public ActionResult Create([Bind(Prefix = "Item1", Include = "appuserid,empid,username,password,roles")] appUser appUser)
{
ModelState.Clear();
UserDD();
var check = appUser.empid;
var HasAccount = db.appUsers.Where(user => user.empid == check).Select(user => user.empid).FirstOrDefault().ToString();
var check2 = appUser.username;
var IsExisting = db.appUsers.FirstOrDefault(user => user.username == check2);
if (HasAccount == "")
{
if (IsExisting == null)
{
if (ModelState.IsValid)
{
db.appUsers.Add(appUser);
db.SaveChanges();
return(RedirectToAction("Create"));
}
}
else if (IsExisting != null)
{
ModelState.AddModelError("", "User name is already taken.");
}
}
else if (HasAccount != "")
{
ModelState.AddModelError("", "Employee already has an account.");
}
return(View(appUser));
}
public async Task <ActionResult <UserDto> > Register(RegisterDto newuser)
{
if (await UserExists(newuser.username))
{
return(BadRequest("Username is taken"));
}
using var hmac = new HMACSHA512();
var user = new appUser
{
UserName = newuser.username,
PasswordSalt = hmac.Key,
passwordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(newuser.password))
};
await _context.Users.AddAsync(user);
await _context.SaveChangesAsync();
return(new UserDto
{
UserName = user.UserName,
Token = _tokenService.CreateToken(user)
});
}
public async Task <IHttpActionResult> PostappUser(appUser appUser)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
db.appUsers.Add(appUser);
try
{
await db.SaveChangesAsync();
}
catch (DbUpdateException)
{
if (appUserExists(appUser.userName))
{
return(Conflict());
}
else
{
throw;
}
}
return(CreatedAtRoute("DefaultApi", new { id = appUser.userName }, appUser));
}
public ActionResult Login(appUser appUser)
{
using (kalingaPPDOEntities db = new kalingaPPDOEntities())
{
try
{
var UserCredentials = db.appUsers.Single(u => u.username == appUser.username && u.password == appUser.password);
var Name = db.EmpMasterProfiles.Single(n => n.empid == UserCredentials.empid);
if (UserCredentials != null)
{
RemainSession.Username = UserCredentials.username;
RemainSession.Firstname = Name.FirstName;
RemainSession.Lastname = Name.LastName;
RemainSession.EmployeeID = UserCredentials.empid.ToString();
RemainSession.Roles = UserCredentials.roles;
return(RedirectToAction("Index", "Dashboard"));
}
else
{
ModelState.AddModelError("", "Username or Password is wrong");
}
}
catch
{
ModelState.AddModelError("", "Username or Password is wrong");
}
}
return(View());
}
// public methods
public static appUser getUser(string login,string password) {
appUser user = null;
using(SqlConnection con = connectionManager.getConnection()) {
SqlCommand com = new SqlCommand("getUser",con);
com.CommandType = System.Data.CommandType.StoredProcedure;
com.Parameters.AddWithValue("@login",login);
com.Parameters.AddWithValue("@password",password);
try {
con.Open();
SqlDataReader reader = com.ExecuteReader();
if(reader.HasRows) {
while(reader.Read()) {
user = new appUser();
user.id = Convert.ToInt32(reader["id"]);
user.login = login;
user.email = reader["emailAddress"].ToString();
user.group = dbUserGroups.getUserGroup(Convert.ToInt32(reader["groupID"]));
}
};
} catch { throw; };
}
return user;
}
public async Task <IHttpActionResult> PutappUser(string id, appUser appUser)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != appUser.userName)
{
return(BadRequest());
}
db.Entry(appUser).State = EntityState.Modified;
try
{
await db.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!appUserExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public static List<appUser> getAllUsersForGroup(int groupID) {
List<appUser> users = new List<appUser>();
using (SqlConnection con = connectionManager.getConnection()) {
SqlCommand com = new SqlCommand("getAllUsersForGroup", con);
com.CommandType = System.Data.CommandType.StoredProcedure;
com.Parameters.AddWithValue("@groupID", groupID);
try {
con.Open();
SqlDataReader reader = com.ExecuteReader();
if (reader.HasRows) {
while (reader.Read()) {
appUser user = new appUser();
user.id = Convert.ToInt32(reader["id"]);
user.login = reader["login"].ToString();
user.email = reader["emailAddress"].ToString();
users.Add(user);
}
};
} catch { throw; };
}
return users;
}
public async Task <ActionResult <UserDTO> > Register(RegisterDTO registerDTO)
{
if (await UserExists(registerDTO.Username))
{
return(BadRequest("Username is already taken!"));
}
using var hmac = new HMACSHA512();
var user = new appUser
{
UserName = registerDTO.Username.ToLower(),
PasswordHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(registerDTO.Password)),
PasswordSalt = hmac.Key
};
_context.Users.Add(user);
await _context.SaveChangesAsync();
return(new UserDTO
{
Username = user.UserName,
Token = _tokenService.CreateToken(user)
});
}
public ActionResult DeleteConfirmed(int id)
{
appUser appUser = db.appUsers.Find(id);
db.appUsers.Remove(appUser);
db.SaveChanges();
return(RedirectToAction("Create"));
}
// methods
public bool setUser(string login,string password) {
this.currentUser = dbUsers.getUser(login,password);
if(this.currentUser != null) {
validUserLoggedInEventArgs args = new validUserLoggedInEventArgs(login);
validUserLoggedIn(this,args);
return true;
}
return false;
}
public async Task <IHttpActionResult> GetappUser(string id)
{
appUser appUser = await db.appUsers.FindAsync(id);
if (appUser == null)
{
return(NotFound());
}
return(Ok(appUser));
}
public ActionResult Edit([Bind(Include = "appuserid,empid,username,password,roles")] appUser appUser)
{
ModelState.Clear();
UserDD();
if (ModelState.IsValid)
{
db.Entry(appUser).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Create"));
}
return(View(appUser));
}
private async Task LoadAsync(appUser user)
{
var email = await _userManager.GetEmailAsync(user);
Email = email;
Input = new InputModel
{
NewEmail = email,
};
IsEmailConfirmed = await _userManager.IsEmailConfirmedAsync(user);
}
private async Task LoadAsync(appUser user)
{
var userName = await _userManager.GetUserNameAsync(user);
var phoneNumber = await _userManager.GetPhoneNumberAsync(user);
Username = userName;
Input = new InputModel
{
PhoneNumber = phoneNumber
};
}
public async Task <IHttpActionResult> DeleteappUser(string id)
{
appUser appUser = await db.appUsers.FindAsync(id);
if (appUser == null)
{
return(NotFound());
}
db.appUsers.Remove(appUser);
await db.SaveChangesAsync();
return(Ok(appUser));
}
// GET: AppUsers/Details/5
public ActionResult Details(int?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
appUser appUser = db.appUsers.Find(id);
if (appUser == null)
{
return(HttpNotFound());
}
return(View(appUser));
}
public async Task <IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
if (ModelState.IsValid)
{
var user = new appUser {
UserName = Input.Email, Email = Input.Email
};
var result = await _userManager.CreateAsync(user, Input.Password);
if (result.Succeeded)
{
_logger.LogInformation("User created a new account with password.");
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
var callbackUrl = Url.Page(
"/Account/ConfirmEmail",
pageHandler: null,
values: new { area = "Identity", userId = user.Id, code = code },
protocol: Request.Scheme);
await _emailSender.SendEmailAsync(Input.Email, "Confirm your email",
$"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
if (_userManager.Options.SignIn.RequireConfirmedAccount)
{
return(RedirectToPage("RegisterConfirmation", new { email = Input.Email }));
}
else
{
await _signInManager.SignInAsync(user, isPersistent : false);
return(LocalRedirect(returnUrl));
}
}
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
}
// If we got this far, something failed, redisplay form
return(Page());
}
private async Task LoadSharedKeyAndQrCodeUriAsync(appUser user)
{
// Load the authenticator key & QR code URI to display on the form
var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
if (string.IsNullOrEmpty(unformattedKey))
{
await _userManager.ResetAuthenticatorKeyAsync(user);
unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
}
SharedKey = FormatKey(unformattedKey);
var email = await _userManager.GetEmailAsync(user);
AuthenticatorUri = GenerateQrCodeUri(email, unformattedKey);
}
public string CreateToken(appUser user)
{
List <Claim> claim = new List <Claim> {
new Claim(JwtRegisteredClaimNames.NameId, user.UserName)
};
SigningCredentials cred = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature);
SecurityTokenDescriptor TokenDescriptor = new SecurityTokenDescriptor {
Subject = new ClaimsIdentity(claim),
Expires = DateTime.Now.AddDays(7),
SigningCredentials = cred
};
JwtSecurityTokenHandler TokenHandler = new JwtSecurityTokenHandler();
SecurityToken token = TokenHandler.CreateToken(TokenDescriptor);
return(TokenHandler.WriteToken(token));
}
public async Task <IActionResult> OnPostConfirmationAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
// Get the information about the user from the external login provider
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
{
ErrorMessage = "Error loading external login information during confirmation.";
return(RedirectToPage("./Login", new { ReturnUrl = returnUrl }));
}
if (ModelState.IsValid)
{
var user = new appUser {
UserName = Input.Email, Email = Input.Email
};
var result = await _userManager.CreateAsync(user);
if (result.Succeeded)
{
result = await _userManager.AddLoginAsync(user, info);
if (result.Succeeded)
{
await _signInManager.SignInAsync(user, isPersistent : false);
_logger.LogInformation("User created an account using {Name} provider.", info.LoginProvider);
return(LocalRedirect(returnUrl));
}
}
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
}
LoginProvider = info.LoginProvider;
ReturnUrl = returnUrl;
return(Page());
}
public async Task <IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
if (ModelState.IsValid)
{
var user = new appUser {
UserName = Input.Email, Email = Input.Email, PhoneNumber = Input.PhoneNumber, FullName = Input.FullName, CreatedAt = DateTime.Now
};
var result = await _userManager.CreateAsync(user, Input.Password);
if (result.Succeeded)
{
_logger.LogInformation("User created a new account with password.");
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var callbackUrl = Url.Page(
"/Account/ConfirmEmail",
pageHandler: null,
values: new { userId = user.Id, code = code },
protocol: Request.Scheme);
await _emailSender.SendEmailAsync(Input.Email, "Confirm your email",
$"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
await _signInManager.SignInAsync(user, isPersistent : false);
return(LocalRedirect(returnUrl));
}
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
}
// If we got this far, something failed, redisplay form
return(Page());
}
public async Task <IActionResult> OnPostConfirmationAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
// Get the information about the user from the external login provider
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
{
ErrorMessage = "Error loading external login information during confirmation.";
return(RedirectToPage("./Login", new { ReturnUrl = returnUrl }));
}
if (ModelState.IsValid)
{
var user = new appUser {
UserName = Input.Email, Email = Input.Email
};
var result = await _userManager.CreateAsync(user);
if (result.Succeeded)
{
result = await _userManager.AddLoginAsync(user, info);
if (result.Succeeded)
{
_logger.LogInformation("User created an account using {Name} provider.", info.LoginProvider);
var userId = await _userManager.GetUserIdAsync(user);
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
var callbackUrl = Url.Page(
"/Account/ConfirmEmail",
pageHandler: null,
values: new { area = "Identity", userId = userId, code = code },
protocol: Request.Scheme);
await _emailSender.SendEmailAsync(Input.Email, "Confirm your email",
$"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
// If account confirmation is required, we need to show the link if we don't have a real email sender
if (_userManager.Options.SignIn.RequireConfirmedAccount)
{
return(RedirectToPage("./RegisterConfirmation", new { Email = Input.Email }));
}
await _signInManager.SignInAsync(user, isPersistent : false, info.LoginProvider);
return(LocalRedirect(returnUrl));
}
}
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
}
LoginProvider = info.LoginProvider;
ReturnUrl = returnUrl;
return(Page());
}
public void Update(appUser user)
{
_context.Entry(user).State = EntityState.Modified;
}
public void saveGeneral(appUser setUser)
{
XmlReader readXML = XmlReader.Create("currentload.db");
XmlDocument saveXML = new XmlDocument();
saveXML.Load(readXML);
saveXML.SelectSingleNode("//Database/Details/UserName").InnerText = setUser.Name;
saveXML.SelectSingleNode("//Database/Details/IC").InnerText = setUser.IC;
saveXML.SelectSingleNode("//Database/Details/Address").InnerText = setUser.HomeAddress;
saveXML.SelectSingleNode("//Database/Details/HouseNo").InnerText = setUser.HouseNumber;
saveXML.SelectSingleNode("//Database/Details/PhoneNo").InnerText = setUser.PhoneNumber;
saveXML.SelectSingleNode("//Database/Details/Email").InnerText = setUser.Email;
saveXML.Save("saveNew.db");
}
public appUser loadGeneral()
{
appUser currentUser = new appUser();
XmlReader readXML = XmlReader.Create("currentload.db");
while (readXML.Read())
{
if (readXML.NodeType == XmlNodeType.Element && readXML.Name == "Database")
{
while (readXML.NodeType != XmlNodeType.EndElement)
{
readXML.Read();
if (readXML.Name == "Details")
{
while (readXML.NodeType != XmlNodeType.EndElement)
{
readXML.Read();
if (readXML.Name == "UserName")
{
while (readXML.NodeType != XmlNodeType.EndElement)
{
readXML.Read();
if (readXML.NodeType == XmlNodeType.Text)
{
currentUser.Name = readXML.Value;
}
}
readXML.Read();
}
if (readXML.Name == "IC")
{
while (readXML.NodeType != XmlNodeType.EndElement)
{
readXML.Read();
if (readXML.NodeType == XmlNodeType.Text)
{
currentUser.IC = readXML.Value;
}
}
readXML.Read();
}
if (readXML.Name == "Address")
{
while (readXML.NodeType != XmlNodeType.EndElement)
{
readXML.Read();
if (readXML.NodeType == XmlNodeType.Text)
{
currentUser.HomeAddress = readXML.Value;
}
}
readXML.Read();
}
if (readXML.Name == "HouseNo")
{
while (readXML.NodeType != XmlNodeType.EndElement)
{
readXML.Read();
if (readXML.NodeType == XmlNodeType.Text)
{
currentUser.HouseNumber = readXML.Value;
}
}
readXML.Read();
}
if (readXML.Name == "PhoneNo")
{
while (readXML.NodeType != XmlNodeType.EndElement)
{
readXML.Read();
if (readXML.NodeType == XmlNodeType.Text)
{
currentUser.PhoneNumber = readXML.Value;
}
}
readXML.Read();
}
if (readXML.Name == "Email")
{
while (readXML.NodeType != XmlNodeType.EndElement)
{
readXML.Read();
if (readXML.NodeType == XmlNodeType.Text)
{
currentUser.Email = readXML.Value;
}
}
readXML.Read();
}
}
}
}
}
}
readXML.Close();
return currentUser;
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
#region Username / Password Required
if (string.IsNullOrWhiteSpace(context.UserName))
{
context.SetError("Username", "The Username is Required");
return;
}
if (string.IsNullOrWhiteSpace(context.Password))
{
context.SetError("Password", "The Password is Required");
return;
}
#endregion
try
{
appUser user = Auth.UserLogin(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The Username or Password is incorrect.");
return;
}
if (!user.isApproved)
{
context.SetError("invalid_grant", "User is not approved");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
AuthenticationProperties props = new AuthenticationProperties(new Dictionary <string, string>()
{
{ "account_id", user.UserId.Value.ToString() },
{ "username", user.username },
{ "roles", string.Join(", ", user.roles) },
{ "name", string.IsNullOrEmpty(user.nombre) ? "" : user.nombre },
{ "lastlogin", user.lastlogin },
{ "picture", string.IsNullOrEmpty(user.picture) ? "" : user.picture }
});
AuthenticationTicket ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
catch (Exception ex)
{
switch (ex.Message)
{
case "Invalid Password":
case "User not found":
context.SetError("invalid_grant", "The Username or Password is incorrect.");
return;
case "User locked out":
context.SetError("invalid_grant", "The User is Locked Out");
return;
default:
context.SetError("invalid_grant", "Error while validating user");
return;
}
}
}
public void logOut() {
this.currentUser = null;
userLoggedOut(this,new EventArgs());
}
