public void ValidateUsernameAndPasswordWrongPassword()
{
bool expectedResult = true;
bool result = UserAccessor.VerifyUsernameAndPassword("SCSYMCX", "hilo");
Assert.AreNotEqual(expectedResult, result);
}
/// <summary>
/// Author: Matt LaMarche
/// Created : 2/6/2019
/// Similar to AuthenticateUser but returns an Employee object
/// </summary>
/// <param name="userName">Username for this employee to log in</param>
/// <param name="password">Password for this employee to log in</param>
/// <returns></returns>
public Employee AuthenticateEmployee(string userName, string password)
{
Employee employee = null;
// hast the password
password = hashSHA256(password);
// this is unsafe code...
try
{
if (1 == UserAccessor.VerifyUsernameAndPassword(userName, password)) // if the user is verified I want to create a user object
{
// the user is validated, so instantiate a user
employee = UserAccessor.RetrieveEmployeeByEmail(userName);
if (password == hashSHA256("newuser"))
{
//user.Roles.Clear();
//user.Roles.Add("New User");
}
}
else
{
throw new ApplicationException("User not found.");
}
}
catch (Exception ex) // this is were we would communicate with the log
{
throw new ApplicationException("User not validated.", ex); // ex as the inner exception, we we are preserving the inner exception
}
return(employee);
}
//[AllowAnonymous]
public async Task <ActionResult <LeaveItemResponse> > ProViewLeaves([FromBody] ViewLeavesRequest request)
{
var pro_id = Int32.Parse(User.Identity.Name);
if (await UserAccessor.CheckRole(pro_id) == Constants.Role.Student)
{
return(BadRequest(new { message = "ProViewLeaves is not for students." }));
}
var start = (request.pagenum - 1) * request.pagesize;
var end = request.pagenum * request.pagesize;
LeaveItemResponse leaves = new LeaveItemResponse();
leaves.pagenum = request.pagenum;
leaves.leavelist = new System.Collections.Generic.List <LeaveResponse>();
var leave_list = await LeaveAccessor.ProViewLeaves(pro_id);
if (leave_list != null)
{
for (int i = start; i < end && i < leave_list.total; i++)
{
LeaveResponse lr = _mapper.Map <LeaveResponse>(leave_list.leaveItem[i]);
lr.student_name = await UserAccessor.GetUserName(lr.student_id);
lr.work_name = await WorkAccessor.GetWorkName(lr.work_id);
leaves.leavelist.Add(lr);
}
leaves.total = leave_list.total;
return(Ok(leaves));
}
return(Ok(-1)); // Never arrive there
}
private async Task <DialogTurnResult> SetFavoritesAsync(WaterfallStepContext sc, CancellationToken cancellationToken)
{
var convState = await ConvAccessor.GetAsync(sc.Context, () => new NewsSkillState(), cancellationToken : cancellationToken);
var userState = await UserAccessor.GetAsync(sc.Context, () => new NewsSkillUserState(), cancellationToken : cancellationToken);
// if intent is SetFavorites or not set in state yet
if ((convState.LuisResult != null && convState.LuisResult.TopIntent().intent == Luis.NewsLuis.Intent.SetFavoriteTopics) || userState.Category == null)
{
// show card with categories the user can choose
var categories = new PromptOptions()
{
Choices = new List <Choice>(),
};
categories.Choices.Add(new Choice("Business"));
categories.Choices.Add(new Choice("Entertainment"));
categories.Choices.Add(new Choice("Health"));
categories.Choices.Add(new Choice("Politics"));
categories.Choices.Add(new Choice("World"));
categories.Choices.Add(new Choice("Sports"));
return(await sc.PromptAsync(nameof(ChoicePrompt), new PromptOptions()
{
Prompt = TemplateManager.GenerateActivityForLocale(FavoriteTopicsResponses.FavoriteTopicPrompt),
Choices = categories.Choices
},
cancellationToken));
}
return(await sc.NextAsync(userState.Category, cancellationToken));
}
public async Task <ActionResult <WorkResponse> > ChangeWorkInfo([FromBody] UpdateWorkRequest request)
{
//判断request里是否满足前置条件
if (!ModelState.IsValid)
{
return(BadRequest());
}
var provider_id = Int32.Parse(User.Identity.Name);
if (await UserAccessor.CheckRole(provider_id) == Role.Student)
{
return(BadRequest(new { message = "Student cannot update work" }));
}
var work = _mapper.Map <WorkEntity>(request);
work.teacher_id = provider_id;
work.work_id = request.work_id;
work.total_time = CalTotalTime(request.start_day, request.end_day, request.start_time, request.end_time, request.week_day);
if (work.total_time == 0)
{
return(Ok("Duration time is 0."));
}
await WorkAccessor.Update(work); //return work_id
return(Ok(_mapper.Map <WorkResponse>(work)));
}
/// <summary>
/// Bobby Thorne
/// 2/12/17
/// Update
/// Bobby Thorne
/// 3/10/2017
///
/// This will test the Text Fields to make sure that
/// bad data is not entered when creating a new user
///
/// Update
/// added a catch for phone number and if username is
/// already used
///
/// Updated 2017-03-22 by William Flood
/// Refactored database call to a static method to resolve issue #22
/// </summary>
/// <param name="user"></param>
/// <param name="password"></param>
/// <param name="confirmPassword"></param>
/// <returns></returns>
public string CreateNewUser(User user, string password, string confirmPassword)
{
var result = ValidateUser(user, password, confirmPassword);
if (result != "")
{
return(result);
}
user.PasswordSalt = RandomString(32);
user.PasswordHash = HashSha256(password + user.PasswordSalt);
try
{
if (1 == UserAccessor.CreateUser(user))
{
return("Created");
}
}
catch
{
return("UnableToCreate");
}
return("UnableToCreate");
}
protected BaseService()
{
_userAccessor = DependencyResolver.Current.GetService <UserAccessor>();
var loggerFactory = DependencyResolver.Current.GetService <ILoggerFactory>();
Logger = loggerFactory.CreateLogger(GetType());
}
public User AuthenticateUser(string username, string password)
{
// check if the user entered the correct username and password
User user = null;
try
{
if (1 == UserAccessor.VerifyUsernameAndPassword(username, HashSHA256(password)))
{
password = null;
//get a user
user = UserAccessor.RetrieveUserByUsername(username);
//get the roles
var roles = UserAccessor.RetrieveEmployeeRoles(user.EmployeeID);
user.Roles = roles;
}
else
{
throw new ApplicationException("Authentication Failed!");
}
}
catch (Exception)
{
throw;
}
return(user);
}
public async Task <ActionResult <UserResponse> > UpdateUser([FromBody] UserRequest request)
{
//request是否满足格式
if (!ModelState.IsValid)
{
return(BadRequest());
}
//当前账户id
var u_id = Int32.Parse(User.Identity.Name);
//查找当前id是否存在user
var temp = await UserAccessor.Find(u_id);
if (temp == 1) // exists
{
await UserAccessor.Change(u_id, request);
//成功更新
var user = await UserAccessor.Read(u_id);
return(Ok(_mapper.Map <UserResponse>(user)));
}
;
// user不存在
return(BadRequest(new { message = "The user donot exist" }));
}
public Response <int> AddOrUpdateUsers(AddOrUpdateUserRequest request)
{
Response <int> response = new Response <int>();
if (request == null || request.UserCollection == null || !request.UserCollection.Any())
{
ArgumentNullException ex = new ArgumentNullException("AddOrUpdateUser request");
LogError(ex);
response.ErrorCode = ErrorCode.Argument;
response.Exception = ex;
return(response);
}
try
{
UserAccessor accessor = new UserAccessor();
response.Result = accessor.AddOrUpdateUsers(request.UserCollection);
response.IsSuccess = true;
}
catch (Exception ex)
{
LogError(ex);
response.IsSuccess = false;
response.ErrorCode = ErrorCode.Technical;
}
return(response);
}
public User AuthenticateLogin(string email)
{
User _user = null;
UserRoles _userRoles = null;
try
{
//string pwhash = HashSHA256(password);
if (1 == UserAccessor.VerifyLoginInfo(email))
{
//password = null;
_user = UserAccessor.RetrieveUserWithEmail(email);
_userRoles.Roles = UserAccessor.RetrieveUserRoles(_user.UserID);
}
else
{
throw new ApplicationException("Incorrect email or password.");
}
}
catch (Exception ex)
{
throw new ApplicationException("An error has occurred. " + ex.Message);
}
return(_user);
}
public void Setup()
{
_httpContextAccessor = Substitute.For <IHttpContextAccessor>();
_userManager = new FakeUserManager();
_arpaContext = Substitute.For <IArpaContext>();
_userAccessor = new UserAccessor(_httpContextAccessor, _userManager, _arpaContext);
}
public bool RegisterUser(User user)
{
bool result = false;
try
{
bool userCreated = 1 == UserAccessor.CreateUser(user);
if (!userCreated)
{
throw new ApplicationException("User could not be created!");
}
else
{
foreach (var role in user.Roles)
{
if (1 != UserAccessor.CreateUserRole(user.Username, role))
{
result = false;
}
}
}
}
catch (Exception)
{
throw;
}
return(result);
}
public int AddNewUser(string firstName,
string lastName,
string zip,
string emailAddress,
string userName,
string passWord,
bool active,
int?regionID)
{
try
{
var usr = new User()
{
FirstName = firstName,
LastName = lastName,
Zip = zip,
EmailAddress = emailAddress,
UserName = userName,
Password = passWord,
Active = active,
RegionId = regionID
};
return(UserAccessor.CreateUser(usr));
}
catch (Exception)
{
throw;
}
}
/// <summary>
/// 修改用户Token值及有效时间
/// </summary>
public Response <bool> UpdateToken(long ID, string Str1, string Str2)
{
Response <bool> response = new Response <bool>();
UserAccessor accessor = new UserAccessor();
try
{
bool result = accessor.UpdateToken(ID, Str1, Str2);
if (result)
{
response.Result = true;
response.IsSuccess = true;
}
else
{
response.Result = false;
response.IsSuccess = false;
}
}
catch (Exception ex)
{
LogError(ex);
response.IsSuccess = false;
response.ErrorCode = ErrorCode.Technical;
}
return(response);
}
public bool CreateAccount(string username, string password, string firstName, string lastName, string phoneNumber, string address, string email)
{
var result = false;
if (username.Length < 5 || username.Length > 20)
{
throw new ApplicationException("INVALID USERNAME: Your username must be at least 6 characters and no more than 20 characters long.");
}
else if (password.Length < 7)
{
throw new ApplicationException("INVALID PASSWORD: Your Password must be at least 7 characters long.");
}
try
{
if (1 == UserAccessor.AddNewUser(username, HashSHA256(password), firstName, lastName, phoneNumber, address, email))
{
result = true;
}
else
{
result = false;
}
}
catch (Exception)
{
throw;
}
return(result);
}
public Response <GetUsersByConditionResponse> GetUsersByConditon(GetUsersByConditionRequest request)
{
Response <GetUsersByConditionResponse> response = new Response <GetUsersByConditionResponse>()
{
Result = new GetUsersByConditionResponse()
};
if (request == null)
{
ArgumentNullException ex = new ArgumentNullException("GetUsersByConditon request");
LogError(ex);
response.ErrorCode = ErrorCode.Argument;
response.Exception = ex;
return(response);
}
try
{
UserAccessor accessor = new UserAccessor();
int rowCount;
response.Result.Users = accessor.GetUsersByConditon(request.Name, request.DisplyName, request.State, request.UserType, request.PageIndex, request.PageSize, request.ProjectID, out rowCount).ToList();
response.Result.PageIndex = request.PageIndex;
response.Result.PageCount = rowCount % request.PageSize == 0 ? rowCount / request.PageSize : rowCount / request.PageSize + 1;
response.IsSuccess = true;
}
catch (Exception ex)
{
LogError(ex);
response.IsSuccess = false;
response.ErrorCode = ErrorCode.Technical;
}
return(response);
}
public Response <User> CheckLogin(GetUserByCheckLoginRequest request)
{
Response <User> response = new Response <User>();
if (request == null || string.IsNullOrEmpty(request.Name) || string.IsNullOrEmpty(request.Password) || request.ProjectID == 0)
{
ArgumentNullException ex = new ArgumentNullException("CheckLogin request");
LogError(ex);
response.ErrorCode = ErrorCode.Argument;
response.Exception = ex;
return(response);
}
UserAccessor accessor = new UserAccessor();
try
{
response.Result = accessor.CheckLoginUser(request.Name, request.Password, request.ProjectID);
response.IsSuccess = true;
}
catch (Exception ex)
{
LogError(ex);
response.IsSuccess = false;
response.ErrorCode = ErrorCode.Technical;
}
return(response);
}
/// <summary>
/// Created by William Flood
/// 2017/03/02
/// </summary>
/// <param name="userName"></param>
/// <param name="oldPassword"></param>
/// <param name="newPassword"></param>
/// <param name="confirmPassword"></param>
/// <returns></returns>
public int ChangePassword(String userName, String oldPassword, String newPassword, String confirmPassword)
{
var returnValue = 0;
if (newPassword.Equals(confirmPassword))
{
String oldSalt = UserAccessor.RetrieveUserSalt(userName);
String oldHash = HashSha256(oldPassword + oldSalt);
String newSalt = RandomString(32);
String newHash = HashSha256(newPassword + newSalt);
try
{
returnValue = UserAccessor.UpdatePassword(userName, oldSalt, oldHash, newSalt, newHash);
}
catch
{
throw;
}
}
else
{
returnValue = 0;
}
return(returnValue);
}
/// <summary>
/// 获取某个项目下的用户
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public Response <IEnumerable <UserRequest> > GetUserByProjetId(UserRequest request)
{
Response <IEnumerable <UserRequest> > response = new Response <IEnumerable <UserRequest> >();
if (request == null)
{
ArgumentNullException ex = new ArgumentNullException("GetUserByProjetId request");
LogError(ex);
response.ErrorCode = ErrorCode.Argument;
response.Exception = ex;
return(response);
}
try
{
UserAccessor accessor = new UserAccessor();
accessor.GetUserByProjectId(request.ProjectId);
}
catch (Exception ex)
{
LogError(ex);
response.IsSuccess = false;
response.ErrorCode = ErrorCode.Technical;
}
return(response);
}
public AccessToken ValidateExistingUser(string username, string password)
{
AccessToken accessToken;
if (username.Length < MIN_USERNAME || password.Length < MIN_PASSWORD)
{
throw new ApplicationException("Invalid username or password.");
}
try
{
if (1 == UserAccessor.RetrieveUserByUsernameAndPassword(username, password.HashSha256()))
{
var user = UserAccessor.RetrieveUserByUsername(username);
var roles = UserAccessor.RetrieveRolesByUserID(user.UserID);
var activeRoles = roles.Where(r => r.Active == true).ToList();
accessToken = new AccessToken(user, activeRoles);
}
else
{
throw new ApplicationException("Invalid username or password.");
}
}
catch
{
throw;
}
return(accessToken);
}
public Response <bool> EditUser(UserRequest request)
{
Response <bool> response = new Response <bool>();
if (request == null || request.ID == 0 || string.IsNullOrEmpty(request.Name) || string.IsNullOrEmpty(request.DisplayName))
{
ArgumentNullException ex = new ArgumentNullException("EditUser request");
LogError(ex);
response.ErrorCode = ErrorCode.Argument;
response.Exception = ex;
return(response);
}
try
{
UserAccessor accessor = new UserAccessor();
accessor.UpdateUser(request.ID, request.Name, request.UserName, request.ProjectId, request.ProjectRoleId, request.DisplayName, request.State, request.Sex, request.Tel, request.Mobile, request.Email, request.UserType, request.CustomerOrShipperID, request.RuleArea);
response.IsSuccess = true;
response.Result = true;
}
catch (Exception ex)
{
LogError(ex);
response.IsSuccess = false;
response.ErrorCode = ErrorCode.Technical;
}
return(response);
}
//[AllowAnonymous]
public async Task <ActionResult <WorkItemResponse> > ViewHistoryWork([FromBody] ViewWorkRequest request)
{
var pro_id = Int32.Parse(User.Identity.Name);
if (await UserAccessor.CheckRole(pro_id) == Role.Student)
{
return(BadRequest(new { message = "ViewHistoryWork is not for students. Students please try ViewOwnWork." }));
}
WorkItemResponse workItem = new WorkItemResponse();
var start = (request.pagenum - 1) * request.pagesize;
var end = request.pagenum * request.pagesize;
workItem.totalpage = start;
workItem.pagenum = request.pagenum;
workItem.worklist = new List <WorkResponse>();
var provide_list = await WorkAccessor.FindHistoryWork(pro_id);
if (provide_list != null)
{
for (int i = start; i < end && i < provide_list.total; ++i)
{
WorkResponse wr = _mapper.Map <WorkResponse>(provide_list.workItem[i]);
workItem.worklist.Add(wr);
}
workItem.totalpage = provide_list.total;
return(Ok(workItem));
}
return(Ok(-1)); // Never arrive there
}
/// <summary>
/// 根据用户登录名获取密码相关信息
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public Response <IEnumerable <User> > GetUserPassword(GetUserProjectsRequest request)
{
Response <IEnumerable <User> > response = new Response <IEnumerable <User> >();
if (request == null || string.IsNullOrEmpty(request.UserName))
{
ArgumentNullException ex = new ArgumentNullException("GetUserPassword request");
LogError(ex);
response.ErrorCode = ErrorCode.Argument;
response.Exception = ex;
return(response);
}
UserAccessor accessor = new UserAccessor();
try
{
response.Result = accessor.GetUserPassword(request.UserName);
response.IsSuccess = true;
}
catch (Exception ex)
{
LogError(ex);
response.IsSuccess = false;
response.ErrorCode = ErrorCode.Technical;
}
return(response);
}
public async Task <int> Getresign([FromBody] FindworkRequest request)
{
//判断request里是否满足前置条件
if (!ModelState.IsValid)
{
return(-1);
}
var user_id = Int32.Parse(User.Identity.Name);
if (await UserAccessor.CheckRole(user_id) != Role.Student)
{
return(-2);
}
TakesEntity entity = new TakesEntity();
entity.work_id = request.work_id;
entity.student_id = user_id;
MessageEntity temp_entity = new MessageEntity();
var work_name = await WorkAccessor.GetWorkName(request.work_id);
var student_name = await UserAccessor.GetUserName(user_id);
temp_entity.message_type = 0;
temp_entity.content = student_name + "同学辞去" + work_name + "工作。";
temp_entity.sender_id = user_id;
temp_entity.receiver_id = await WorkAccessor.GetTeacher(request.work_id);
var num = await TakesAccessor.GetRegion(entity);
await MessageAccessor.Create(temp_entity, 1);
return(num);
}
public Response <bool> ValidationUser(UserRequest request)
{
Response <bool> response = new Response <bool>();
try
{
UserAccessor accessor = new UserAccessor();
bool result = accessor.ValidationUser(request.Name);
if (result)
{
response.Result = true;
response.IsSuccess = true;
}
else
{
response.Result = false;
response.IsSuccess = false;
}
}
catch (Exception ex)
{
LogError(ex);
response.IsSuccess = false;
response.ErrorCode = ErrorCode.Technical;
}
return(response);
}
private async Task <DialogTurnResult> FindEvents(WaterfallStepContext sc, CancellationToken cancellationToken)
{
var userState = await UserAccessor.GetAsync(sc.Context, () => new EventSkillUserState());
var location = userState.Location;
List <Event> events = await _eventbriteService.GetEventsAsync(location);
List <Card> cards = new List <Card>();
foreach (var item in events)
{
var eventCardData = new EventCardData()
{
Title = item.Name.Text,
ImageUrl = item?.Logo?.Url ?? " ",
StartDate = item.Start.Local.ToString("dddd, MMMM dd, h:mm tt"),
Location = GetVenueLocation(item),
Price = item.IsFree ? "Free" : "Starts at " +
Convert.ToDouble(item.TicketAvailability.MinTicketPrice.MajorValue)
.ToString("C", System.Globalization.CultureInfo.GetCultureInfo(item.Locale.Replace("_", "-"))),
Url = item.Url
};
cards.Add(new Card(GetCardName(sc.Context, "EventCard"), eventCardData));
}
await sc.Context.SendActivityAsync(ResponseManager.GetCardResponse(FindEventsResponses.FoundEvents, cards, null));
return(await sc.EndDialogAsync());
}
public Response <long> RegisterUser(UserRequest request)
{
Response <long> response = new Response <long>();
UserAccessor accessor = new UserAccessor();
try
{
int returnVal = 0;
long userID = accessor.RegisterUser(request.Name, request.DisplayName, request.Password, request.State, request.Sex, request.Tel, request.Mobile, request.Email, request.UserType, request.CustomerOrShipperID, out returnVal);
if (returnVal == 1)
{
response.IsSuccess = true;
response.Result = userID;
}
else
{
response.IsSuccess = false;
response.Result = returnVal;
}
}
catch (Exception ex)
{
LogError(ex);
response.IsSuccess = false;
response.ErrorCode = ErrorCode.Technical;
}
return(response);
}
/// <summary>
/// Authenticates employee
/// </summary>
/// <param name="username">Entered username</param>
/// <param name="password">Entered password</param>
/// <returns>Returns User if Authentication Passes</returns>
public User AuthenticateUser(string username, string password)
{
User user = null;
//Username & Password pre-validation
if (username.Length < 5 || username.Length > 20)
{
throw new ApplicationException("Invalid Username");
}
if (password.Length < 3) // we really need a better method
{ // possibly a regex for complexity
throw new ApplicationException("Invalid Password");
}
try
{
if (UserAccessor.VerifyUsernameAndPassword(username, password)) //HashSHA256(password) ) )
{
password = null;
// need to create a employee object to use as an access token
// get a employee object
user = UserAccessor.RetrieveUserByUsername(username);
}
else
{
throw new ApplicationException("Authentication Failed!");
}
}
catch (Exception)
{
throw;
}
return(user);
}
public void ValidateUsernameAndPasswordWrongUsername()
{
bool expectedResult = true;
bool result = UserAccessor.VerifyUsernameAndPassword("SCSYMCK", "6cf615d5bcaac778352a8f1f3360d23f02f34ec182e259897fd6ce485d7870d4");
Assert.AreNotEqual(expectedResult, result);
}
