Checking Gets, Puts, Deletes and Registration

UnivateProperties_API/Controllers/Users/IndividualController.cs

@@ -17,29 +17,21 @@ namespace User_API.Controllers
             _Repo = repo;
         }
 
+        //Gets data from the DB
         [HttpGet]
         public IActionResult Get()
         {
             return new OkObjectResult(_Repo.GetAll());
         }
 
+        //Gets data from DB by Id
         [HttpGet("{id}")]
         public IActionResult Get(int id)
         {
             return new OkObjectResult(_Repo.Get(x => x.Id == id));
         }
 
-        [HttpPost()]
-        public IActionResult Post([FromBody] Individual individual)
-        {
-            using (var scope = new TransactionScope())
-            {
-                _Repo.Insert(individual);
-                scope.Complete();
-                return CreatedAtAction(nameof(Get), new { id = individual.Id }, individual);
-            }
-        }
-
+        //Updates to DB
         [HttpPut()]
         public IActionResult Put([FromBody] Individual individual)
         {
@@ -55,6 +47,7 @@ namespace User_API.Controllers
             return new NoContentResult();
         }
 
+        //Updates DB by removing said Id
         [HttpDelete("{id}")]
         public IActionResult Delete(int id)
         {

UnivateProperties_API/Controllers/Users/RegisterController.cs

@@ -33,6 +33,7 @@ namespace UnivateProperties_API.Controllers.Users
             _appSettings = appSettings.Value;
         }
 
+        //Works
         [AllowAnonymous]
         [HttpPost("authenticate")]
         public IActionResult Authenticate([FromBody]UserDto userDto)
@@ -68,26 +69,25 @@ namespace UnivateProperties_API.Controllers.Users
             });
         }
 
+        //Writes to DB
         [AllowAnonymous]
         [HttpPost("register")]
-        public IActionResult Register([FromBody]UserDto userDto)
+        public IActionResult Register([FromBody]UserDto individual)
         {
-            // map dto to entity
-            var user = _mapper.Map<User>(userDto);
+            _mapper.Map<Individual>(individual);
 
             try
             {
-                // save 
-                _Repo.Create(user, userDto.Password, true);
+                _Repo.CreatePerson(individual, PersonType.Individual, true, null);
                 return Ok();
             }
             catch (AppException ex)
             {
-                // return error message if there was an exception
-                return BadRequest(new { message = ex.Message });
+                return BadRequest(new { messge = ex.Message });
             }
         }
 
+        //Writes to DB
         [AllowAnonymous]
         [HttpPost("registeragency")]
         public IActionResult RegisterAgency([FromBody]AgencyDto agency)
@@ -108,101 +108,61 @@ namespace UnivateProperties_API.Controllers.Users
             }
         }
 
-        [HttpPut("{id}")]
-        public IActionResult Update(int id, [FromBody]UserDto userDto)
-        {
-            // map dto to entity and set id
-            var user = _mapper.Map<User>(userDto);
-            user.Id = id;
-
-            try
-            {
-                // save 
-                _Repo.Update(user, userDto.Password);
-                return Ok();
-            }
-            catch (AppException ex)
-            {
-                // return error message if there was an exception
-                return BadRequest(new { message = ex.Message });
-            }
-        }
-
-        [HttpPut("{id}")]
-        public IActionResult UpdateAgency(int id, [FromBody]UserDto userDto)
-        {
-            // map dto to entity and set id
-            var agency = _mapper.Map<Agency>(userDto);
-            agency.Id = id;
-
-            try
-            {
-                // save 
-                _Repo.UpdateAgency(agency, userDto.Password);
-                return Ok();
-            }
-            catch (AppException ex)
-            {
-                // return error message if there was an exception
-                return BadRequest(new { message = ex.Message });
-            }
-        }
-
-        [HttpGet("{id}")]
-        public IActionResult GetById(int id)
-        {
-            var user = _Repo.GetById(id);
-            var userDto = _mapper.Map<UserDto>(user);
-
-            if (user == null)
-            {
-                return NotFound();
-            }
-
-            // Only allow SuperAdmins to access other user records
-            var currentUserId = int.Parse(User.Identity.Name);
-            if (id != currentUserId && !User.IsInRole(Role.SuperAdmin))
-            {
-                return Forbid();
-            }
-
-            return Ok(userDto);
-        }
-
-        [HttpGet("{id}")]
-        public IActionResult GetByAgencyId(int id)
-        {
-            var agency = _Repo.GetByAgencyId(id);
-            var agencyDto = _mapper.Map<AgencyDto>(agency);
-
-            if (agency == null)
-            {
-                return NotFound();
-            }
-
-            var currentAgencyId = int.Parse(User.Identity.Name);
-            if (id != currentAgencyId && !User.IsInRole(Role.Agency))
-            {
-                return Forbid();
-            }
-
-            return Ok(agencyDto);
-        }
-
-        [Authorize(Roles = Role.SuperAdmin)]
-        [HttpDelete("{id}")]
-        public IActionResult Delete(User user)
-        {
-            _Repo.Delete(user.Id);
-            return Ok();
-        }
-
-        [Authorize(Roles = Role.SuperAdmin)]
-        [HttpDelete("{id}")]
-        public IActionResult DeleteAgency(Agency agency)
-        {
-            _Repo.DeleteAgency(agency.Id);
-            return Ok();
-        }
+        //[HttpGet("{id}")]
+        //public IActionResult GetById(int id)
+        //{
+        //    var user = _Repo.GetById(id);
+        //    var userDto = _mapper.Map<UserDto>(user);
+
+        //    if (user == null)
+        //    {
+        //        return NotFound();
+        //    }
+
+        //    // Only allow SuperAdmins to access other user records
+        //    var currentUserId = int.Parse(User.Identity.Name);
+        //    if (id != currentUserId && !User.IsInRole(Role.SuperAdmin))
+        //    {
+        //        return Forbid();
+        //    }
+
+        //    return Ok(userDto);
+        //}
+
+        //[HttpGet("{id}")]
+        //public IActionResult GetByAgencyId(int id)
+        //{
+        //    var agency = _Repo.GetByAgencyId(id);
+        //    var agencyDto = _mapper.Map<AgencyDto>(agency);
+
+        //    if (agency == null)
+        //    {
+        //        return NotFound();
+        //    }
+
+        //    var currentAgencyId = int.Parse(User.Identity.Name);
+        //    if (id != currentAgencyId && !User.IsInRole(Role.Agency))
+        //    {
+        //        return Forbid();
+        //    }
+
+        //    return Ok(agencyDto);
+        //}
+
+        //[Authorize(Roles = Role.SuperAdmin)]
+        //[HttpDelete("{id}")]
+        //public IActionResult Delete(User user)
+        //{
+        //    _Repo.Delete(user.Id);
+        //    return Ok();
+        //}
+
+        //[Authorize(Roles = Role.SuperAdmin)]
+        //[HttpDelete("{id}")]
+        //public IActionResult DeleteAgency(Agency agency)
+        //{
+        //    _Repo.DeleteAgency(agency.Id);
+        //    return Ok();
+        //}
     }
 }

UnivateProperties_API/Controllers/Users/UserController.cs

@@ -7,7 +7,6 @@ using UnivateProperties_API.Repository.Users;
 
 namespace User_API.Controllers
 {
-    [Authorize]
     [Route("api/[controller]")]
     [ApiController]
     public class UserController : ControllerBase

UnivateProperties_API/Helpers/AutoMapperProfile.cs

@@ -12,6 +12,10 @@ namespace UnivateProperties_API.Helpers
             CreateMap<UserDto, User>();
             CreateMap<Agency, AgencyDto>();
             CreateMap<AgencyDto, Agency>();
+            CreateMap<Individual, UserDto>();
+            CreateMap<UserDto, Individual>();
+            CreateMap<Individual, Person>();
+            CreateMap<Person, Individual>();
         }
     }
 }

UnivateProperties_API/Repository/Users/IRegisterRepository.cs

@@ -7,18 +7,16 @@ namespace UnivateProperties_API.Repository.Users
     public interface IRegisterRepository
     {
         User Authenticate(string username, string password);
+        User Create(User user, string password, bool save);
+        Agency CreateAgency(AgencyDto agency);
+        void CreatePerson(UserDto individual, PersonType personType, bool save, Agency agency);
+        void Update(User userParam, string password = null);
         IEnumerable<User> GetAllUsers();
         IEnumerable<Agency> GetAllAgencies();
         IEnumerable<Individual> GetAllIndividuals();
         User GetById(int id);
         Agency GetByAgencyId(int id);
         Individual GetByIndividualId(int id);
-        User Create(User user, string password, bool save);
-        Agency CreateAgency(AgencyDto agency);
-        void CreatePerson(UserDto individual, PersonType personType, bool save, Agency agency);
-        void Update(User user, string password = null);
-        void UpdateAgency(Agency agency, string agencyname = null);
-        void UpdatePerson(Person person, PersonType personType);
         void Delete(int id);
         void DeleteAgency(int id);
         void DeleteIndividual(int id);

UnivateProperties_API/Repository/Users/IndividualRepository.cs

@@ -76,6 +76,7 @@ namespace UnivateProperties_API.Repository.Users
             Save();
         }
 
+        //Updates in DB
         public void Update(Individual item)
         {
             _dbContext.Entry(item).State = EntityState.Modified;

UnivateProperties_API/Repository/Users/RegisterRepository.cs

@@ -150,22 +150,6 @@ namespace UnivateProperties_API.Repository.Users
             }
         }
 
-        public void UpdatePerson(Person person, PersonType personType)
-        {
-            if (personType == PersonType.Agent)
-            {
-                var item = (person as Agent);
-                _dbContext.Entry(item).State = EntityState.Modified;
-                Save();
-            }
-            else if (personType == PersonType.Individual)
-            {
-                var item = (person as Individual);
-                _dbContext.Entry(item).State = EntityState.Modified;
-                Save();
-            }
-        }
-
         public void Update(User userParam, string password = null)
         {
             var user = _dbContext.Users.Find(userParam.Id);
@@ -199,30 +183,6 @@ namespace UnivateProperties_API.Repository.Users
             _dbContext.SaveChanges();
         }
 
-        public void UpdateAgency(Agency agencyParam, string agencyname = null)
-        {
-            var agency = _dbContext.Agencies.Find(agencyParam.Id);
-
-            if (agency == null)
-                throw new AppException("Agency not found");
-
-            if (agencyParam.AgencyName != agency.AgencyName)
-            {
-                // username has changed so check if the new username is already taken
-                if (_dbContext.Agencies.Any(x => x.AgencyName == agencyParam.AgencyName))
-                    throw new AppException("AgencyName " + agencyParam.AgencyName + " is already taken");
-            }
-
-            // update user properties
-            agency.AgencyName = agencyParam.AgencyName;
-            agency.EAABEFFCNumber = agencyParam.EAABEFFCNumber;
-            agency.CompanyRegNumber = agencyParam.CompanyRegNumber;
-
-            // update password if it was entered
-            _dbContext.Agencies.Update(agency);
-            _dbContext.SaveChanges();
-        }
-
         [Authorize(Roles = Role.SuperAdmin)]
         public IEnumerable<User> GetAllUsers()
         {

UnivateProperties_API/Repository/Users/UserRepository.cs

@@ -8,6 +8,7 @@ using System.Linq;
 using System.Security.Claims;
 using System.Text;
 using UnivateProperties_API.Context;
+using UnivateProperties_API.Helpers;
 using UnivateProperties_API.Model.Users;
 
 namespace UnivateProperties_API.Repository.Users
@@ -81,10 +82,55 @@ namespace UnivateProperties_API.Repository.Users
             Save();
         }
 
-        public void Update(User item)
+        //public void Update(User item)
+        //{
+        //    _dbContext.Entry(item).State = EntityState.Modified;
+        //    Save();
+        //}
+
+        public void Update(User userParam)
         {
-            _dbContext.Entry(item).State = EntityState.Modified;
-            Save();
+            var user = _dbContext.Users.Find(userParam.Id);
+
+            if (user == null)
+                throw new AppException("User not found");
+
+            if (userParam.Username != user.Username)
+            {
+                // username has changed so check if the new username is already taken
+                if (_dbContext.Users.Any(x => x.Username == userParam.Username))
+                    throw new AppException("Username " + userParam.Username + " is already taken");
+            }
+
+            // update user properties
+            user.Name = userParam.Name;
+            user.Surname = userParam.Surname;
+            user.Username = userParam.Username;
+
+            // update password if it was entered
+            if (!string.IsNullOrWhiteSpace(userParam.PasswordHash.ToString()))
+            {
+                byte[] passwordHash, passwordSalt;
+                CreatePasswordHash(userParam.PasswordHash.ToString(), out passwordHash, out passwordSalt);
+
+                user.PasswordHash = passwordHash;
+                user.PasswordSalt = passwordSalt;
+            }
+
+            _dbContext.Users.Update(user);
+            _dbContext.SaveChanges();
+        }
+
+        private static void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt)
+        {
+            if (password == null) throw new ArgumentNullException("password");
+            if (string.IsNullOrWhiteSpace(password)) throw new ArgumentException("Value cannot be empty or whitespace only string.", "password");
+
+            using (var hmac = new System.Security.Cryptography.HMACSHA512())
+            {
+                passwordSalt = hmac.Key;
+                passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
+            }
         }
 
         public void Save()