public User Select(string email)
{
User info = null;
using (var connection = CreateConnection().OpenIt())
{
using (var cmd = connection.CreateCommand())
{
cmd.CommandText = @"SELECT * FROM [EStoreUser] WHERE Email = @Email";
cmd.CommandType = CommandType.Text;
cmd.AddParameter("@Email", email);
using (var dReader = cmd.ExecuteReader())
{
if (dReader.Read())
{
info = new User();
info.Email = dReader["email"].ToString();
info.Password = dReader["Password"].ToString();
info.Status = dReader["Status"].ToString();
info.TempPassword = dReader["TempPassword"] == System.DBNull.Value ? string.Empty : dReader["TempPassword"].ToString();
}
}
}
}
return info;
}
public bool Activate(User info)
{
bool success = false;
using (var connection = CreateConnection().OpenIt())
{
using (var cmd = connection.CreateCommand())
{
cmd.CommandText = @"UPDATE [EStoreUser] SET Status = @Status, UpdatedDate = @UpdatedDate, Token = null WHERE Email = @Email AND Token = @Token";
cmd.CommandType = CommandType.Text;
cmd.AddParameter("@Status", info.Status);
cmd.AddParameter("@UpdatedDate", info.UpdatedDate);
cmd.AddParameter("@Email", info.Email);
cmd.AddParameter("@Token", info.Token);
cmd.ExecuteNonQuery();
success = true;
}
}
return success;
}
public bool SendPwdChangeNotifyEmail(User info)
{
StringBuilder builder = new StringBuilder("<html><body>");
builder.Append("<p>Thank you for your request.</p>");
builder.Append("<p>Temparory Password: "******"</p>");
builder.Append(string.Format("<p>Login to <a href='{0}/#/login'>Online Store Login</a></p>", Utility.BASE_URL));
builder.Append("</body></html>");
var emailInfo = new Email();
emailInfo.From = ConfigurationManager.AppSettings.Get("DefaultEmail");
emailInfo.Subject = "Online Store - Password Recovery";
emailInfo.Body = builder.ToString();
emailInfo.To = info.Email;
return Send(emailInfo);
}
public bool SendRegConfirmEmail(User info)
{
StringBuilder builder = new StringBuilder("<html><body>");
builder.Append("<p>Thank you for registering with EStore.</p>");
builder.Append("");
builder.Append("<p>Please click the following link to login to your account ");
builder.Append(string.Format("<a href='{0}/#/login'>Online Store Login</a></p>", Utility.BASE_URL));
builder.Append("</body></html>");
var emailInfo = new Email();
emailInfo.From = ConfigurationManager.AppSettings.Get("DefaultEmail");
emailInfo.Subject = "Online Store - Registration Confirmation";
emailInfo.Body = builder.ToString();
emailInfo.To = info.Email;
return Send(emailInfo);
}
public bool Insert(User info)
{
bool success = false;
using (var connection = CreateConnection().OpenIt())
{
using (var cmd = connection.CreateCommand())
{
cmd.CommandText = @"INSERT INTO [EStoreUser] (Email, Password, Status, Token) VALUES (@Email, @Password, @Status, @token)";
cmd.AddParameter("@Email", info.Email);
cmd.AddParameter("@Password", info.Password);
cmd.AddParameter("@Status", info.Status);
cmd.AddParameter("@Token", info.Token);
cmd.ExecuteNonQuery();
success = true;
}
}
return success;
}
public ApiResponse Add(User info)
{
try
{
var validator = new UserRegistrtionValidator();
var result = validator.Validate(info);
if (result.IsValid)
{
info.Password = StringCipher.Encrypt(info.Password, passPhrase);
info.Status = NUserStatus.Active.GetStrValue();
info.Token = Guid.NewGuid().ToString();
if (dacMgr.Insert(info))
{
logMgr.Info("Register new an user " + info.Email);
var emailMgr = new EmailMgr();
if (emailMgr.SendRegConfirmEmail(info))
response.Success = true;
else
logMgr.Error(info.Email + " failed to send a registration email");
}
}
else
{
foreach (var error in result.Errors)
{
response.ErrorList.Add(new Error { Message = error.PropertyName + error.ErrorMessage });
}
}
}
catch (Exception ex)
{
response.Success = false;
response.ErrorList.Add(new Error { Message = "Internal Server Error Code:500" });
logMgr.Error(ex);
}
return response;
}
public ApiResponse Login(User info)
{
try
{
var validator = new UserLoginValidator();
var result = validator.Validate(info);
if (result.IsValid)
{
info.Password = StringCipher.Encrypt(info.Password, passPhrase);
User user = dacMgr.Select(info.Email);
if (user != null)
{
if (user.Status == NUserStatus.Active.GetStrValue())
{
if (info.Password == user.Password)
{
response.Success = true;
logMgr.Info(info.Email + " successfully login");
}
else
{
response.ErrorList.Add(new Error { Message = "Invalid email and password" });
logMgr.Info(info.Email + " fails to login");
}
}
else if (user.Status == NUserStatus.ChangePassword.GetStrValue())
{
if (info.Password == user.Password)
{
info.UpdatedDate = DateTime.UtcNow;
info.Password = StringCipher.Encrypt(info.Password, passPhrase);
info.Status = NUserStatus.Active.GetStrValue();
info.TempPassword = string.Empty;
dacMgr.Update(info);
response.Success = true;
}
else if (info.Password == user.TempPassword)
{
response.ErrorList.Add(new Error { Code = "Required_Password_Change" });
response.Success = true;
}
}
}
else
{
response.ErrorList.Add(new Error { Message = "Invalid email and password" });
}
}
else
{
foreach (var error in result.Errors)
{
response.ErrorList.Add(new Error { Message = error.PropertyName + error.ErrorMessage });
}
}
}
catch (Exception ex)
{
response.Success = false;
response.ErrorList.Add(new Error { Message = "Internal Server Error Code:500" });
logMgr.Error(ex);
}
return response;
}
public ApiResponse ChangePassword(User info)
{
try
{
var validator = new UserChangePasswordValidator();
var result = validator.Validate(info);
if (result.IsValid)
{
if (dacMgr.Select(info.Email) != null)
{
info.UpdatedDate = DateTime.Now;
info.TempPassword = StringCipher.Encrypt(LogicHelper.ConstructPassword(), passPhrase);
info.Status = NUserStatus.ChangePassword.GetStrValue();
if (dacMgr.UpdateStatus(info))
{
var emailMgr = new EmailMgr();
info.TempPassword = StringCipher.Decrypt(info.TempPassword, passPhrase);
if (emailMgr.SendPwdChangeNotifyEmail(info))
response.Success = true;
else
logMgr.Error(info.Email + " failed to send an email for password change notification");
}
}
else
{
response.ErrorList.Add(new Error { Message = "Email doesn't exist in database" });
}
}
else
{
foreach (var error in result.Errors)
{
response.ErrorList.Add(new Error { Message = error.ErrorMessage });
}
}
}
catch (Exception ex)
{
response.Success = false;
response.ErrorList.Add(new Error { Message = "Internal Server Error Code:500" });
logMgr.Error(ex);
}
return response;
}
public ApiResponse Activate(User info)
{
try
{
var validator = new UserActivationValidator();
var result = validator.Validate(info);
if (result.IsValid)
{
info.Status = NUserStatus.Active.GetStrValue();
info.UpdatedDate = DateTime.UtcNow;
if (dacMgr.Activate(info))
{
logMgr.Info("Activate a new user " + info.Email);
response.Success = true;
}
}
else
{
foreach (var error in result.Errors)
{
response.ErrorList.Add(new Error { Message = error.PropertyName + error.ErrorMessage });
}
}
}
catch (Exception ex)
{
response.Success = false;
response.ErrorList.Add(new Error { Message = "Internal Server Error Code:500" });
logMgr.Error(ex);
}
return response;
}
public bool Update(User info)
{
bool success = false;
using (var connection = CreateConnection().OpenIt())
{
using (var cmd = connection.CreateCommand())
{
cmd.CommandText = @"UPDATE [EStoreUser] SET Password = @Password, Status = @Status, UpdatedDate = @UpdatedDate, TempPassword = @TempPassword WHERE Email = @Email";
cmd.CommandType = CommandType.Text;
cmd.AddParameter("@Password", info.Password);
cmd.AddParameter("@Status", info.Status);
cmd.AddParameter("@UpdatedDate", info.UpdatedDate);
cmd.AddParameter("@TempPassword", info.TempPassword);
cmd.AddParameter("@Email", info.Email);
cmd.ExecuteNonQuery();
success = true;
}
}
return success;
}
