public List <PotentialQuestions> GetPotentialQuestions()
{
try
{
UserAccountSecurityManager resetter = new UserAccountSecurityManager();
return(resetter.GetSecurityQuestionList());
}
catch (Exception e)
{
CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current);
}
return(new List <PotentialQuestions>());
}
public async Task <HttpResponseMessage> PostRegisterUser([FromBody] CreateUser user)
{
try
{
if (!ModelState.IsValid)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Model State"));
}
if (String.IsNullOrWhiteSpace(user.PrimaryEmail))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
}
if (!emailvalidator.IsMatch(user.PrimaryEmail))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
}
if (!emailvalidator.IsMatch(user.ConfirmEmail.Trim()))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
}
if (user.PrimaryEmail != user.ConfirmEmail)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
}
if (new UserManager().GetUserDetail(user.PrimaryEmail) != null)
{
return(Request.CreateResponse(HttpStatusCode.Conflict, "An account already exists for that email address"));
}
UserAccountSecurityManager resetter = new UserAccountSecurityManager();
bool rval = resetter.CreateUserSendEmail(user);
if (rval)
{
return(Request.CreateResponse(HttpStatusCode.OK, "Created Successfully"));
}
else
{
return(Request.CreateResponse(HttpStatusCode.InternalServerError, "Unknown error"));
}
}
catch (CSETApplicationException ce)
{
return(Request.CreateResponse(HttpStatusCode.Conflict, ce.Message));
}
catch (Exception e)
{
return(CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current));
}
}
public async Task <HttpResponseMessage> PostChangePassword([FromBody] ChangePassword changePass)
{
try
{
if (!ModelState.IsValid)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Model State"));
}
if (!emailvalidator.IsMatch(changePass.PrimaryEmail.Trim()))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid PrimaryEmail"));
}
Login login = new Login()
{
Email = changePass.PrimaryEmail,
Password = changePass.CurrentPassword
};
LoginResponse resp = UserAuthentication.Authenticate(login);
if (resp == null)
{
return(Request.CreateResponse(HttpStatusCode.Conflict, "Current password is invalid. Try again or request a new temporary password."));
}
UserAccountSecurityManager resetter = new UserAccountSecurityManager();
bool rval = await resetter.ChangePassword(changePass);
if (rval)
{
resp.PasswordResetRequired = false;
await db.SaveChangesAsync();
return(Request.CreateResponse(HttpStatusCode.OK, "Created Successfully"));
}
else
{
return(Request.CreateResponse(HttpStatusCode.InternalServerError, "Unknown error"));
}
}
catch (CSETApplicationException ce)
{
return(Request.CreateResponse(HttpStatusCode.Conflict, ce.Message));
}
catch (Exception e)
{
return(CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current));
}
}
public async Task <IHttpActionResult> GetSecurityQuestions([FromUri] string email, [FromUri] string appCode)
{
try
{
if (db.USERS.Where(x => String.Equals(x.PrimaryEmail, email)).FirstOrDefault() == null)
{
return(Conflict());
}
var q = from b in db.USER_SECURITY_QUESTIONS
join c in db.USERS on b.UserId equals c.UserId
where c.PrimaryEmail == email
select new SecurityQuestions()
{
SecurityQuestion1 = b.SecurityQuestion1,
SecurityQuestion2 = b.SecurityQuestion2
};
List <SecurityQuestions> questions = q.ToList();
//note that you don't have to provide a security question
//it will just reset if you don't
if (questions.Count == 0 ||
(questions[0].SecurityQuestion1 == null && questions[0].SecurityQuestion2 == null))
{
UserAccountSecurityManager resetter = new UserAccountSecurityManager();
bool rval = await resetter.ResetPassword(email, "Password Reset", appCode);
return(Ok(new List <SecurityQuestions>()));
}
return(Ok(questions));
}
catch (Exception e)
{
CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current);
return(Content(HttpStatusCode.InternalServerError, e.Message));
}
}
public async Task <IHttpActionResult> ResetPassword([FromBody] SecurityQuestionAnswer answer)
{
try
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!emailvalidator.IsMatch(answer.PrimaryEmail.Trim()))
{
return(BadRequest());
}
if (IsSecurityAnswerCorrect(answer))
{
UserAccountSecurityManager resetter = new UserAccountSecurityManager();
bool rval = await resetter.ResetPassword(answer.PrimaryEmail, "Password Reset", answer.AppCode);
if (rval)
{
return(StatusCode(HttpStatusCode.OK));
}
else
{
return(StatusCode(HttpStatusCode.InternalServerError));
}
}
// return Unauthorized();
// returning a 401 (Unauthorized) gets caught by the JWT interceptor and dumps the user out, which we don't want.
return(Conflict());
}
catch (Exception e)
{
return((IHttpActionResult)CSETWeb_Api.Helpers.ElmahWrapper.LogAndReportException(e, Request, HttpContext.Current));
}
}
