// POST api/CustomLogin public HttpResponseMessage Post(ChangePassRequest changeRequest) { string shardKey = Sharding.FindShard(User); // NEED TO RECHECK CONTEXT MUST DETERMINE COMPANY -> MUST FIND CORRECT DataBase mpbdmContext <Guid> context = new mpbdmContext <Guid>(WebApiConfig.ShardingObj.ShardMap, new Guid(shardKey), WebApiConfig.ShardingObj.connstring); Account account = context.Accounts.Include("User").Where(a => a.User.Email == changeRequest.email).SingleOrDefault(); if (account != null) { byte[] incoming = CustomLoginProviderUtils.hash(changeRequest.oldpass, account.Salt); if (CustomLoginProviderUtils.slowEquals(incoming, account.SaltedAndHashedPassword)) { if (changeRequest.password == changeRequest.repass) { byte[] newpass = CustomLoginProviderUtils.hash(changeRequest.password, account.Salt); account.SaltedAndHashedPassword = newpass; context.SaveChanges(); return(this.Request.CreateResponse(HttpStatusCode.Created)); } return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Passes don't match")); } } return(this.Request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid email or password")); }
public async Task <HttpResponseMessage> Post(string contactId) { string shardKey = Sharding.FindShard(User); mpbdmContext <Guid> db = new mpbdmContext <Guid>(WebApiConfig.ShardingObj.ShardMap, new Guid(shardKey), WebApiConfig.ShardingObj.connstring); // Security issue check company Contacts contact = db.Set <Contacts>().Include("Groups").Where(s => s.Id == contactId && s.Groups.CompaniesID == shardKey).FirstOrDefault(); if (contact == null) { this.Request.CreateResponse(HttpStatusCode.BadRequest, "Contact doesnt't exist!"); } CloudStorageAccount acc = CloudStorageAccount.Parse(ConfigurationManager.ConnectionStrings["Azure"].ConnectionString); CloudBlobClient blobClient = acc.CreateCloudBlobClient(); CloudBlobContainer photoContainer = blobClient.GetContainerReference("images"); await photoContainer.CreateIfNotExistsAsync(); var provider = new AzureBlobMultipartFormDataStreamProvider(photoContainer); await this.Request.Content.ReadAsMultipartAsync(provider); foreach (var file in provider.FileData) { //the LocalFileName is going to be the absolute Uri of the blob (see GetStream) //use it to get the blob info to return to the client var blob = await photoContainer.GetBlobReferenceFromServerAsync(file.LocalFileName); var fileNameGuid = Guid.NewGuid().ToString(); // Copy to get new URL ICloudBlob newBlob = null; if (blob is CloudBlockBlob) { newBlob = photoContainer.GetBlockBlobReference(fileNameGuid); } else { newBlob = photoContainer.GetPageBlobReference(fileNameGuid); } //Initiate blob copy await newBlob.StartCopyFromBlobAsync(blob.Uri); ////Now wait in the loop for the copy operation to finish //while (true) //{ // newBlob.FetchAttributes(); // if (newBlob.CopyState.Status != CopyStatus.Pending) // { // break; // } // //Sleep for a second may be // System.Threading.Thread.Sleep(1000); //} blob.Delete(); await newBlob.FetchAttributesAsync(); string url = newBlob.Uri.ToString(); //// DELETING ANY OLD BLOBS //if (contact.ImageUrl != null) //{ // var oldBlob = photoContainer.GetBlobReferenceFromServer(contact.ImageUrl); // oldBlob.Delete(); //} //////////////////////////// //contact.ImageUrl = url; contact.ImageUrl = newBlob.Name.ToString(); try { db.SaveChanges(); } catch (Exception ex) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "CannotSaveChanges!")); } } return(Request.CreateResponse(HttpStatusCode.OK)); }
public async Task <HttpResponseMessage> Post() { string shardKey = Sharding.FindShard(User); mpbdmContext <Guid> db = new mpbdmContext <Guid>(WebApiConfig.ShardingObj.ShardMap, new Guid(shardKey), WebApiConfig.ShardingObj.connstring); // Security issue check company var user = User as ServiceUser; Users userEntity = db.Set <Users>().Where(s => s.Id == user.Id).FirstOrDefault(); if (userEntity == null) { this.Request.CreateResponse(HttpStatusCode.BadRequest, "User doesnt't exist!"); } CloudStorageAccount acc = CloudStorageAccount.Parse(ConfigurationManager.ConnectionStrings["Azure"].ConnectionString); CloudBlobClient blobClient = acc.CreateCloudBlobClient(); CloudBlobContainer photoContainer = blobClient.GetContainerReference("images"); await photoContainer.CreateIfNotExistsAsync(); var provider = new AzureBlobMultipartFormDataStreamProvider(photoContainer); await this.Request.Content.ReadAsMultipartAsync(provider); foreach (var file in provider.FileData) { var blob = await photoContainer.GetBlobReferenceFromServerAsync(file.LocalFileName); var fileNameGuid = Guid.NewGuid().ToString(); ICloudBlob newBlob = null; if (blob is CloudBlockBlob) { newBlob = photoContainer.GetBlockBlobReference(fileNameGuid); } else { newBlob = photoContainer.GetPageBlobReference(fileNameGuid); } await newBlob.StartCopyFromBlobAsync(blob.Uri); blob.Delete(); await newBlob.FetchAttributesAsync(); string url = newBlob.Uri.ToString(); //// DELETING ANY OLD BLOBS //if (userEntity.ImageUrl != null) //{ // var oldBlob = photoContainer.GetBlobReferenceFromServer(userEntity.ImageUrl); // oldBlob.Delete(); //} //////////////////////////// // UPDATE imageUrl of user //userEntity.ImageUrl = url; userEntity.ImageUrl = newBlob.Name.ToString(); try { db.SaveChanges(); } catch (Exception ex) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "CannotSaveChanges!")); } } return(Request.CreateResponse(HttpStatusCode.OK)); }
public async Task <HttpResponseMessage> Post(string groupsId) { CloudStorageAccount acc = CloudStorageAccount.Parse(ConfigurationManager.ConnectionStrings["Azure"].ConnectionString); CloudBlobClient blobClient = acc.CreateCloudBlobClient(); CloudBlobContainer photoContainer = blobClient.GetContainerReference("temp"); await photoContainer.CreateIfNotExistsAsync(); var provider = new AzureBlobMultipartFormDataStreamProvider(photoContainer); await this.Request.Content.ReadAsMultipartAsync(provider); //var photos = new List<PhotoViewModel>(); foreach (var file in provider.FileData) { //the LocalFileName is going to be the absolute Uri of the blob (see GetStream) //use it to get the blob info to return to the client var blob = await photoContainer.GetBlobReferenceFromServerAsync(file.LocalFileName); await blob.FetchAttributesAsync(); string url = blob.Uri.ToString(); //provider.GetStream(this.RequestContext); //FileStream fs = new FileStream(); //blob.DownloadToStream(fs); //FileStream fs = new FileStream(url, FileMode.Open, FileAccess.Read); //HttpClient cl = new HttpClient(); Stream ss = new MemoryStream(); blob.DownloadToStream(ss); HSSFWorkbook templateWorkbook = new HSSFWorkbook(ss); HSSFSheet sheet = (HSSFSheet)templateWorkbook.GetSheet("Sheet1"); string shardKey = Sharding.FindShard(User); mpbdmContext <Guid> db = new mpbdmContext <Guid>(WebApiConfig.ShardingObj.ShardMap, new Guid(shardKey), WebApiConfig.ShardingObj.connstring); for (int i = 1; true; i++) { var row = sheet.GetRow(i); if (row == null) { break; } Contacts cont = new Contacts(); cont.FirstName = row.GetCell(0).RichStringCellValue.String; cont.LastName = row.GetCell(1).RichStringCellValue.String; cont.Email = row.GetCell(2).RichStringCellValue.String; cont.Phone = row.GetCell(3).NumericCellValue.ToString(); cont.GroupsID = (groupsId == "valueUndefined") ? row.GetCell(4).RichStringCellValue.String : groupsId; cont.Id = Guid.NewGuid().ToString(); cont.Deleted = false; cont.Visible = true; var chk = db.Set <Contacts>().Where(s => s.Email == cont.Email && s.LastName == cont.LastName && s.Groups.Companies.Id == shardKey).FirstOrDefault(); if (chk != null) { continue; } db.Set <Contacts>().Add(cont); } try { db.SaveChanges(); } catch (Exception ex) { return(Request.CreateResponse(HttpStatusCode.BadRequest, "Propably the Foreign Key GroupId is wrong on some of your Contacts!!! Make sure the groupId exists!")); } } return(Request.CreateResponse(HttpStatusCode.OK)); }
// POST api/CustomRegistration public HttpResponseMessage Post(RegistrationRequest registrationRequest) { if (!Regex.IsMatch(registrationRequest.email, "^([a-z.A-Z0-9]{1,})@([a-z]{2,}).[a-z]{2,}$")) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid email!")); } else if (registrationRequest.password.Length < 8) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid password (at least 8 chars required)")); } // MUST FIND COMPANY BY EMAIL // CREATE a MULTISHARD COMMAND // SEARCH BY EMAIL mpbdmContext <Guid> context = null; Guid shardKey; using (MultiShardConnection conn = new MultiShardConnection(WebApiConfig.ShardingObj.ShardMap.GetShards(), WebApiConfig.ShardingObj.connstring)) { using (MultiShardCommand cmd = conn.CreateCommand()) { // Get emailDomain char[] papaki = new char[1]; papaki[0] = '@'; // SQL INJECTION SECURITY ISSUE string emailDomain = registrationRequest.email.Split(papaki).Last(); // CHECK SCHEMA cmd.CommandText = "SELECT Id FROM [mpbdm].[Companies] WHERE Email LIKE '%" + emailDomain + "'"; cmd.CommandType = CommandType.Text; cmd.ExecutionOptions = MultiShardExecutionOptions.IncludeShardNameColumn; cmd.ExecutionPolicy = MultiShardExecutionPolicy.PartialResults; using (MultiShardDataReader sdr = cmd.ExecuteReader()) { bool res = sdr.Read(); if (res != false) { shardKey = new Guid(sdr.GetString(0)); } else { if (registrationRequest.CompanyName == null || registrationRequest.CompanyAddress == null) { return(this.Request.CreateResponse(HttpStatusCode.Forbidden, "Company under this email domain doesn't exist! To create a company with your registration please provide CompanyName and CompanyAddress parameters")); } Companies comp = new Companies(); comp.Id = Guid.NewGuid().ToString(); comp.Name = registrationRequest.CompanyName; comp.Address = registrationRequest.CompanyAddress; comp.Email = registrationRequest.email; comp.Deleted = false; // SHARDING Find where to save the new company Shard shard = WebApiConfig.ShardingObj.FindRoomForCompany(); WebApiConfig.ShardingObj.RegisterNewShard(shard.Location.Database, comp.Id); //Connect to the db registered above shardKey = new Guid(comp.Id); context = new mpbdmContext <Guid>(WebApiConfig.ShardingObj.ShardMap, shardKey, WebApiConfig.ShardingObj.connstring); // Add to the db context.Companies.Add(comp); context.SaveChanges(); } } } } ////////////////////////////////////////////////////////////////////// // MUST RECHECK CORRECT DB!!!!!!!!!!! if (context == null) { context = new mpbdmContext <Guid>(WebApiConfig.ShardingObj.ShardMap, shardKey, WebApiConfig.ShardingObj.connstring); } Account account = null; var aa = context.Set <Account>(); var bb = aa.Where(a => a.User.Email == registrationRequest.email); account = bb.FirstOrDefault(); if (account != null) { return(this.Request.CreateResponse(HttpStatusCode.BadRequest, "Email already exists")); } else { byte[] salt = CustomLoginProviderUtils.generateSalt(); string compId = shardKey.ToString(); Users newUser = new Users { Id = CustomLoginProvider.ProviderName + ":" + registrationRequest.email, CompaniesID = compId, FirstName = registrationRequest.firstName, LastName = registrationRequest.lastName, Email = registrationRequest.email }; Account newAccount = new Account { Id = Guid.NewGuid().ToString(), //Username = registrationRequest.username, Salt = salt, SaltedAndHashedPassword = CustomLoginProviderUtils.hash(registrationRequest.password, salt), User = newUser }; context.Users.Add(newUser); context.Accounts.Add(newAccount); try { context.SaveChanges(); } catch (Exception ex) { var a = ex.InnerException; } return(this.Request.CreateResponse(HttpStatusCode.Created)); } }