public async Task <HttpResponseMessage> DeleteUserAppUser(dynamic data)
{
int userId = data.userId;
int appId = data.appId;
using (var userapps = new userappsEntities())
{
try
{
userapps.ChangeTracker.DetectChanges();
var appUser = userapps.appusers.Where(usra => usra.appid == appId && usra.appid == appId).FirstOrDefault();
if (appUser != null)
{
userapps.appusers.Remove(appUser);
await userapps.SaveChangesAsync();
}
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
String.Format("Database error. Exception:{1}", ex.Message)));
}
}
return(Request.CreateResponse <string>(HttpStatusCode.OK, "App user deleted successfully."));
}
public async Task <HttpResponseMessage> SingleUserApp(dynamic data)
{
string appName = data.appName;
if (String.IsNullOrEmpty(appName))
{
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Please supply a valid user application name.s"));
}
return(await Task <HttpResponseMessage> .Run(() =>
{
using (var userApps = new userappsEntities())
{
var sysApp = userApps.apps.Where(a => a.appname.ToLower().Equals(appName.ToLower())).FirstOrDefault();
if (sysApp != null)
{
return Request.CreateResponse <app>(sysApp);
}
else
{
return Request.CreateResponse(HttpStatusCode.OK, "No such user app available.");
}
}
}));
}
public async Task <HttpResponseMessage> RemoveOtpUser(dynamic authData)
{
if (ReferenceEquals(null, authData.userId) || Equals(0, authData.userId))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"The userId value cannot be null or zero."));
}
if (ReferenceEquals(null, authData.appId) || Equals(0, authData.appId))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"The appId value cannot be null or zero."));
}
Logging.Logger logger = new Logging.Logger(LogName);
try
{
int userId = authData.userId;
int appId = authData.appId;
using (var userApps = new userappsEntities())
{
userApps.ChangeTracker.DetectChanges();
var user = userApps.OTPUsers.Where(otpu => otpu.appid == appId &&
otpu.userid == userId).FirstOrDefault();
if (user != null)
{
userApps.OTPUsers.Remove(user);
await userApps.SaveChangesAsync();
var value = new { Message = "Otp user successfully removed", UserId = userId, AppId = appId };
var ser = await JsonConvert.SerializeObjectAsync(value);
await logger.StoreNewLogMessage(new Logging.Message(String.Format("REMOVETOPUSERSUCCESS {0} for appId {1} generated."
, userId, appId), LogName));
return(Request.CreateResponse <string>(ser));
}
else
{
var value = new { Message = "Otp user does not exist.", UserId = userId, AppId = appId };
var ser = await JsonConvert.SerializeObjectAsync(value);
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "RemoveOtpUser", "OTP User does not exist."), LogName)).Wait();
return(Request.CreateResponse <string>(ser));
}
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "RemoveOtpUser", ex.ToString()), LogName)).Wait();
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError,
"Database Error"));
}
}
public async Task <HttpResponseMessage> AddExternalUser(dynamic data)
{
int appId = data.appId;
string password = data.password;
string userName = data.userName;
#region checkParameters
if (appId <= 0)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Application id cannot be 0 or negative."));
}
if (string.IsNullOrEmpty(userName))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Username cannot be null or empty."));
}
if (string.IsNullOrEmpty(password))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Password cannot be null or empty."));
}
#endregion
//Generate authentication data
UserAppAuthenticationManager authManger = new Security.UserAppAuthenticationManager();
using (var userApps = new userappsEntities())
{
userApps.ChangeTracker.DetectChanges();
try
{
var userExists = userApps.users.Any(uau => uau.username.ToLower().Equals(userName.ToLower()) && uau.appid == appId);
if (userExists)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User already exists."));
}
var pwd = await authManger.GeneratePasswordSalt(userName, password);
var user = new user()
{
username = userName, password = pwd, appid = appId
};
userApps.users.Add(user);
await userApps.SaveChangesAsync();
return(Request.CreateResponse <user>(user));
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.ToString()));
}
}
}
public async Task <bool> PostDeActiviatePromoCode(dynamic data)
{
if (data == null)
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
using (userappsEntities ctx = new userappsEntities())
{
try
{
ctx.ChangeTracker.DetectChanges();
var userId = (string)data.userId;
var promoCode = (string)data.promoCode;
var code = ctx.promotioncodes.Where(x => x.promocode.Equals(promoCode) && x.userid == userId).FirstOrDefault();
if (code == null)
{
return(false);
}
code.IsActive = false;
await ctx.SaveChangesAsync();
return(true);
}
catch (Exception ex)
{
return(false);
}
}
}
/// <summary>
/// Sets the otp counter valid.
/// </summary>
/// <param name="userId">The user identifier.</param>
/// <param name="appId">The application identifier.</param>
/// <returns></returns>
private async Task <bool> SetOtpCounterValid(int userId, int appId, long counter)
{
Logging.Logger logger = new Logging.Logger(LogName);
using (var userApps = new userappsEntities())
{
userApps.ChangeTracker.DetectChanges();
var otpData = userApps.OTPUsers.Where(usrOtp => usrOtp.userid == userId && usrOtp.appid == appId).FirstOrDefault();
if (otpData != null)
{
otpData.seqvalid = true;
otpData.otpcounter = counter;
otpData.otpcreated = DateTime.UtcNow;
await userApps.SaveChangesAsync();
return(true);
}
else
{
return(false);
}
}
}
public async Task <systemappuser> GetSystemAppUserApiKeys(IncomingData appData)
{
int userId = appData.systemuserid;
int sysappid = appData.appid;
if (userId == 0 || userId <= 0)
{
throw new ArgumentException("You have to pass a systemapp id.", "sysappid");
}
if (sysappid == null || sysappid <= 0)
{
throw new ArgumentException("You have to pass a a valid username", "userId");
}
return(await Task.Run <systemappuser>(() =>
{
try
{
using (var systemapps = new userappsEntities())
{
using (var system = new Model.exgripEntities())
{
var user = system.UserProfiles.Where(u => u.UserId == userId).FirstOrDefault();
var sysApp = systemapps.systemapps.Where(app => app.id == sysappid).FirstOrDefault();
if ((user != null) && (sysApp != null))
{
var systemAppUser = systemapps.systemappusers.Where(sysusr => sysusr.appid == sysappid && sysusr.systemuserid == userId).FirstOrDefault();
if (systemAppUser != null)
{
return new systemappuser()
{
apptoken = systemAppUser.apptoken, appSecret = systemAppUser.appSecret
};
}
else
{
return null;
}
}
else
{
return null;
}
}
}
}
catch (Exception ex)
{
throw new HttpResponseException(HttpStatusCode.InternalServerError);
}
}));
}
public HttpResponseMessage ListAllUserApps(dynamic data)
{
string userName = data.userName;
if (String.IsNullOrEmpty(userName))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Username cannot be null. Please supply a username."));
}
using (var userApps = new userappsEntities())
{
using (var system = new exgripEntities())
{
if (!String.IsNullOrEmpty(userName))
{
var currentUser = system.UserProfiles.Where(usr => usr.UserName.ToLower().Equals(
userName.ToLower())).FirstOrDefault();
if (currentUser == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User does not exist."));
}
else
{
var appsByUser = userApps.apps.Where(app => app.systemuserid == currentUser.UserId);
if (appsByUser == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User has no apps."));
}
else
{
if (appsByUser.Count() >= 1)
{
return(Request.CreateResponse <List <app> >(appsByUser.ToList()));
}
else
{
var usrApp = appsByUser.FirstOrDefault();
if (usrApp == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User has no apps so far."));
}
return(Request.CreateResponse <app>(usrApp));
}
}
}
}
}
}
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "No userapps available"));
}
/// <summary>
/// Validates the system application token.
/// </summary>
/// <param name="token">The token.</param>
/// <param name="secret">The secret.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentException">
/// Username cannot be null or empty.;username
/// or
/// Password cannot be null or empty.;password
/// </exception>
public async Task <bool> ValidateSystemAppToken(string token, string secret)
{
#region CheckParameters
if (String.IsNullOrEmpty(token))
{
throw new ArgumentException("Token cannot be null or empty.", "token");
}
if (String.IsNullOrEmpty(secret))
{
throw new ArgumentException("Secret cannot be null or empty", "secret");
}
#endregion
var tokenValue = await DecryptTokenSystemApp(token, secret);
TaskCompletionSource <bool> tks = new TaskCompletionSource <bool> ();
if (!String.IsNullOrEmpty(tokenValue))
{
var values = tokenValue.Split(new string[] { ";#;" }, StringSplitOptions.RemoveEmptyEntries);
if (values == null)
{
tks.SetResult(false);
}
else
{
if (values.Count() > 1)
{
using (var sysUsers = new userappsEntities())
{
var userName = sysUsers.systemappusers.Where(sau => sau.apptoken.Equals(token) &&
sau.appSecret.Equals(secret)).FirstOrDefault();
if (!(userName == null))
{
tks.SetResult(true);
}
else
{
tks.SetResult(false);
}
}
}
}
}
else
{
tks.SetResult(false);
}
return(tks.Task.Result);
}
public async Task <HttpResponseMessage> RemoveExternalUser(dynamic data)
{
int userId = data.userId;
string extUserName = data.extUserName;
int appId = data.appId;
#region checkParameters
if (userId <= 0)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "External User id cannot be 0 or negative."));
}
if (appId <= 0)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User app id cannot be 0 or negative."));
}
if (string.IsNullOrEmpty(extUserName))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "External Username cannot be null or empty."));
}
#endregion
//Generate authentication data
UserAppAuthenticationManager authManger = new Security.UserAppAuthenticationManager();
using (var userApps = new userappsEntities())
{
userApps.ChangeTracker.DetectChanges();
try
{
var extUser = userApps.users.Where(uau => uau.iduser ==
userId && uau.username.ToLower().Equals(extUserName.ToLower()) && uau.appid == appId).FirstOrDefault();
if (extUser != null)
{
userApps.users.Remove(extUser);
await userApps.SaveChangesAsync();
return(Request.CreateResponse <user>(extUser));
}
else
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "External App user does not exist"));
}
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.ToString()));
}
}
}
public async Task <HttpResponseMessage> DeleteUserApp(int appId)
{
if (appId <= 0)
{
throw new ArgumentException("Application id cannot be 0 or negative.", "appId");
}
using (var userapps = new userappsEntities())
{
userapps.ChangeTracker.DetectChanges();
var userApp = userapps.apps.Where(app => app.idapps == appId).FirstOrDefault();
if (userApp == null)
{
Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Application id is invalid.");
}
else
{
//First delete all connections between apps and app users
var appUsers = userapps.users.Where(aus => aus.appid == userApp.idapps);
try
{
if (appUsers != null)
{
if (appUsers.Count() > 0)
{
foreach (var appUsr in appUsers)
{
userapps.users.Remove(appUsr);
await userapps.SaveChangesAsync();
}
}
}
var userapp = userapps.appusers.Where(ua => ua.appid == userApp.idapps).FirstOrDefault();
if (userapp != null)
{
userapps.appusers.Remove(userapp);
await userapps.SaveChangesAsync();
}
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
String.Format("Database error. Exception:{1}", ex.Message)));
}
}
}
return(Request.CreateResponse <string>(HttpStatusCode.OK,
"User Appplication was deleted successfully."));
}
private Task <string> DecryptTokenSystemApp(string token, string secret)
{
#region CheckParameters
if (String.IsNullOrEmpty(token))
{
throw new ArgumentException("Username cannot be null or empty.", "username");
}
if (String.IsNullOrEmpty(secret))
{
throw new ArgumentException("Password cannot be null or empty.", "password");
}
#endregion
systemappuser encryptedSoup;
using (var userapps = new userappsEntities())
{
encryptedSoup = userapps.systemappusers.Where(uapp => uapp.appSecret.Equals(
secret) &&
uapp.apptoken.Equals(token)
).FirstOrDefault();
}
TaskCompletionSource <string> tks = new TaskCompletionSource <string> ();
if (encryptedSoup == null)
{
tks.SetResult(string.Empty);
return(tks.Task);
}
var privTest = new
System.Security.Cryptography.X509Certificates.X509Certificate2(
@"Certificates\private_key.pfx", "01fjsjgSzn6V2iMMpDPO");
RSACryptoServiceProvider cryptoProvidor2 = ( RSACryptoServiceProvider )
privTest.PrivateKey;
byte[] decryptedTokenBytes = cryptoProvidor2.Decrypt(
Convert.FromBase64String(encryptedSoup.securitySoup), true);
var decrypt = Encoding.UTF8.GetString(decryptedTokenBytes);
if (decrypt != null)
{
tks.SetResult(decrypt);
return(tks.Task);
}
else
{
tks.SetResult(string.Empty);
return(tks.Task);
}
}
private Task <bool> ValidateAppUser(int appId, int systemUserId)
{
#region CheckParameters
if (appId <= 0)
{
throw new ArgumentException("Application id cannot be zero or negative", "appId");
}
if (systemUserId <= 0)
{
throw new ArgumentException("User id cannot be zero or negative.", "systemUserId");
}
#endregion
TaskCompletionSource <bool> tks = new TaskCompletionSource <bool> ();
using (var userapps = new userappsEntities())
{
userapps.ChangeTracker.DetectChanges();
using (var sysUsers = new exgripEntities())
{
sysUsers.ChangeTracker.DetectChanges();
var sysUser = sysUsers.UserProfiles.Where(usr => usr.UserId == systemUserId).FirstOrDefault();
if (sysUser == null)
{
tks.SetResult(false);
}
else
{
var sysApp = userapps.systemapps.Where(sa => sa.id == appId).FirstOrDefault();
if (sysApp == null)
{
tks.SetResult(false);
}
else
{
var sysAppUsr = userapps.systemappusers.Any(sau => sau.appid == sysApp.id &&
sau.systemuserid == sysUser.UserId);
tks.SetResult(sysAppUsr);
}
}
}
}
return(tks.Task);
}
public HttpResponseMessage ListAllSystemApps()
{
using (var userApps = new userappsEntities())
{
var sysApps = userApps.systemapps.ToList();
if (sysApps != null)
{
if (sysApps.Count > 0)
{
return(Request.CreateResponse <List <systemapp> >(sysApps));
}
}
return(Request.CreateResponse(HttpStatusCode.OK, "No system apps could be found."));
}
}
public async Task <HttpResponseMessage> GenerateNewSecret(int userId, int appId)
{
Logging.Logger logger = new Logging.Logger(LogName);
try
{
using (var userApps = new userappsEntities())
{
userApps.ChangeTracker.DetectChanges();
var otpUser = userApps.OTPUsers.Where(otpu => otpu.appid == appId &&
otpu.userid == userId).FirstOrDefault();
if (otpUser != null)
{
byte[] secret;
OTP.Helper.RandomHelper.GenerateRandomByteArray(20, out secret);
var serialized = await JsonConvert.SerializeObjectAsync(secret);
otpUser.secret = serialized;
await userApps.SaveChangesAsync();
await logger.StoreNewLogMessage(new Logging.Message(String.Format("SECRETSUCCESS {0} for appId {1} generated."
, userId, appId), LogName));
return(Request.CreateResponse <string>(serialized));
}
else
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("SECRETGENERROR {0} for appId {1}"
, userId, appId), LogName));
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"Application user has no OTP access"));
}
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "GenereteNewSecret", ex.ToString()), LogName)).Wait();
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError,
"Database Error"));
}
}
/// <summary>
/// Validates the application user.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="password">The password.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentException">
/// Username cannot be null or empty.;username
/// or
/// Password cannot be null or empty.;password
/// </exception>
private Task <bool> ValidateAppUser(string username, string password, string passwordOrig)
{
#region CheckParameters
if (String.IsNullOrEmpty(username))
{
throw new ArgumentException("Username cannot be null or empty.", "username");
}
if (String.IsNullOrEmpty(password))
{
throw new ArgumentException("Password cannot be null or empty.", "password");
}
#endregion
TaskCompletionSource <bool> tks = new TaskCompletionSource <bool> ();
using (var sysUser = new exgripEntities())
{
var user = sysUser.UserProfiles.Where(u => u.UserName.ToUpper().Equals(
username.ToUpper())
).FirstOrDefault();
if (user == null)
{
tks.SetResult(false);
}
else
{
using (var userapps = new userappsEntities())
{
var appUserExists = userapps.apps.Any(ua => ua.systemuserid == user.UserId);
if (appUserExists)
{
tks.SetResult(true);
}
else
{
tks.SetResult(false);
}
}
}
}
return(tks.Task);
}
public async Task <HttpResponseMessage> CreateUserApp(dynamic data)
{
int systemuserid = data.systemuserid;
string appName = data.appName;
app newApp = null;
using (var uapps = new userappsEntities())
{
using (var sysuser = new exgripEntities())
{
if (sysuser.UserProfiles.Any(u => u.UserId == systemuserid))
{
if (!uapps.apps.Any(a => a.appname.ToLower().Equals(appName.ToLower())))
{
try
{
uapps.ChangeTracker.DetectChanges();
newApp = new app()
{
appname = appName, systemuserid = systemuserid
};
uapps.apps.Add(newApp);
await uapps.SaveChangesAsync();
}
catch (Exception ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.ToString()));
}
}
}
else
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Systemuser does not exist"));
}
}
}
return(Request.CreateResponse <app>(newApp));
}
/// <summary>
/// Updates the server counter.
/// </summary>
/// <param name="value">The value.</param>
/// <param name="userId">The user identifier.</param>
/// <param name="appId">The application identifier.</param>
/// <returns></returns>
private async Task <bool> UpdateServerCounter(long value, int userId, int appId)
{
Logging.Logger logger = new Logging.Logger(LogName);
try
{
using (var userApps = new userappsEntities())
{
userApps.ChangeTracker.DetectChanges();
var counter = userApps.OTPUsers.Where(otp => otp.appid == appId &&
otp.userid == userId).FirstOrDefault();
if (counter != null)
{
counter.otpcounter = value - 1;
counter.otpcreated = DateTime.UtcNow;
await userApps.SaveChangesAsync();
await logger.StoreNewLogMessage(new Logging.Message(
String.Format("SUCESS. COUNTER UPDATE ON SERVER. User:{0}, App:{1}", userId, appId),
LogName));
return(true);
}
else
{
return(false);
}
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(
String.Format("Error during UpdateCounter. User:{0}, App:{1}, Error:{2}",
userId, appId, ex.ToString()), LogName)).Wait();
return(false);
}
}
/// <summary>
/// Sets the otp counter invalid.
/// </summary>
/// <param name="userId">The user identifier.</param>
/// <param name="appId">The application identifier.</param>
/// <returns></returns>
private async Task <bool> SetOtpCounterInvalid(int userId, int appId)
{
Logging.Logger logger = new Logging.Logger(LogName);
try
{
using (var userApps = new userappsEntities())
{
userApps.ChangeTracker.DetectChanges();
var otpData = userApps.OTPUsers.Where(usrOtp => usrOtp.userid == userId && usrOtp.appid == appId).FirstOrDefault();
if (otpData != null)
{
otpData.seqvalid = false;
otpData.otpcreated = DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(20));
await userApps.SaveChangesAsync();
await logger.StoreNewLogMessage(new Logging.Message(String.Format("SETOTPCOUNTERINVALIDSUCCESS by user {0} for appId {1}"
, userId, appId), LogName));
return(true);
}
else
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("SETOTPCOUNTERINVALIDERROR by user {0} for appId {1}"
, userId, appId), LogName));
return(false);
}
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "SetOtpCounterInvalid", ex.ToString()), LogName)).Wait();
return(false);
}
}
public async Task <HttpResponseMessage> ListSystemApp(dynamic appValue)
{
var appName = (string)appValue;
return(await Task <HttpResponseMessage> .Run(() =>
{
using (var userApps = new userappsEntities())
{
var sysApp = userApps.systemapps.Where(a => a.appname.ToLower().Equals(appName.ToLower())).FirstOrDefault();
if (sysApp != null)
{
return Request.CreateResponse <systemapp>(sysApp);
}
else
{
return Request.CreateResponse(HttpStatusCode.OK, "No such system app available.");
}
}
}));
}
/// <summary>
/// Gets the database otp counter value.
/// </summary>
/// <param name="userId">The user identifier.</param>
/// <param name="appId">The application identifier.</param>
/// <returns></returns>
private async Task <long> GetDbOtpCounterValue(int userId, int appId)
{
return(await Task.Run <long> (() =>
{
Logging.Logger logger = new Logging.Logger(LogName);
try
{
using (var userApps = new userappsEntities())
{
var counter = userApps.OTPUsers.Where(otp => otp.appid == appId &&
otp.userid == userId).FirstOrDefault();
if (counter != null)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("GETDBCOUNTERVALUESUCCESS by user {0} for appId {1}"
, userId, appId), LogName)).Wait();
return counter.otpcounter;
}
else
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("GETDBCOUNTERVALUEERROR by user {0} for appId {1} Error:{2}"
, userId, appId, "user not found"), LogName)).Wait();
return -1;
}
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "GetDBOtpCounter", ex.ToString()), LogName)).Wait();
return -1;
}
}));
}
/// <summary>
/// Gets the current user otp secret.
/// </summary>
/// <param name="userId">The user identifier.</param>
/// <param name="appId">The application identifier.</param>
/// <returns></returns>
private async Task <byte[]> GetCurrentUserOtpSecret(int userId, int appId)
{
return(await Task.Run <byte[]> (() =>
{
using (var userApps = new userappsEntities())
{
Logging.Logger logger = new Logging.Logger(LogName);
try
{
var counter = userApps.OTPUsers.Where(otp => otp.appid == appId &&
otp.userid == userId).FirstOrDefault();
if (counter != null)
{
var secretBytes = JsonConvert.DeserializeObject <byte[]>(counter.secret);
logger.StoreNewLogMessage(new Logging.Message(String.Format("GETCURRENTUSERTOPSECRETSUCCESS by user {0} for appId {1}"
, userId, appId), LogName)).Wait();
return secretBytes;
}
else
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("GETCURRENTUSERTOPSECRETERROR by user {0} for appId {1} Error {2}"
, userId, appId, "User not found"), LogName)).Wait();
return null;
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "GetCurrentUserOtpSecret", ex.ToString()), LogName)).Wait();
return null;
}
}
}));
}
public async Task <HttpResponseMessage> AddUserAppUser(dynamic data)
{
using (var userapps = new userappsEntities())
{
//Generate authentication data
UserAppAuthenticationManager authManger = new Security.UserAppAuthenticationManager();
int systemuserid = data.systemuserid;
int appid = data.appId;
var user = await authManger.IssueToken(systemuserid, appid);
if (user != null)
{
return(Request.CreateResponse(HttpStatusCode.OK, user));
}
else
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
String.Format("Database error. Could not create application user.")));
}
}
}
public async Task <bool> PostCreateNewStack(dynamic data)
{
const string APP_KEY = "X-AppKey";
const string APP_SECRET = "X-Token";
systemappuser user = null;
UserProfile profile = null;
if (Request.Headers.Contains(APP_KEY) && Request.Headers.Contains(APP_SECRET))
{
string appKey = Request.Headers.GetValues(APP_KEY).First();
string appSecret = Request.Headers.GetValues(APP_SECRET).First();
using (var sysapps = new userappsEntities())
{
user = sysapps.systemappusers.Where(usr => usr.appSecret.Equals(appSecret) && usr.apptoken.Equals(appKey)).FirstOrDefault();
if (user == null)
{
return(false);
}
else
{
using (var exgrip = new exgripEntities())
{
profile = exgrip.UserProfiles.Where(up => up.UserId == user.systemuserid).FirstOrDefault();
if (profile == null)
{
return(false);
}
}
}
}
}
else
{
return(false);
}
int betaCount = 500;
WordGenerator gen = new WordGenerator();
var timeZone = (string)data.timeZone;
var dateString = (string)data.dateString;
var dateStringFrom = (string)data.dateStringFrom;
var codeLink = (string)data.codeLink;
var userId = profile.AlternateUserId;
var count = (int)data.count;
DateTime outDate;
var parseResult = DateTime.TryParse(dateString, out outDate);
if (!parseResult)
{
return(false);
}
DateTime outDate2;
var parseResult2 = DateTime.TryParse(dateStringFrom, out outDate2);
if (!parseResult2)
{
return(false);
}
if (count > betaCount)
{
return(false);
}
using (userappsEntities ctx = new userappsEntities())
{
try
{
var customerTime = TimeZoneInfo.ConvertTime(new DateTime(outDate.Year, outDate.Month, outDate.Day, outDate.Hour, outDate.Minute, outDate.Second),
DateHelpers.GetTimeZoneInfoForTzdbId(timeZone),
DateHelpers.GetTimeZoneInfoForTzdbId(timeZone));
var customerTime2 = TimeZoneInfo.ConvertTime(new DateTime(outDate2.Year, outDate2.Month, outDate2.Day, outDate2.Hour, outDate2.Minute, outDate2.Second),
DateHelpers.GetTimeZoneInfoForTzdbId(timeZone),
DateHelpers.GetTimeZoneInfoForTzdbId(timeZone));
if ((customerTime2.Ticks > customerTime.Ticks))
{
return(false);
}
var reedemedVouchers = ctx.promotioncodes.Where(x => x.userid == userId && x.redeemed == true && x.ismulticode == false).ToList();
var allOnetimes = ctx.promotioncodes.Where(x => x.userid == userId && x.ismulticode == false).ToList();
if ((count + allOnetimes.Count()) > betaCount)
{
throw new HttpResponseException(System.Net.HttpStatusCode.BadRequest);
}
if ((allOnetimes.Count() == betaCount) && (reedemedVouchers.Count < betaCount) && (reedemedVouchers.Count != 0))
{
return(false);
}
else
{
ctx.Configuration.AutoDetectChangesEnabled = false;
ctx.Configuration.ValidateOnSaveEnabled = false;
for (int i = 1; i <= count; i++)
{
var word = gen.RandomString(7);
promotioncode code = new promotioncode();
code.created = TimeZoneInfo.ConvertTimeFromUtc(DateTime.UtcNow, DateHelpers.GetTimeZoneInfoForTzdbId(timeZone));
code.validfrom = customerTime2;
code.validuntil = customerTime;
code.redeemed = false;
code.promocode = word;
code.userid = userId;
code.ismulticode = false;
code.timezone = timeZone;
code.GetCodeLink = codeLink;
code.IsActive = true;
ctx.promotioncodes.Add(code);
}
await ctx.SaveChangesAsync();
return(true);
}
}
catch (Exception ex)
{
return(false);
}
}
}
public async Task <bool> PostActivatePromoCode(dynamic data)
{
if (data == null)
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
using (userappsEntities ctx = new userappsEntities())
{
ctx.ChangeTracker.DetectChanges();
ctx.Configuration.AutoDetectChangesEnabled = true;
ctx.Configuration.LazyLoadingEnabled = false;
try
{
var userId = (string)data.userId;
var promoCode = (string)data.promoCode;
var code = ctx.promotioncodes.Where(x => x.promocode.Equals(promoCode) && x.userid == userId).FirstOrDefault();
if (code == null)
{
return(false);
}
var customerTimeZone = DateHelpers.GetTimeZoneInfoForTzdbId(code.timezone);
var validFrom = TimeZoneInfo.ConvertTime(new DateTime(code.validfrom.Value.Year, code.validfrom.Value.Month, code.validfrom.Value.Day,
code.validfrom.Value.Hour, code.validfrom.Value.Minute, code.validfrom.Value.Second),
customerTimeZone,
customerTimeZone);
var validTo = TimeZoneInfo.ConvertTime(new DateTime(code.validuntil.Value.Year, code.validuntil.Value.Month, code.validuntil.Value.Day, code.validuntil.Value.Hour,
code.validuntil.Value.Minute, code.validuntil.Value.Second),
customerTimeZone,
customerTimeZone);
if ((validFrom <= validTo) && (validTo > (DateTime.UtcNow + customerTimeZone.GetUtcOffset(validTo))))
{
if (code.redeemed.HasValue)
{
if (code.redeemed.Value)
{
code.IsActive = false;
await ctx.SaveChangesAsync();
return(true);
}
}
code.IsActive = true;
await ctx.SaveChangesAsync();
}
else
{
return(false);
}
return(true);
}
catch (Exception ex)
{
return(false);
}
}
}
public async Task <HttpResponseMessage> LoginUser(dynamic data)
{
Logging.Logger logger = new Logging.Logger(LogName);
//Generate authentication data
UserAppAuthenticationManager authManger = new Security.UserAppAuthenticationManager();
using (var userApps = new userappsEntities())
{
userApps.ChangeTracker.DetectChanges();
try
{
int appId = data.appId;
string password = data.password;
string userName = data.userName;
#region checkParameters
if (appId <= 0)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Application id cannot be 0 or negative."));
}
if (string.IsNullOrEmpty(userName))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Username cannot be null or empty."));
}
if (string.IsNullOrEmpty(password))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Password cannot be null or empty."));
}
#endregion
var userAppUser = userApps.users.Where(uau => uau.username.ToLower().Equals(userName.ToLower()) && uau.appid == appId).FirstOrDefault();
if (userAppUser != null)
{
// var userHashValue = String.Format("{0}{1}",userName,DateTime.Now.ToLongDateString());
var pwdMatch = authManger.DoesPasswordMatch(userAppUser.password, password);
if (pwdMatch)
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("UAPPLOGINSUCCESS for user {0}."
, userName), LogName));
var Message = new LoginStatus()
{
Message = "SUCCESS"
};
return(Request.CreateResponse(HttpStatusCode.OK, Message, Configuration.Formatters.JsonFormatter));
}
else
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("UAPPLOGINERRO for user {0} Message: {1}."
, userName, "Wrong login data."), LogName));
var Message = new LoginStatus()
{
Message = "FAILURE"
};
return(Request.CreateResponse(HttpStatusCode.OK, Message, Configuration.Formatters.JsonFormatter));
}
}
else
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("UAPPLOGINERRO for user {0} Message: {1}."
, userName, "No such app user."), LogName));
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User does not exist."));
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "LoginUserApp", ex.ToString()), LogName)).Wait();
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.ToString()));
}
}
}
/// <summary>
/// Issues the token.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="password">The password.</param>
/// <param name="systemuserid">The systemuserid.</param>
/// <param name="appId">The application identifier.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentException">
/// Username cannot be null or empty.;username
/// or
/// Password cannot be null or empty.;password
/// or
/// Userid cannot be zero or negative.;systemuserid
/// or
/// Appid cannot be zero or negative.;appId
/// </exception>
public async Task <User> IssueToken(int systemuserid, int appId)
{
#region CheckParameters
//if ( String.IsNullOrEmpty ( username ) )
//{
// throw new ArgumentException ( "Username cannot be null or empty.", "username" );
//}
//if ( String.IsNullOrEmpty ( password ) )
//{
// throw new ArgumentException ( "Password cannot be null or empty.", "password" );
//}
if (systemuserid <= 0)
{
throw new ArgumentException("Userid cannot be zero or negative.", "systemuserid");
}
if (appId <= 0)
{
throw new ArgumentException("Appid cannot be zero or negative.", "appId");
}
#endregion
TaskCompletionSource <User> tks = new TaskCompletionSource <User> ();
using (var userapps = new userappsEntities())
{
using (var sysuser = new exgripEntities())
{
userapps.ChangeTracker.DetectChanges();
//Check if app exeists
var currentApp = userapps.apps.Where(a => a.idapps == appId &&
a.systemuserid == systemuserid).FirstOrDefault();
var currentUser = sysuser.UserProfiles.Where(usr => usr.UserId ==
systemuserid).FirstOrDefault();
var password = Membership.GeneratePassword(15, 5);
if (currentUser == null)
{
tks.SetResult(null);
return(tks.Task.Result);
}
if (currentApp != null)
{
var encrptedPassword = await GeneratePasswordSalt(currentUser.UserName, password);
var user = await EncryptToken(currentUser.UserName, encrptedPassword, password, true);
userapps.appusers.Add(new appuser()
{
appSecret = user.Secret,
apptoken = user.Token,
appid = currentApp.idapps,
securitySoup = user.SecSoup
});
try
{
await userapps.SaveChangesAsync();
}
catch (Exception ex)
{
}
tks.SetResult(user);
}
else
{
try
{
var encrptedPassword = await GeneratePasswordSalt(currentUser.UserName, password);
var user = await EncryptToken(currentUser.UserName, encrptedPassword, password);
//Update existing user
var existingUser = userapps.appusers.Where(ua => ua.appid ==
currentApp.idapps).FirstOrDefault();
existingUser.appSecret = user.Secret;
existingUser.apptoken = user.Token;
existingUser.securitySoup = user.SecSoup;
await userapps.SaveChangesAsync();
tks.SetResult(user);
}
catch (Exception ex)
{
throw;
}
}
}
}
return(tks.Task.Result);
}
/// <summary>
/// Determines whether [is current otp valid] [the specified user id].
/// </summary>
/// <param name="userId">The user id.</param>
/// <param name="appId">The app id.</param>
/// <returns></returns>
private async Task <OtpCheckData> IsCurrentOtpValid(int userId, int appId)
{
Logging.Logger logger = new Logging.Logger(LogName);
try
{
using (var userApps = new userappsEntities())
{
var counter = userApps.OTPUsers.Where(otp => otp.appid == appId &&
otp.userid == userId).FirstOrDefault();
if (counter == null)
{
return(new OtpCheckData()
{
QuerySuccess = false, SeqValid = false
});
}
TimeSpan result = DateTime.UtcNow - counter.otpcreated;
var secret = await GetCurrentUserOtpSecret(userId, appId);
var otpAlgo = new Core.Crypto.OTPAlgo((ulong)counter.otpcounter, secret);
var currentOtp = otpAlgo.GetCurrentOTP();
if (counter != null)
{
if (result.TotalMinutes > TimeDiffAllowed)
{
await logger.StoreNewLogMessage(new Logging.Message(
String.Format("OTPCHECKSUCCES by user {0} for appId {1} for counter {2}"
, userId, appId, "counter invalid"), LogName));
return(new OtpCheckData()
{
QuerySuccess = true,
SeqValid = false,
CurrentOtp = currentOtp,
PassedTime = result.TotalMinutes
});
}
else
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("OTPCHECKSUCCES by user {0} for appId {1} for counter {2}"
, userId, appId, "valid"), LogName));
return(new OtpCheckData()
{
QuerySuccess = true,
SeqValid = true,
CurrentOtp = currentOtp,
PassedTime = result.TotalMinutes
});
}
}
else
{
await logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "GetCurrentTopServer", "Counter not found"), LogName));
return(new OtpCheckData()
{
QuerySuccess = false, SeqValid = false
});
}
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "IsCurrentOtpValid", ex.ToString()), LogName)).Wait();
return(new OtpCheckData()
{
QuerySuccess = false,
SeqValid = false,
CurrentOtp = string.Empty,
PassedTime = 0
});
}
}
public async Task <bool> PostCreateNewMultiUserCode(dynamic data)
{
const string APP_KEY = "X-AppKey";
const string APP_SECRET = "X-Token";
systemappuser user = null;
UserProfile profile = null;
if (Request.Headers.Contains(APP_KEY) && Request.Headers.Contains(APP_SECRET))
{
string appKey = Request.Headers.GetValues(APP_KEY).First();
string appSecret = Request.Headers.GetValues(APP_SECRET).First();
using (var sysapps = new userappsEntities())
{
user = sysapps.systemappusers.Where(usr => usr.appSecret.Equals(appSecret) && usr.apptoken.Equals(appKey)).FirstOrDefault();
if (user == null)
{
return(false);
}
else
{
using (var exgrip = new exgripEntities())
{
profile = exgrip.UserProfiles.Where(up => up.UserId == user.systemuserid).FirstOrDefault();
if (profile == null)
{
return(false);
}
}
}
}
}
else
{
return(false);
}
WordGenerator gen = new WordGenerator();
var userId = profile.AlternateUserId;
var timeZone = (string)data.timeZone;
var amountOfUsers = (int)data.count;
var dateString = (string)data.dateString;
var dateStringFrom = (string)data.dateStringFrom;
var codeLink = (string)data.codeLink;
var count = (int)data.count;
int betacount = 200;
if (string.IsNullOrEmpty(userId) || string.IsNullOrWhiteSpace(userId))
{
return(false);
}
if (string.IsNullOrEmpty(timeZone) || string.IsNullOrWhiteSpace(timeZone))
{
return(false);
}
if (amountOfUsers <= 0)
{
return(false);
}
DateTime outDate;
var parseResult = DateTime.TryParse(dateString, out outDate);
if (!parseResult)
{
return(false);
}
DateTime outDate2;
var parseResult2 = DateTime.TryParse(dateStringFrom, out outDate2);
if (!parseResult2)
{
return(false);
}
if (DateHelpers.GetTimeZoneInfoForTzdbId(timeZone) == null)
{
return(false);
}
if (!string.IsNullOrWhiteSpace(codeLink))
{
Uri uriResult;
bool result = Uri.TryCreate(codeLink, UriKind.Absolute, out uriResult);
if (!result)
{
return(false);
}
}
if (amountOfUsers == 0 || amountOfUsers <= 0 || amountOfUsers > int.MaxValue)
{
return(false);
}
using (userappsEntities ctx = new userappsEntities())
{
try
{
var customerTime = TimeZoneInfo.ConvertTime(new DateTime(outDate.Year, outDate.Month, outDate.Day, outDate.Hour, outDate.Minute, outDate.Second),
DateHelpers.GetTimeZoneInfoForTzdbId(timeZone),
DateHelpers.GetTimeZoneInfoForTzdbId(timeZone));
var customerTime2 = TimeZoneInfo.ConvertTime(new DateTime(outDate2.Year, outDate2.Month, outDate2.Day, outDate2.Hour, outDate2.Minute, outDate2.Second),
DateHelpers.GetTimeZoneInfoForTzdbId(timeZone),
DateHelpers.GetTimeZoneInfoForTzdbId(timeZone));
var allMultiCodes = ctx.promotioncodes.Where(x => x.userid == userId && x.ismulticode == true).ToList();
if ((allMultiCodes.Count()) > betacount)
{
throw new HttpResponseException(System.Net.HttpStatusCode.BadRequest);
}
if (count > 2000000)
{
throw new HttpResponseException(System.Net.HttpStatusCode.BadRequest);
}
if ((customerTime2.Ticks > customerTime.Ticks))
{
return(false);
}
var word = gen.RandomString(7);
promotioncode code = new promotioncode();
code.created = TimeZoneInfo.ConvertTimeFromUtc(DateTime.UtcNow, DateHelpers.GetTimeZoneInfoForTzdbId(timeZone));
code.redeemed = false;
code.promocode = word;
code.userid = userId;
code.timezone = timeZone;
code.multicodequantity = amountOfUsers;
code.validfrom = customerTime2;
code.validuntil = customerTime;
code.GetCodeLink = codeLink;
code.IsActive = true;
code.ismulticode = true;
ctx.promotioncodes.Add(code);
await ctx.SaveChangesAsync();
return(true);
}
catch (Exception ex)
{
return(false);
}
}
}
public async Task <HttpResponseMessage> AddNewOtpUser(dynamic authData)
{
if (ReferenceEquals(null, authData.userId) || Equals(0, authData.userId))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"The userId value cannot be null or zero."));
}
if (ReferenceEquals(null, authData.appId) || Equals(0, authData.appId))
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest,
"The appId value cannot be null or zero."));
}
Logging.Logger logger = new Logging.Logger(LogName);
int userId = authData.userId;
int appId = authData.appId;
byte[] secret;
OTP.Helper.RandomHelper.GenerateRandomByteArray(20, out secret);
var serialized = await JsonConvert.SerializeObjectAsync(secret);
try
{
using (var userApps = new userappsEntities())
{
userApps.ChangeTracker.DetectChanges();
if (userApps.appusers.Any(usr => usr.appid == appId && usr.idappusers == userId))
{
if (!userApps.OTPUsers.Any(otp => otp.userid == userId && otp.appid == appId))
{
var otpUser = userApps.OTPUsers.Add(new OTPUser()
{
userid = userId,
appid = appId,
secret =
serialized,
seqvalid = true,
otpcounter = 1,
otpcreated = DateTime.UtcNow
});
await userApps.SaveChangesAsync();
var value = new { Message = "User successfully added." };
var ser = await JsonConvert.SerializeObjectAsync(value);
await logger.StoreNewLogMessage(new Logging.Message(String.Format("ADDUSERSUCCESS {0} for appId {1} generated."
, userId, appId), LogName));
return(Request.CreateResponse <string>(ser));
}
else
{
var value = new { Message = "User already exists" };
var ser = await JsonConvert.SerializeObjectAsync(value);
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "AddNewOtpUser", "User already exists."), LogName)).Wait();
return(Request.CreateResponse <string>(ser));
}
}
else
{
var value = new { Message = "User is not an appuser." };
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "AddNewOtpUser", "User is not an app user"), LogName)).Wait();
var ser = await JsonConvert.SerializeObjectAsync(value);
return(Request.CreateResponse <string>(ser));
}
}
}
catch (Exception ex)
{
logger.StoreNewLogMessage(new Logging.Message(String.Format("APPERROR, METHOD {0} ERROR {1}"
, "AddNewOtpUser", ex.ToString()), LogName)).Wait();
return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError,
"Database Error"));
}
}
