using Newtonsoft.Json; using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Http; using System.Web.Http; using log4net; using AIAHTML5.API.Constants; using AIAHTML5.API.Models; using System.Collections; namespace AIAHTML5.API.Controllers { public class AuthenticateController : ApiController { // GET api/authenticate public IEnumerable Get() { return new string[] { "value1", "value2" }; } // GET api/authenticate/5 public string Get(int id) { return "value"; } // POST api/authenticate public HttpResponseMessage Post([FromBody]JObject credentials) { ILog logger = log4net.LogManager.GetLogger((System.Reflection.MethodBase.GetCurrentMethod().DeclaringType)); logger.Debug("inside POST"); dynamic authenticationRepsonse; try { //01.get the user detail to autheticate user User userInfo = AIAHTML5.API.Models.Users.getUserDetails(credentials); if (userInfo!= null) { // Check user is authenticated or not by login credential math bool isUserAuthenticated = AIAHTML5.API.Models.Users.checkUserAuthenticity(credentials, userInfo); DateTime blockTime; bool isUserBlocked; if (isUserAuthenticated) { //01. assigning isCorrectPassword to true 'required for internal processing' userInfo.IsCorrectPassword = true; //02. check if user is blocked isUserBlocked = AIAHTML5.API.Models.Users.checkUserBlockStatus(userInfo.Id, out blockTime); if(!isUserBlocked) { //04.delete past wrong login attempts of user int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id); if (wrongAttemptDeteledCount < 0) { logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id); } //05. Now get the module list- for ADMIN (superadmin/ general admin) by default all module loads if (userInfo.UserType == AIAHTML5.API.Models.User.SUPER_ADMIN || userInfo.UserType == AIAHTML5.API.Models.User.GENERAL_ADMIN) { userInfo.Modules = AIAHTML5.API.Models.Users.getAllModulesList(); //Insert user login detail AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); } else { //05.1 For normal user need to get the license details, get the license id for authenticated user int licenseId, editionId; AIAHTML5.API.Models.Users.getLicenseIdForThisUser(userInfo.Id, out licenseId, out editionId); userInfo.LicenseId = licenseId; userInfo.EditionId = editionId; //05.2 Check user is active or not //05.3 get license details userInfo.LicenseInfo = AIAHTML5.API.Models.Users.getLicenseDetails(userInfo.LicenseId); if (userInfo.LicenseInfo.Id > 0) { //05.4 get licenseSubscription details userInfo.LicenseSubscriptions = AIAHTML5.API.Models.Users.getLicenseSubscriptionDetails(userInfo.LicenseId); //05.5 check the License expiration irespective of either user is active or not because on AIA //we shows the License expiration message for inactive users too string expirationDate = null; bool isLicenseExpired = false; if (userInfo.LicenseSubscriptions.Id > 0) { isLicenseExpired = AIAHTML5.API.Models.Users.checkIfLicenseExpired(userInfo.LicenseSubscriptions, out expirationDate); } // send message to the UI for license expiration //05.6 Check for subscription Expiration [Promoted for case if license inactive along with subscription expired] if (isLicenseExpired) { userInfo.IsSubscriptionExpired = isLicenseExpired; userInfo.SubscriptionExpirationDate = expirationDate; } else { //05.6.1 if (userInfo.LicenseInfo.IsActive) { if (!userInfo.LicenseInfo.IsTermAccepted) { ArrayList termsList = AIAHTML5.API.Models.Users.getTermsOfServiceText(); foreach (Hashtable item in termsList) { userInfo.TermsOfServiceTitle = item[AIAConstants.KEY_TITLE].ToString(); userInfo.TermsOfServiceText = item[AIAConstants.KEY_CONTENT].ToString(); } } else { userInfo.Modules = AIAHTML5.API.Models.Users.getModuleListByLicenseId(userInfo.LicenseId); //Insert user login detail AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); } } else { //05.6.1.1 // return message of license inactive // property value assigned. Separate return statement not required } } } } authenticationRepsonse = JsonConvert.SerializeObject(userInfo); } } else { //compare block time of user with current time if user is blocked DateTime blockDuration = blockTime.AddDays(1); var difference = DateTime.Compare(DateTime.Now, blockDuration); //check if credentials are valid credentials bool isCorrectLoginId, isCorrectPassword; AIAHTML5.API.Models.Users.isCredentialCorrect(credentials, userInfo, out isCorrectLoginId, out isCorrectPassword); if (isUserBlocked) { if (difference >= 0) { if (isCorrectPassword) { userInfo.IsBlocked = false; userInfo.IsCorrectPassword = true; int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id); if (wrongAttemptDeteledCount < 0) { logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id); } //05. Now get the module list- for ADMIN (superadmin/ general admin) by default all module loads if (userInfo.UserType == AIAHTML5.API.Models.User.SUPER_ADMIN || userInfo.UserType == AIAHTML5.API.Models.User.GENERAL_ADMIN) { userInfo.Modules = AIAHTML5.API.Models.Users.getAllModulesList(); //Insert user login detail AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); } else { //05.1 For normal user need to get the license details, get the license id for aUTHENTICATED USER int licenseId, editionId; AIAHTML5.API.Models.Users.getLicenseIdForThisUser(userInfo.Id, out licenseId, out editionId); userInfo.LicenseId = licenseId; userInfo.EditionId = editionId; //05.2 Check user is active or not //05.3 get license/ licenseSubscription details userInfo.LicenseInfo = AIAHTML5.API.Models.Users.getLicenseDetails(userInfo.LicenseId); if (userInfo.LicenseInfo.Id > 0) { //05.4 userInfo.LicenseSubscriptions = AIAHTML5.API.Models.Users.getLicenseSubscriptionDetails(userInfo.LicenseId); //05.5 check the License expiration irespective of either user is active or not because on AIA //we shows the License expiration message for inactive users too string expirationDate = null; bool isLicenseExpired = false; if (userInfo.LicenseSubscriptions.Id > 0) { isLicenseExpired = AIAHTML5.API.Models.Users.checkIfLicenseExpired(userInfo.LicenseSubscriptions, out expirationDate); } // send message to the UI for license expiration //05.6 Check for subscription Expiration [Promoted for case if license inactive along with subscription expired] if (isLicenseExpired) { userInfo.IsSubscriptionExpired = isLicenseExpired; userInfo.SubscriptionExpirationDate = expirationDate; } else { //05.6.1 if (userInfo.LicenseInfo.IsActive) { if (!userInfo.LicenseInfo.IsTermAccepted) { ArrayList termsList = AIAHTML5.API.Models.Users.getTermsOfServiceText(); foreach (Hashtable item in termsList) { userInfo.TermsOfServiceTitle = item[AIAConstants.KEY_TITLE].ToString(); userInfo.TermsOfServiceText = item[AIAConstants.KEY_CONTENT].ToString(); } } else { userInfo.Modules = AIAHTML5.API.Models.Users.getModuleListByLicenseId(userInfo.LicenseId); //Insert user login detail AIAHTML5.API.Models.Users.insertLoginDetails(userInfo.Id); } } else { //05.6.1.1 // return message of license inactive // property value assigned. Separate return statement not required } } } } } else { int wrongAttemptDeteledCount = AIAHTML5.API.Models.Users.deletePastWrongAttempts(userInfo.Id); if (wrongAttemptDeteledCount < 0) { logger.Fatal("Unable to delete past wrong login attempts for userId= " + userInfo.Id); } // send message back to th UI that password is incorrect userInfo.IsCorrectPassword = false; //get wrong attempt count of user userInfo.IncorrectLoginAttemptCount = AIAHTML5.API.Models.Users.checkNoOfWrongAttempts(userInfo.Id) + 1; userInfo.LoginFailureCauseId = ErrorHelper.E_PASSWORD_NOT_MATCH; //01. insert wrong attempt in dtabase int updateCount = AIAHTML5.API.Models.Users.saveWrongAttemptofUser(userInfo.Id); if (updateCount < 0) { //Put the log in log file logger.Fatal("Unable to Update past wrong login attempts for userId= " + userInfo.Id); } else { if (userInfo.IncorrectLoginAttemptCount > 4) { userInfo.IsBlocked = true; userInfo.LoginFailureCauseId = ErrorHelper.E_USER_ID_BLOCKED_24_HRS; } } } } else { userInfo.IsBlocked = true; } } else { //bool isCorrectLoginId, isCorrectPassword; //AIAHTML5.API.Models.Users.isCredentialCorrect(credentials, out isCorrectLoginId, out isCorrectPassword); //below code commented as way of retrieving data changed 'very first line in this method' //if (!isCorrectLoginId) //{ // // send message back to th UI that login id is incorrect // authenticationRepsonse = AIAConstants.USER_NOT_FOUND; //} //else //{ if (!isCorrectPassword) { // send message back to th UI that password is incorrect userInfo.IsCorrectPassword = false; //get wrong attempt count of user userInfo.IncorrectLoginAttemptCount = AIAHTML5.API.Models.Users.checkNoOfWrongAttempts(userInfo.Id) + 1; userInfo.LoginFailureCauseId = ErrorHelper.E_PASSWORD_NOT_MATCH; //01. insert wrong attempt in dtabase int updateCount = AIAHTML5.API.Models.Users.saveWrongAttemptofUser(userInfo.Id); if (updateCount < 0) { //Put the log in log file logger.Fatal("Unable to Update past wrong login attempts for userId= " + userInfo.Id); } else { if (userInfo.IncorrectLoginAttemptCount > 4) { userInfo.IsBlocked = true; userInfo.LoginFailureCauseId = ErrorHelper.E_USER_ID_BLOCKED_24_HRS; } } } } // unreachable code detected as license is null //if (userInfo.License != null && !string.IsNullOrEmpty(userInfo.License.AccountNumber)) //{ // int result = AIAHTML5.API.Models.Users.insertUserLoginLog(userInfo.License.AccountNumber, userInfo.LoginFailureCauseId, null, userInfo.EditionId.ToString(), null); // if (result < 0) // logger.Fatal("Unable to insert wrong attempt detail in UserLoginLog table for accountNumber= " + userInfo.License.AccountNumber); //} authenticationRepsonse = JsonConvert.SerializeObject(userInfo); //} } } else { authenticationRepsonse = AIAConstants.USER_NOT_FOUND; } } catch (Exception e) { logger.Fatal("Exception occured for loginId =" + credentials["username"].ToString() + " and password= " + credentials["password"].ToString() + "Exception= " + e.Message + ", STACKTRACE: " + e.StackTrace); ArrayList supportMailList = UserUtility.GetSupportMailList(); string mailSubject = "SQL Exception intimation mail"; string mailBody = "MESSAGE: " + e.Message + ", STACKTRACE: " + e.StackTrace; UserUtility.SendEmail(credentials, supportMailList, "", mailSubject, mailBody); authenticationRepsonse = AIAConstants.SQL_CONNECTION_ERROR; } return new HttpResponseMessage { StatusCode = HttpStatusCode.OK, Content = new StringContent(authenticationRepsonse) }; } // PUT api/authenticate/5 public void Put(int id, [FromBody]string value) { } // DELETE api/authenticate/5 public void Delete(int id) { } } }