using Microsoft.AspNet.SignalR; using System; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Security.Claims; using System.Web.Helpers; using System.Web.Http; using Thermo.Active.Controllers.SignalR; using Thermo.Active.Database.Controllers; using Thermo.Active.Model.DatabaseModels; using Thermo.Active.Model.DTOModels; using Thermo.Active.Utils; using static Thermo.Active.Model.Constants; using static Thermo.Active.Utils.LanguageController; namespace Thermo.Active.Controllers.WebApi { [RoutePrefix("api/user")] public class UserController : ApiController { [Route("logout"), HttpPost] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)] public IHttpActionResult Logout() { var identity = User.Identity as ClaimsIdentity; // Find user id from the bearer token var userId = identity.Claims.FirstOrDefault(c => c.Type == USER_ID_KEY); if (userId == null) return Unauthorized(); // Find machine id from the bearer token var machineId = identity.Claims.FirstOrDefault(c => c.Type == MACHINE_ID_KEY); if (machineId == null) return Unauthorized(); using (SessionsController sessionsController = new SessionsController()) { // Delete all the user session on the machine sessionsController.DeleteSessionsByUserAndMachineId(Convert.ToInt32(machineId.Value), Convert.ToInt32(userId.Value)); } // Send to the clients the id of the disconnected user var context = GlobalHost.ConnectionManager.GetHubContext(); context.Clients.All.logout(new { id = userId.Value }); ThermoActiveLogger.LogMessage("Logout: " + userId.Value + "Date:" + DateTime.Now, ERROR_LEVEL.INFO); RedisController.WriteCurrentUser(""); return Ok(); } [Route("info"), HttpGet] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)] public IHttpActionResult UserInfo() { var identity = User.Identity as ClaimsIdentity; // Find user id from the bearer token var userId = identity.Claims.FirstOrDefault(c => c.Type == USER_ID_KEY); if (userId == null) return Unauthorized(); using (UsersController usersController = new UsersController()) { return Ok(usersController.GetUserInfo(Convert.ToInt32(userId.Value))); } } [Route("language"), HttpPut] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)] public IHttpActionResult PutUserLanguage([FromBody] dynamic user) { // If no body return 400 if (user == null) return BadRequest(); // Validate user id var identity = User.Identity as ClaimsIdentity; var userId = identity.Claims.FirstOrDefault(c => c.Type == USER_ID_KEY); if (userId == null) return Unauthorized(); // Parse body data and validate language var newLanguage = (string)user.language; if (newLanguage == null || !IsValidLanguage(newLanguage)) return BadRequest(); // Find if language is Available in the server directory if (!LanguageIsAvailable(newLanguage)) return NotFound(); using (UsersController usersController = new UsersController()) { // Update database with new language usersController.ChangeUserLanguage(Convert.ToInt32(userId.Value), CultureInfo.CreateSpecificCulture(newLanguage)); return Ok(); } } [Route("list"), HttpGet] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)] public IHttpActionResult GetMessageUserList() { // Validate user id var identity = User.Identity as ClaimsIdentity; var userId = identity.Claims.FirstOrDefault(c => c.Type == USER_ID_KEY); if (userId == null) return Unauthorized(); using (UsersController usersController = new UsersController()) { // Update database with new language List users = usersController.GetMessageUserList(); return Ok(users); } } #region User Manager [Route("manager/list"), HttpGet] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)] public IHttpActionResult GetUserList() { using (UsersController usersController = new UsersController()) { // Update database with new language List users = usersController.GetUserList(); return Ok(users); } } [Route("manager/user/{userId:int}"), HttpPut] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)] public IHttpActionResult UpdateUserData(int userId, [FromBody] DTONewUserModel userData) { using (UsersController usersController = new UsersController()) { UserModel user = usersController.FindById(userId); if (user == null) return NotFound(); else { if (user.Username != userData.Username) { if (usersController.FindByUsername(userData.Username) != null) return BadRequest(); } return Ok(usersController.UpdateUserData(userId, userData)); } } } [Route("manager/user"), HttpPost] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)] public IHttpActionResult CreateUser(UserModel model) { using (UsersController usersController = new UsersController()) { if (usersController.FindByUsername(model.Username) != null) return BadRequest(API_ERROR_KEYS.DUPLICATED_USERNAME); DTOUserModel user = usersController.Create(model.Username, model.Password, model.FirstName, model.LastName, model.Language); return Ok(user); } } [Route("manager/user/{userId:int}"), HttpDelete] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)] public IHttpActionResult DeleteUserData(int userId) { using (UsersController usersController = new UsersController()) { UserModel user = usersController.FindById(userId); if (user == null) return NotFound(); usersController.DeleteUser(user); return Ok(); } } [Route("manager/password/{userId:int}"), HttpPut] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)] public IHttpActionResult UpdateUserPassword(int userId, [FromBody] DTONewPasswordrModel userData) { using (UsersController usersController = new UsersController()) { UserModel user = usersController.FindById(userId); if (user == null) return NotFound(); if (userData.newPassword == userData.actPassword) return BadRequest("error_password_same"); if (Crypto.VerifyHashedPassword(user.Password, userData.actPassword) != true) return BadRequest("error_password_not_ok"); if (Crypto.VerifyHashedPassword(user.Password, userData.newPassword) == true) return BadRequest("error_password_same_old"); return Ok(usersController.UpdateUserPassword(userId, userData)); } } // Role [Route("manager/role/list"), HttpGet] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)] public IHttpActionResult GetRoleList() { using (MachinesUsersController machineController = new MachinesUsersController()) { List roles = machineController.GetRolesList(); return Ok(roles); } } [Route("manager/user/{userId:int}/role/{roleId:int}"), HttpPut] [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)] public IHttpActionResult UpdateUserRole(int userId, int roleId) { using (UsersController usersController = new UsersController()) { if (usersController.isCMSRole(roleId)) return BadRequest("not_permitted"); // Update database with new user's role var user = usersController.UpdateUserRole(userId, roleId); return Ok(user); } } #endregion User Manager } }