from database
command.CommandText = @$ "
SELECT *
FROM users
WHERE username = '******'
public ActionResult <UserModel> PostVerifyUser([FromHeader(Name = "X-websession")] Guid webSessionId, [FromBody] PostVerifyUserType data)
{
return(postVerifyUser.Execute(webSessionId, data, _configuration["ConnectionStrings:DefaultConnection"]));
}
