From 621eb0cc0a7aadf64837b59f935863122a3aa9f7 Mon Sep 17 00:00:00 2001 From: nikita Date: Mon, 25 Sep 2017 15:02:33 +0530 Subject: [PATCH] code review findings --- 400-SOURCECODE/AIAHTML5.API/Controllers/AuthController.cs | 377 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 377 insertions(+), 0 deletions(-) create mode 100644 400-SOURCECODE/AIAHTML5.API/Controllers/AuthController.cs diff --git a/400-SOURCECODE/AIAHTML5.API/Controllers/AuthController.cs b/400-SOURCECODE/AIAHTML5.API/Controllers/AuthController.cs new file mode 100644 index 0000000..41ee501 --- /dev/null +++ b/400-SOURCECODE/AIAHTML5.API/Controllers/AuthController.cs @@ -0,0 +1,377 @@ +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Net; +using System.Net.Http; +using System.Web.Http; +using log4net; +using AIAHTML5.API.Constants; +using AIAHTML5.API.Models; +using System.Collections; + +namespace AIAHTML5.API.Controllers +{ + public class AuthenticateController : ApiController + { + // GET api/authenticate + public IEnumerable Get() + { + return new string[] { "value1", "value2" }; + } + + // GET api/authenticate/5 + public string Get(int id) + { + return "value"; + } + + // POST api/authenticate + public HttpResponseMessage Post([FromBody]JObject credentials) + { + ILog logger = log4net.LogManager.GetLogger((System.Reflection.MethodBase.GetCurrentMethod().DeclaringType)); + logger.Debug("inside POST"); + + dynamic authenticationRepsonse; + + try + { + + //01.get the user detail for autheticate user + User userInfo = AIAHTML5.API.Models.Users.getUserDetails(credentials); + + if (userInfo.Id > 0) + { + // Check user is authenticated or not by login credential macth + bool isUserAuthenticated = AIAHTML5.API.Models.Users.IsUserAuthenticated(credentials, userInfo); + + // check if user is blocked + DateTime blockTime; + bool isUserBlocked = AIAHTML5.API.Models.Users.isUserBlocked(userInfo.Id, out blockTime); + + if (isUserAuthenticated && !isUserBlocked) + { + //01. Get User details + //userInfo = AIAHTML5.API.Models.Users.getUserDetails(credentials); + + //02. assigning isCorrectPassword to true 'required for internal processing' + userInfo.IsCorrectPassword = true; + + //04.delete past wrong login attempts of user + int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id); + if (wrongAttemptDeteledCount < 0) + { + logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id); + } + + //05. Now get the module list- for ADMIN (superadmin/ general admin) by default all module loads + if (userInfo.UserType == AIAHTML5.API.Models.User.SUPER_ADMIN || userInfo.UserType == AIAHTML5.API.Models.User.GENERAL_ADMIN) + { + userInfo.Modules = AIAHTML5.API.Models.Users.getAllModulesList(); + + //Insert user login detail + AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); + } + else + { + //05.1 For normal user need to get the license details, get the license id for authenticated user + int licenseId, editionId; + AIAHTML5.API.Models.Users.getLicenseIdForThisUser(userInfo.Id, out licenseId, out editionId); + + userInfo.LicenseId = licenseId; + userInfo.EditionId = editionId; + + //05.2 Check user is active or not + + + //05.3 get license details + userInfo.LicenseInfo = AIAHTML5.API.Models.Users.getLicenseDetails(userInfo.LicenseId); + + if (userInfo.LicenseInfo.Id > 0) + { + //05.4 get licenseSubscription details + userInfo.LicenseSubscriptions = AIAHTML5.API.Models.Users.getLicenseSubscriptionDetails(userInfo.LicenseId); + + //05.5 check the License expiration irespective of either user is active or not because on AIA + //we shows the License expiration message for inactive users too + string expirationDate = null; + bool isLicenseExpired = false; + + if (userInfo.LicenseSubscriptions.Id > 0) + { + isLicenseExpired = AIAHTML5.API.Models.Users.checkIfLicenseExpired(userInfo.LicenseSubscriptions, out expirationDate); + } + + // send message to the UI for license expiration + //05.6 Check for subscription Expiration [Promoted for case if license inactive along with subscription expired] + if (isLicenseExpired) + { + userInfo.IsSubscriptionExpired = isLicenseExpired; + userInfo.SubscriptionExpirationDate = expirationDate; + } + else + { + //05.6.1 + if (userInfo.LicenseInfo.IsActive) + { + if (!userInfo.LicenseInfo.IsTermAccepted) + { + ArrayList termsList = AIAHTML5.API.Models.Users.getTermsOfServiceText(); + foreach (Hashtable item in termsList) + { + userInfo.TermsOfServiceTitle = item[AIAConstants.KEY_TITLE].ToString(); + userInfo.TermsOfServiceText = item[AIAConstants.KEY_CONTENT].ToString(); + } + } + else + { + userInfo.Modules = AIAHTML5.API.Models.Users.getModuleListByLicenseId(userInfo.LicenseId); + + //Insert user login detail + AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); + } + } + else + { + //05.6.1.1 + // return message of license inactive + // property value assigned. Separate return statement not required + + } + } + } + } + + authenticationRepsonse = JsonConvert.SerializeObject(userInfo); + } + else + { + //compare block time of user with current time if user is blocked + DateTime blockDuration = blockTime.AddDays(1); + var difference = DateTime.Compare(DateTime.Now, blockDuration); + + //check if credentials are valid credentials + bool isCorrectLoginId, isCorrectPassword; + AIAHTML5.API.Models.Users.isCredentialCorrect(credentials, userInfo, out isCorrectLoginId, out isCorrectPassword); + + if (isUserBlocked) + { + if (difference >= 0) + { + if (isCorrectPassword) + { + userInfo.IsBlocked = false; + userInfo.IsCorrectPassword = true; + + int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id); + if (wrongAttemptDeteledCount < 0) + { + logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id); + } + + //05. Now get the module list- for ADMIN (superadmin/ general admin) by default all module loads + + if (userInfo.UserType == AIAHTML5.API.Models.User.SUPER_ADMIN || userInfo.UserType == AIAHTML5.API.Models.User.GENERAL_ADMIN) + { + userInfo.Modules = AIAHTML5.API.Models.Users.getAllModulesList(); + + //Insert user login detail + AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); + } + else + { + //05.1 For normal user need to get the license details, get the license id for aUTHENTICATED USER + int licenseId, editionId; + AIAHTML5.API.Models.Users.getLicenseIdForThisUser(userInfo.Id, out licenseId, out editionId); + + userInfo.LicenseId = licenseId; + userInfo.EditionId = editionId; + + //05.2 Check user is active or not + + + //05.3 get license/ licenseSubscription details + userInfo.LicenseInfo = AIAHTML5.API.Models.Users.getLicenseDetails(userInfo.LicenseId); + + if (userInfo.LicenseInfo.Id > 0) + { + //05.4 + userInfo.LicenseSubscriptions = AIAHTML5.API.Models.Users.getLicenseSubscriptionDetails(userInfo.LicenseId); + + //05.5 check the License expiration irespective of either user is active or not because on AIA + //we shows the License expiration message for inactive users too + string expirationDate = null; + bool isLicenseExpired = false; + + if (userInfo.LicenseSubscriptions.Id > 0) + { + isLicenseExpired = AIAHTML5.API.Models.Users.checkIfLicenseExpired(userInfo.LicenseSubscriptions, out expirationDate); + } + // send message to the UI for license expiration + //05.6 Check for subscription Expiration [Promoted for case if license inactive along with subscription expired] + if (isLicenseExpired) + { + userInfo.IsSubscriptionExpired = isLicenseExpired; + userInfo.SubscriptionExpirationDate = expirationDate; + } + else + { + //05.6.1 + if (userInfo.LicenseInfo.IsActive) + { + if (!userInfo.LicenseInfo.IsTermAccepted) + { + ArrayList termsList = AIAHTML5.API.Models.Users.getTermsOfServiceText(); + foreach (Hashtable item in termsList) + { + userInfo.TermsOfServiceTitle = item[AIAConstants.KEY_TITLE].ToString(); + userInfo.TermsOfServiceText = item[AIAConstants.KEY_CONTENT].ToString(); + } + } + else + { + userInfo.Modules = AIAHTML5.API.Models.Users.getModuleListByLicenseId(userInfo.LicenseId); + + //Insert user login detail + AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); + } + } + else + { + //05.6.1.1 + // return message of license inactive + // property value assigned. Separate return statement not required + + } + } + } + } + } + else + { + int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id); + if (wrongAttemptDeteledCount < 0) + { + logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id); + } + + // send message back to th UI that password is incorrect + userInfo.IsCorrectPassword = false; + + //get wrong attempt count of user + userInfo.IncorrectLoginAttemptCount = AIAHTML5.API.Models.Users.checkNoOfWrongAttempts(userInfo.Id) + 1; + userInfo.LoginFailureCauseId = ErrorHelper.E_PASSWORD_NOT_MATCH; + + //01. insert wrong attempt in dtabase + int updateCount = AIAHTML5.API.Models.Users.saveWrongAttemptofUser(userInfo.Id); + + if (updateCount < 0) + { + //Put the log in log file + logger.Fatal("Unable to Update past wrong login attempts for userId= " + userInfo.Id); + } + else + { + if (userInfo.IncorrectLoginAttemptCount > 4) + { + userInfo.IsBlocked = true; + userInfo.LoginFailureCauseId = ErrorHelper.E_USER_ID_BLOCKED_24_HRS; + } + } + + } + + } + else + { + userInfo.IsBlocked = true; + } + } + + else + { + + //bool isCorrectLoginId, isCorrectPassword; + //AIAHTML5.API.Models.Users.isCredentialCorrect(credentials, out isCorrectLoginId, out isCorrectPassword); + + //below code commented as way of retrieving data changed 'very first line in this method' + //if (!isCorrectLoginId) + //{ + // // send message back to th UI that login id is incorrect + // authenticationRepsonse = AIAConstants.USER_NOT_FOUND; + //} + //else + //{ + if (!isCorrectPassword) + { + // send message back to th UI that password is incorrect + userInfo.IsCorrectPassword = false; + + //get wrong attempt count of user + userInfo.IncorrectLoginAttemptCount = AIAHTML5.API.Models.Users.checkNoOfWrongAttempts(userInfo.Id) + 1; + userInfo.LoginFailureCauseId = ErrorHelper.E_PASSWORD_NOT_MATCH; + + //01. insert wrong attempt in dtabase + int updateCount = AIAHTML5.API.Models.Users.saveWrongAttemptofUser(userInfo.Id); + + if (updateCount < 0) + { + //Put the log in log file + logger.Fatal("Unable to Update past wrong login attempts for userId= " + userInfo.Id); + } + else + { + if (userInfo.IncorrectLoginAttemptCount > 4) + { + userInfo.IsBlocked = true; + userInfo.LoginFailureCauseId = ErrorHelper.E_USER_ID_BLOCKED_24_HRS; + } + } + } + } + // unreachable code detected as license is null + //if (userInfo.License != null && !string.IsNullOrEmpty(userInfo.License.AccountNumber)) + //{ + // int result = AIAHTML5.API.Models.Users.insertUserLoginLog(userInfo.License.AccountNumber, userInfo.LoginFailureCauseId, null, userInfo.EditionId.ToString(), null); + // if (result < 0) + // logger.Fatal("Unable to insert wrong attempt detail in UserLoginLog table for accountNumber= " + userInfo.License.AccountNumber); + //} + + authenticationRepsonse = JsonConvert.SerializeObject(userInfo); + //} + } + } + else + { + authenticationRepsonse = AIAConstants.USER_NOT_FOUND; + } + } + catch (Exception e) + { + + logger.Fatal("Exception occured for loginId =" + credentials["username"].ToString() + " and password= " + credentials["password"].ToString() + "Exception= " + e.Message + ", STACKTRACE: " + e.StackTrace); + + ArrayList supportMailList = UserUtility.GetSupportMailList(); + string mailSubject = "SQL Exception intimation mail"; + string mailBody = "MESSAGE: " + e.Message + ", STACKTRACE: " + e.StackTrace; + UserUtility.SendEmail(credentials, supportMailList, "", mailSubject, mailBody); + + authenticationRepsonse = AIAConstants.SQL_CONNECTION_ERROR; + } + + return new HttpResponseMessage { StatusCode = HttpStatusCode.OK, Content = new StringContent(authenticationRepsonse) }; + } + + + // PUT api/authenticate/5 + public void Put(int id, [FromBody]string value) + { + } + + // DELETE api/authenticate/5 + public void Delete(int id) + { + } + } +} \ No newline at end of file -- libgit2 0.21.4