ADAM / AIAHTML5

Commit 621eb0cc0a7aadf64837b59f935863122a3aa9f7

Authored by Nikita Kulshreshtha
1 parent cd969d4f

code review findings

Inline Side-by-side
Showing 1 changed file with 377 additions and 0 deletions
400-SOURCECODE/AIAHTML5.API/Controllers/AuthController.cs 0 → 100644
  View file @621eb0c
  1 +using Newtonsoft.Json;
  2 +using Newtonsoft.Json.Linq;
  3 +using System;
  4 +using System.Collections.Generic;
  5 +using System.Linq;
  6 +using System.Net;
  7 +using System.Net.Http;
  8 +using System.Web.Http;
  9 +using log4net;
  10 +using AIAHTML5.API.Constants;
  11 +using AIAHTML5.API.Models;
  12 +using System.Collections;
  13 +
  14 +namespace AIAHTML5.API.Controllers
  15 +{
  16 + public class AuthenticateController : ApiController
  17 + {
  18 + // GET api/authenticate
  19 + public IEnumerable<string> Get()
  20 + {
  21 + return new string[] { "value1", "value2" };
  22 + }
  23 +
  24 + // GET api/authenticate/5
  25 + public string Get(int id)
  26 + {
  27 + return "value";
  28 + }
  29 +
  30 + // POST api/authenticate
  31 + public HttpResponseMessage Post([FromBody]JObject credentials)
  32 + {
  33 + ILog logger = log4net.LogManager.GetLogger((System.Reflection.MethodBase.GetCurrentMethod().DeclaringType));
  34 + logger.Debug("inside POST");
  35 +
  36 + dynamic authenticationRepsonse;
  37 +
  38 + try
  39 + {
  40 +
  41 + //01.get the user detail for autheticate user
  42 + User userInfo = AIAHTML5.API.Models.Users.getUserDetails(credentials);
  43 +
  44 + if (userInfo.Id > 0)
  45 + {
  46 + // Check user is authenticated or not by login credential macth
  47 + bool isUserAuthenticated = AIAHTML5.API.Models.Users.IsUserAuthenticated(credentials, userInfo);
  48 +
  49 + // check if user is blocked
  50 + DateTime blockTime;
  51 + bool isUserBlocked = AIAHTML5.API.Models.Users.isUserBlocked(userInfo.Id, out blockTime);
  52 +
  53 + if (isUserAuthenticated && !isUserBlocked)
  54 + {
  55 + //01. Get User details
  56 + //userInfo = AIAHTML5.API.Models.Users.getUserDetails(credentials);
  57 +
  58 + //02. assigning isCorrectPassword to true 'required for internal processing'
  59 + userInfo.IsCorrectPassword = true;
  60 +
  61 + //04.delete past wrong login attempts of user
  62 + int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id);
  63 + if (wrongAttemptDeteledCount < 0)
  64 + {
  65 + logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id);
  66 + }
  67 +
  68 + //05. Now get the module list- for ADMIN (superadmin/ general admin) by default all module loads
  69 + if (userInfo.UserType == AIAHTML5.API.Models.User.SUPER_ADMIN || userInfo.UserType == AIAHTML5.API.Models.User.GENERAL_ADMIN)
  70 + {
  71 + userInfo.Modules = AIAHTML5.API.Models.Users.getAllModulesList();
  72 +
  73 + //Insert user login detail
  74 + AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id);
  75 + }
  76 + else
  77 + {
  78 + //05.1 For normal user need to get the license details, get the license id for authenticated user
  79 + int licenseId, editionId;
  80 + AIAHTML5.API.Models.Users.getLicenseIdForThisUser(userInfo.Id, out licenseId, out editionId);
  81 +
  82 + userInfo.LicenseId = licenseId;
  83 + userInfo.EditionId = editionId;
  84 +
  85 + //05.2 Check user is active or not
  86 +
  87 +
  88 + //05.3 get license details
  89 + userInfo.LicenseInfo = AIAHTML5.API.Models.Users.getLicenseDetails(userInfo.LicenseId);
  90 +
  91 + if (userInfo.LicenseInfo.Id > 0)
  92 + {
  93 + //05.4 get licenseSubscription details
  94 + userInfo.LicenseSubscriptions = AIAHTML5.API.Models.Users.getLicenseSubscriptionDetails(userInfo.LicenseId);
  95 +
  96 + //05.5 check the License expiration irespective of either user is active or not because on AIA
  97 + //we shows the License expiration message for inactive users too
  98 + string expirationDate = null;
  99 + bool isLicenseExpired = false;
  100 +
  101 + if (userInfo.LicenseSubscriptions.Id > 0)
  102 + {
  103 + isLicenseExpired = AIAHTML5.API.Models.Users.checkIfLicenseExpired(userInfo.LicenseSubscriptions, out expirationDate);
  104 + }
  105 +
  106 + // send message to the UI for license expiration
  107 + //05.6 Check for subscription Expiration [Promoted for case if license inactive along with subscription expired]
  108 + if (isLicenseExpired)
  109 + {
  110 + userInfo.IsSubscriptionExpired = isLicenseExpired;
  111 + userInfo.SubscriptionExpirationDate = expirationDate;
  112 + }
  113 + else
  114 + {
  115 + //05.6.1
  116 + if (userInfo.LicenseInfo.IsActive)
  117 + {
  118 + if (!userInfo.LicenseInfo.IsTermAccepted)
  119 + {
  120 + ArrayList termsList = AIAHTML5.API.Models.Users.getTermsOfServiceText();
  121 + foreach (Hashtable item in termsList)
  122 + {
  123 + userInfo.TermsOfServiceTitle = item[AIAConstants.KEY_TITLE].ToString();
  124 + userInfo.TermsOfServiceText = item[AIAConstants.KEY_CONTENT].ToString();
  125 + }
  126 + }
  127 + else
  128 + {
  129 + userInfo.Modules = AIAHTML5.API.Models.Users.getModuleListByLicenseId(userInfo.LicenseId);
  130 +
  131 + //Insert user login detail
  132 + AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id);
  133 + }
  134 + }
  135 + else
  136 + {
  137 + //05.6.1.1
  138 + // return message of license inactive
  139 + // property value assigned. Separate return statement not required
  140 +
  141 + }
  142 + }
  143 + }
  144 + }
  145 +
  146 + authenticationRepsonse = JsonConvert.SerializeObject(userInfo);
  147 + }
  148 + else
  149 + {
  150 + //compare block time of user with current time if user is blocked
  151 + DateTime blockDuration = blockTime.AddDays(1);
  152 + var difference = DateTime.Compare(DateTime.Now, blockDuration);
  153 +
  154 + //check if credentials are valid credentials
  155 + bool isCorrectLoginId, isCorrectPassword;
  156 + AIAHTML5.API.Models.Users.isCredentialCorrect(credentials, userInfo, out isCorrectLoginId, out isCorrectPassword);
  157 +
  158 + if (isUserBlocked)
  159 + {
  160 + if (difference >= 0)
  161 + {
  162 + if (isCorrectPassword)
  163 + {
  164 + userInfo.IsBlocked = false;
  165 + userInfo.IsCorrectPassword = true;
  166 +
  167 + int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id);
  168 + if (wrongAttemptDeteledCount < 0)
  169 + {
  170 + logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id);
  171 + }
  172 +
  173 + //05. Now get the module list- for ADMIN (superadmin/ general admin) by default all module loads
  174 +
  175 + if (userInfo.UserType == AIAHTML5.API.Models.User.SUPER_ADMIN || userInfo.UserType == AIAHTML5.API.Models.User.GENERAL_ADMIN)
  176 + {
  177 + userInfo.Modules = AIAHTML5.API.Models.Users.getAllModulesList();
  178 +
  179 + //Insert user login detail
  180 + AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id);
  181 + }
  182 + else
  183 + {
  184 + //05.1 For normal user need to get the license details, get the license id for aUTHENTICATED USER
  185 + int licenseId, editionId;
  186 + AIAHTML5.API.Models.Users.getLicenseIdForThisUser(userInfo.Id, out licenseId, out editionId);
  187 +
  188 + userInfo.LicenseId = licenseId;
  189 + userInfo.EditionId = editionId;
  190 +
  191 + //05.2 Check user is active or not
  192 +
  193 +
  194 + //05.3 get license/ licenseSubscription details
  195 + userInfo.LicenseInfo = AIAHTML5.API.Models.Users.getLicenseDetails(userInfo.LicenseId);
  196 +
  197 + if (userInfo.LicenseInfo.Id > 0)
  198 + {
  199 + //05.4
  200 + userInfo.LicenseSubscriptions = AIAHTML5.API.Models.Users.getLicenseSubscriptionDetails(userInfo.LicenseId);
  201 +
  202 + //05.5 check the License expiration irespective of either user is active or not because on AIA
  203 + //we shows the License expiration message for inactive users too
  204 + string expirationDate = null;
  205 + bool isLicenseExpired = false;
  206 +
  207 + if (userInfo.LicenseSubscriptions.Id > 0)
  208 + {
  209 + isLicenseExpired = AIAHTML5.API.Models.Users.checkIfLicenseExpired(userInfo.LicenseSubscriptions, out expirationDate);
  210 + }
  211 + // send message to the UI for license expiration
  212 + //05.6 Check for subscription Expiration [Promoted for case if license inactive along with subscription expired]
  213 + if (isLicenseExpired)
  214 + {
  215 + userInfo.IsSubscriptionExpired = isLicenseExpired;
  216 + userInfo.SubscriptionExpirationDate = expirationDate;
  217 + }
  218 + else
  219 + {
  220 + //05.6.1
  221 + if (userInfo.LicenseInfo.IsActive)
  222 + {
  223 + if (!userInfo.LicenseInfo.IsTermAccepted)
  224 + {
  225 + ArrayList termsList = AIAHTML5.API.Models.Users.getTermsOfServiceText();
  226 + foreach (Hashtable item in termsList)
  227 + {
  228 + userInfo.TermsOfServiceTitle = item[AIAConstants.KEY_TITLE].ToString();
  229 + userInfo.TermsOfServiceText = item[AIAConstants.KEY_CONTENT].ToString();
  230 + }
  231 + }
  232 + else
  233 + {
  234 + userInfo.Modules = AIAHTML5.API.Models.Users.getModuleListByLicenseId(userInfo.LicenseId);
  235 +
  236 + //Insert user login detail
  237 + AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id);
  238 + }
  239 + }
  240 + else
  241 + {
  242 + //05.6.1.1
  243 + // return message of license inactive
  244 + // property value assigned. Separate return statement not required
  245 +
  246 + }
  247 + }
  248 + }
  249 + }
  250 + }
  251 + else
  252 + {
  253 + int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id);
  254 + if (wrongAttemptDeteledCount < 0)
  255 + {
  256 + logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id);
  257 + }
  258 +
  259 + // send message back to th UI that password is incorrect
  260 + userInfo.IsCorrectPassword = false;
  261 +
  262 + //get wrong attempt count of user
  263 + userInfo.IncorrectLoginAttemptCount = AIAHTML5.API.Models.Users.checkNoOfWrongAttempts(userInfo.Id) + 1;
  264 + userInfo.LoginFailureCauseId = ErrorHelper.E_PASSWORD_NOT_MATCH;
  265 +
  266 + //01. insert wrong attempt in dtabase
  267 + int updateCount = AIAHTML5.API.Models.Users.saveWrongAttemptofUser(userInfo.Id);
  268 +
  269 + if (updateCount < 0)
  270 + {
  271 + //Put the log in log file
  272 + logger.Fatal("Unable to Update past wrong login attempts for userId= " + userInfo.Id);
  273 + }
  274 + else
  275 + {
  276 + if (userInfo.IncorrectLoginAttemptCount > 4)
  277 + {
  278 + userInfo.IsBlocked = true;
  279 + userInfo.LoginFailureCauseId = ErrorHelper.E_USER_ID_BLOCKED_24_HRS;
  280 + }
  281 + }
  282 +
  283 + }
  284 +
  285 + }
  286 + else
  287 + {
  288 + userInfo.IsBlocked = true;
  289 + }
  290 + }
  291 +
  292 + else
  293 + {
  294 +
  295 + //bool isCorrectLoginId, isCorrectPassword;
  296 + //AIAHTML5.API.Models.Users.isCredentialCorrect(credentials, out isCorrectLoginId, out isCorrectPassword);
  297 +
  298 + //below code commented as way of retrieving data changed 'very first line in this method'
  299 + //if (!isCorrectLoginId)
  300 + //{
  301 + // // send message back to th UI that login id is incorrect
  302 + // authenticationRepsonse = AIAConstants.USER_NOT_FOUND;
  303 + //}
  304 + //else
  305 + //{
  306 + if (!isCorrectPassword)
  307 + {
  308 + // send message back to th UI that password is incorrect
  309 + userInfo.IsCorrectPassword = false;
  310 +
  311 + //get wrong attempt count of user
  312 + userInfo.IncorrectLoginAttemptCount = AIAHTML5.API.Models.Users.checkNoOfWrongAttempts(userInfo.Id) + 1;
  313 + userInfo.LoginFailureCauseId = ErrorHelper.E_PASSWORD_NOT_MATCH;
  314 +
  315 + //01. insert wrong attempt in dtabase
  316 + int updateCount = AIAHTML5.API.Models.Users.saveWrongAttemptofUser(userInfo.Id);
  317 +
  318 + if (updateCount < 0)
  319 + {
  320 + //Put the log in log file
  321 + logger.Fatal("Unable to Update past wrong login attempts for userId= " + userInfo.Id);
  322 + }
  323 + else
  324 + {
  325 + if (userInfo.IncorrectLoginAttemptCount > 4)
  326 + {
  327 + userInfo.IsBlocked = true;
  328 + userInfo.LoginFailureCauseId = ErrorHelper.E_USER_ID_BLOCKED_24_HRS;
  329 + }
  330 + }
  331 + }
  332 + }
  333 + // unreachable code detected as license is null
  334 + //if (userInfo.License != null && !string.IsNullOrEmpty(userInfo.License.AccountNumber))
  335 + //{
  336 + // int result = AIAHTML5.API.Models.Users.insertUserLoginLog(userInfo.License.AccountNumber, userInfo.LoginFailureCauseId, null, userInfo.EditionId.ToString(), null);
  337 + // if (result < 0)
  338 + // logger.Fatal("Unable to insert wrong attempt detail in UserLoginLog table for accountNumber= " + userInfo.License.AccountNumber);
  339 + //}
  340 +
  341 + authenticationRepsonse = JsonConvert.SerializeObject(userInfo);
  342 + //}
  343 + }
  344 + }
  345 + else
  346 + {
  347 + authenticationRepsonse = AIAConstants.USER_NOT_FOUND;
  348 + }
  349 + }
  350 + catch (Exception e)
  351 + {
  352 +
  353 + logger.Fatal("Exception occured for loginId =" + credentials["username"].ToString() + " and password= " + credentials["password"].ToString() + "Exception= " + e.Message + ", STACKTRACE: " + e.StackTrace);
  354 +
  355 + ArrayList supportMailList = UserUtility.GetSupportMailList();
  356 + string mailSubject = "SQL Exception intimation mail";
  357 + string mailBody = "MESSAGE: " + e.Message + ", STACKTRACE: " + e.StackTrace;
  358 + UserUtility.SendEmail(credentials, supportMailList, "", mailSubject, mailBody);
  359 +
  360 + authenticationRepsonse = AIAConstants.SQL_CONNECTION_ERROR;
  361 + }
  362 +
  363 + return new HttpResponseMessage { StatusCode = HttpStatusCode.OK, Content = new StringContent(authenticationRepsonse) };
  364 + }
  365 +
  366 +
  367 + // PUT api/authenticate/5
  368 + public void Put(int id, [FromBody]string value)
  369 + {
  370 + }
  371 +
  372 + // DELETE api/authenticate/5
  373 + public void Delete(int id)
  374 + {
  375 + }
  376 + }
  377 +}
0 378 \ No newline at end of file
... ...