public static void UpdateGenericIdentity(Utilizador utilizador)
{
string[] roles = null;
switch (utilizador.Role)
{
case "Admin":
roles = new string[] { "Admin", "User" };
break;
case "User":
roles = new string[] { "User" };
break;
default:
break;
}
GenericIdentity identity = new GenericIdentity(utilizador.Email);
identity.AddClaim(new Claim(ClaimTypes.Email, utilizador.Email));
identity.AddClaim(new Claim(ClaimTypes.Name, utilizador.Nome));
identity.AddClaim(new Claim(ClaimTypes.Role, utilizador.Role));
identity.AddClaim(new Claim(ClaimTypes.Sid, Convert.ToString(utilizador.Id)));
IPrincipal principal = new GenericPrincipal(identity, roles);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string token = actionContext.Request.Headers.Authorization.Parameter;
string decodedToken = Authentication.DencodingToken(token);
Authentication user = new Authentication
{
Email = decodedToken.Split(':')[0],
Password = decodedToken.Split(':')[1]
};
Utilizador utilizador = Authentication.Login(user);
if (utilizador != null)
{
Authentication.UpdateGenericIdentity(utilizador);
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
public static Utilizador CreateNewUser(Authentication user)
{
Utilizador utilizador = null;
try
{
using (SqlConnection conn = new SqlConnection(CONNECTION_STRING))
{
conn.Open();
SqlCommand cmd = new SqlCommand("INSERT INTO Utilizadores (Nome, Username, Email, Password, Role) " +
"VALUES (@nome, @username, @email, @password, @role)", conn);
cmd.Parameters.AddWithValue("@nome", user.Nome);
cmd.Parameters.AddWithValue("@username", user.Username);
cmd.Parameters.AddWithValue("@email", user.Email);
cmd.Parameters.AddWithValue("@password", Authentication.ComputeSha256Hash(user.Password));
cmd.Parameters.AddWithValue("@role", "User");
int rows = cmd.ExecuteNonQuery();
if (rows == -1)
{
return(null);
}
return(GetUtilizadorByEmail(user.Email));
}
}
catch (Exception exception)
{
return(null);
}
}
public static Utilizador Login(Authentication user)
{
Utilizador utilizador = null;
using (SqlConnection conn = new SqlConnection(CONNECTION_STRING))
{
conn.Open();
SqlCommand cmd = null;
if (user.Email != null && user.Username == null)
{
cmd = new SqlCommand("SELECT * FROM Utilizadores WHERE Email = @email AND Password = @password", conn);
cmd.Parameters.AddWithValue("@email", user.Email);
}
if (user.Email == null && user.Username != null)
{
cmd = new SqlCommand("SELECT * FROM Utilizadores WHERE Username = @username AND Password = @password", conn);
cmd.Parameters.AddWithValue("@username", user.Username);
}
if (user.Email != null && user.Username != null)
{
cmd = new SqlCommand("SELECT * FROM Utilizadores WHERE Username = @username AND Email = @email AND Password = @password", conn);
cmd.Parameters.AddWithValue("@username", user.Username);
cmd.Parameters.AddWithValue("@email", user.Email);
}
if (cmd == null)
{
return(null);
}
cmd.Parameters.AddWithValue("@password", Authentication.ComputeSha256Hash(user.Password));
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
utilizador = new Utilizador
{
Id = (int)reader["Id"],
Username = (string)reader["Username"],
Email = (string)reader["Email"],
Nome = (string)reader["Nome"],
Role = (string)reader["Role"]
};
}
}
conn.Close();
}
return(utilizador);
}
public static List <SensorPessoal> GetSensoresByUsername(string username)
{
List <SensorPessoal> sensores = null;
try
{
sensores = new List <SensorPessoal>();
using (SqlConnection conn = new SqlConnection(CONNECTION_STRING))
{
conn.Open();
Utilizador utilizador = Models.Utilizador.GetUtilizadorByUsername(username);
SqlCommand cmd = new SqlCommand("SELECT * FROM SensoresPessoais WHERE UtilizadorID = @id", conn);
cmd.Parameters.AddWithValue("@id", utilizador.Id);
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
SensorPessoal sensorPessoal = new SensorPessoal()
{
Id = (int)reader["Id"],
Temperatura = (decimal)reader["Temperatura"],
Humidade = (decimal)reader["Humidade"],
Data = (DateTime)reader["Data"],
Valido = (bool)reader["Valido"],
Local = (string)reader["Local"],
Utilizador = Models.Utilizador.GetUtilizadorById((int)reader["UtilizadorID"]).Username
};
if (reader["ValidatedBy"] != DBNull.Value)
{
sensorPessoal.Validated = new SensorPessoalValidatedBy()
{
ValidatedBy = Models.Utilizador.GetUtilizadorById((int)reader["ValidatedBy"]).Username,
DateValidatedBy = (DateTime)reader["DateValidatedBy"]
};
}
sensores.Add(sensorPessoal);
}
}
conn.Close();
}
return(sensores);
}
catch (Exception execption)
{
return(null);
}
}
public static List <Utilizador> GetAllUtilizadores()
{
List <Utilizador> utilizadores = null;
try
{
utilizadores = new List <Utilizador>();
using (SqlConnection conn = new SqlConnection(CONNECTION_STRING))
{
conn.Open();
SqlCommand cmd = new SqlCommand("SELECT * FROM Utilizadores", conn);
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
Utilizador utilizador = new Utilizador()
{
Id = (int)reader["Id"],
Username = (string)reader["Username"],
Email = (string)reader["Email"],
Nome = (string)reader["Nome"],
Role = (string)reader["Role"]
};
utilizadores.Add(utilizador);
}
}
conn.Close();
}
return(utilizadores);
}
catch (Exception exception)
{
return(null);
}
}
public static Utilizador GetUtilizadorById(int id)
{
Utilizador utilizador = null;
try
{
using (SqlConnection conn = new SqlConnection(CONNECTION_STRING))
{
conn.Open();
SqlCommand cmd = new SqlCommand("SELECT * FROM Utilizadores WHERE Id = @id", conn);
cmd.Parameters.AddWithValue("@id", id);
using (SqlDataReader reader = cmd.ExecuteReader())
{
while (reader.Read())
{
utilizador = new Utilizador()
{
Id = (int)reader["Id"],
Username = (string)reader["Username"],
Email = (string)reader["Email"],
Nome = (string)reader["Nome"],
Role = (string)reader["Role"]
};
}
}
conn.Close();
}
}
catch
{
return(null);
}
return(utilizador);
}
