using Newtonsoft.Json; using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Http; using System.Web.Http; using log4net; using AIAHTML5.API.Constants; using AIAHTML5.API.Models; using System.Collections; namespace AIAHTML5.API.Controllers { public class AuthenticateController : ApiController { // GET api/authenticate public IEnumerable Get() { return new string[] { "value1", "value2" }; } // GET api/authenticate/5 public string Get(int id) { return "value"; } // POST api/authenticate public HttpResponseMessage Post([FromBody]JObject credentials) { ILog logger = log4net.LogManager.GetLogger((System.Reflection.MethodBase.GetCurrentMethod().DeclaringType)); logger.Debug("inside POST"); dynamic authenticationRepsonse; DateTime blockTime; bool isUserBlocked; try { //01.get the user detail to autheticate the user User userInfo = AIAHTML5.API.Models.Users.getUserDetails(credentials); if (userInfo!= null) { // Check user is authenticated or not by login credential match bool isUserAuthenticated = AIAHTML5.API.Models.Users.checkUserAuthenticity(credentials, userInfo); if (isUserAuthenticated) { //01. assigning isCorrectPassword to true 'required for internal processing' userInfo.IsCorrectPassword = true; //02. check if user is blocked if(userInfo.IsActive){ isUserBlocked = AIAHTML5.API.Models.Users.checkUserBlockStatus(userInfo.Id, out blockTime); if(!isUserBlocked) { //04.delete past wrong login attempts of user int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id); if (wrongAttemptDeteledCount < 0) { logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id); } //05. Now get the module list- for ADMIN (superadmin/ general admin) by default all module loads GetModulesBasedOnUserType(userInfo); // authenticationRepsonse = JsonConvert.SerializeObject(userInfo); } else { //compare block time of user with current time if user is blocked DateTime blockDuration = blockTime.AddDays(1); var difference = DateTime.Compare(DateTime.Now, blockDuration); //check if credentials are valid credentials //bool isCorrectLoginId, isCorrectPassword; //AIAHTML5.API.Models.Users.isCredentialCorrect(credentials, userInfo, out isCorrectLoginId, out isCorrectPassword); if (difference >= 0) { //means 24 hours block time is finished userInfo.IsBlocked = false; int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id); if (wrongAttemptDeteledCount < 0) { logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id); } //05. Now get the module list- for ADMIN (superadmin/ general admin) by default all module loads GetModulesBasedOnUserType(userInfo); } else{ userInfo.IsBlocked = true; } } } else { userInfo.LoginFailureCauseId = ErrorHelper.E_USER_NOT_ACTIVE; } } else { //NIKITA. in this case user will come only when its is not authenticated and authenticity is checked based on userID and password //and validating we have got record of user based on userd so this is the case when password is incorrect userInfo.IsCorrectPassword = false; if (userInfo.IsCorrectPassword == false) { // send message back to th UI that password is incorrect // userInfo.IsCorrectPassword = false; //get wrong attempt count of user int previousIncorrectLoginAttempts = AIAHTML5.API.Models.Users.checkNoOfWrongAttempts(userInfo.Id); userInfo.IncorrectLoginAttemptCount = previousIncorrectLoginAttempts + 1; userInfo.LoginFailureCauseId = ErrorHelper.E_PASSWORD_NOT_MATCH; //01. insert wrong attempt in dtabase int updateCount = AIAHTML5.API.Models.Users.saveWrongAttemptOfUser(userInfo.Id, previousIncorrectLoginAttempts); if (updateCount < 0) { //Put the log in log file logger.Fatal("Unable to Update past wrong login attempts for userId= " + userInfo.Id); } //else //{ if (userInfo.IncorrectLoginAttemptCount > 4) { userInfo.IsBlocked = true; userInfo.LoginFailureCauseId = ErrorHelper.E_USER_ID_BLOCKED_24_HRS; } //} } } // unreachable code detected as license is null //if (userInfo.License != null && !string.IsNullOrEmpty(userInfo.License.AccountNumber)) //{ // int result = AIAHTML5.API.Models.Users.insertUserLoginLog(userInfo.License.AccountNumber, userInfo.LoginFailureCauseId, null, userInfo.EditionId.ToString(), null); // if (result < 0) // logger.Fatal("Unable to insert wrong attempt detail in UserLoginLog table for accountNumber= " + userInfo.License.AccountNumber); //} authenticationRepsonse = JsonConvert.SerializeObject(userInfo); //} } else { authenticationRepsonse = AIAConstants.USER_NOT_FOUND; } } catch (Exception e) { logger.Fatal("Exception occured for loginId =" + credentials["username"].ToString() + " and password= " + credentials["password"].ToString() + "Exception= " + e.Message + ", STACKTRACE: " + e.StackTrace); ArrayList supportMailList = UserUtility.GetSupportMailList(); string mailSubject = "SQL Exception intimation mail"; string mailBody = "MESSAGE: " + e.Message + ", STACKTRACE: " + e.StackTrace; UserUtility.SendEmail(credentials, supportMailList, "", mailSubject, mailBody); authenticationRepsonse = AIAConstants.SQL_CONNECTION_ERROR; } return new HttpResponseMessage { StatusCode = HttpStatusCode.OK, Content = new StringContent(authenticationRepsonse) }; } private static void GetModulesBasedOnUserType(User userInfo) { if (userInfo.UserType == AIAHTML5.API.Models.User.SUPER_ADMIN || userInfo.UserType == AIAHTML5.API.Models.User.GENERAL_ADMIN) { userInfo.Modules = AIAHTML5.API.Models.Users.getAllModulesList(); //Insert user login detail AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); } else { //05.1 For normal user need to get the license details, get the license id for authenticated user int licenseId, editionId; AIAHTML5.API.Models.Users.getLicenseIdForThisUser(userInfo.Id, out licenseId, out editionId); userInfo.LicenseId = licenseId; userInfo.EditionId = editionId; //05.2 Check user is active or not //05.3 get license details userInfo.LicenseInfo = AIAHTML5.API.Models.Users.getLicenseDetails(userInfo.LicenseId); // if (userInfo.LicenseInfo.Id > 0) if (userInfo.LicenseInfo!= null) { //05.4 get licenseSubscription details userInfo.LicenseSubscriptions = AIAHTML5.API.Models.Users.getLicenseSubscriptionDetails(userInfo.LicenseId); //05.5 check the License expiration irespective of either user is active or not because on AIA //we shows the License expiration message for inactive users too string expirationDate = null; bool isLicenseExpired = false; if (userInfo.LicenseSubscriptions!= null) { isLicenseExpired = AIAHTML5.API.Models.Users.checkIfLicenseExpired(userInfo.LicenseSubscriptions, out expirationDate); } // send message to the UI for license expiration //05.6 Check for subscription Expiration [Promoted for case if license inactive along with subscription expired] if (isLicenseExpired) { userInfo.IsSubscriptionExpired = isLicenseExpired; userInfo.SubscriptionExpirationDate = expirationDate; } else { //05.6.1 if (userInfo.LicenseInfo.IsActive) { if (!userInfo.LicenseInfo.IsTermAccepted) { ArrayList termsList = AIAHTML5.API.Models.Users.getTermsAndConditions(); foreach (Hashtable item in termsList) { userInfo.TermsAndConditionsTitle = item[AIAConstants.KEY_TITLE].ToString(); userInfo.TermsAndConditionsText = item[AIAConstants.KEY_CONTENT].ToString(); } } else { userInfo.Modules = AIAHTML5.API.Models.Users.getModuleListByLicenseId(userInfo.LicenseId); //Insert user login detail AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); } } else { userInfo.LoginFailureCauseId = ErrorHelper.E_LICENCE_IS_INACTIVE; } } } } } // PUT api/authenticate/5 public void Put(int id, [FromBody]string value) { } // DELETE api/authenticate/5 public void Delete(int id) { } } }