From 96a0223fb9d01f3c6a39fa1f51b65b8508432cdd Mon Sep 17 00:00:00 2001 From: AashifAmeer Date: Sat, 15 Mar 2025 23:04:46 +0530 Subject: [PATCH 1/2] Changed claim subject to store userId --- src/Analysim.Web/Controllers/AccountController.cs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Analysim.Web/Controllers/AccountController.cs b/src/Analysim.Web/Controllers/AccountController.cs index 6a284c8..f5e68a7 100644 --- a/src/Analysim.Web/Controllers/AccountController.cs +++ b/src/Analysim.Web/Controllers/AccountController.cs @@ -620,11 +620,12 @@ public async Task Login([FromForm] AccountLoginVM formdata) { Subject = new ClaimsIdentity(new Claim[] { - new Claim(JwtRegisteredClaimNames.Sub, formdata.Username), + new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), - new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), + //new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), //new Claim(ClaimTypes.Role, roles.FirstOrDefault()), - new Claim("LoggedOn", DateTime.UtcNow.ToString()) + new Claim("LoggedOn", DateTime.UtcNow.ToString()), + new Claim(ClaimTypes.Name, formdata.Username) }), SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature), From 11ff55f72164417e13fb5ea469cd991724ca0121 Mon Sep 17 00:00:00 2001 From: AashifAmeer Date: Sun, 16 Mar 2025 00:05:44 +0530 Subject: [PATCH 2/2] Modified methods to retrieve user data by userid. --- .../Controllers/AccountController.cs | 45 +- .../Controllers/ProjectController.cs | 451 +++++++++++------- 2 files changed, 322 insertions(+), 174 deletions(-) diff --git a/src/Analysim.Web/Controllers/AccountController.cs b/src/Analysim.Web/Controllers/AccountController.cs index f5e68a7..11782af 100644 --- a/src/Analysim.Web/Controllers/AccountController.cs +++ b/src/Analysim.Web/Controllers/AccountController.cs @@ -218,8 +218,13 @@ public IActionResult Search([FromQuery(Name = "term")] List searchTerms) [HttpPost("[action]")] public async Task Follow([FromForm] AccountFollowVM formdata) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); // Find User @@ -684,8 +689,13 @@ public async Task UploadProfileImage([FromForm] AccountUploadVM f { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); // Return Bad Request Status @@ -800,8 +810,13 @@ public async Task UploadProfileImage([FromForm] AccountUploadVM f [HttpPut("[action]/{userID}")] public async Task UpdateUser([FromRoute] int userID, [FromForm] AccountUpdateVM formdata) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); // Check Model State @@ -844,8 +859,13 @@ public async Task UpdateUser([FromRoute] int userID, [FromForm] A [HttpDelete("[action]/{userID}/{followerID}")] public async Task Unfollow([FromRoute] int userID, [FromRoute] int followerID) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); // Find User @@ -983,8 +1003,13 @@ public async Task DeleteProfileImage([FromRoute] int fileID) { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); // Find File diff --git a/src/Analysim.Web/Controllers/ProjectController.cs b/src/Analysim.Web/Controllers/ProjectController.cs index f26e8b5..a6caf46 100644 --- a/src/Analysim.Web/Controllers/ProjectController.cs +++ b/src/Analysim.Web/Controllers/ProjectController.cs @@ -328,24 +328,30 @@ public async Task GetNotebookVersions([FromRoute] int notebookID) public async Task ForkProject([FromForm] ProjectForkVM formdata) { // Find User - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); // Find Project var project = await _dbContext.Projects.FindAsync(formdata.ProjectID); if (project == null) return NotFound(new { message = "Project Not Found" }); - // Check If Project Already Exist - var checkProject = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => + + // Check if the project already exists + bool projectExists = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => aup.User.Id == formdata.UserID && aup.Project.Name == project.Name && aup.UserRole == "owner")); - // If Conflict If Project Found - if (checkProject != null) return Conflict(new { message = "Project Already Exist" }); - + // If the project exists, return a conflict response + if (projectExists) return Conflict(new { message = "Project Already Exists" }); + // Create Project var newProject = new Project { @@ -423,24 +429,29 @@ await _dbContext.BlobFiles.AddAsync( public async Task ForkProjectWithoutBlob([FromForm] ProjectForkVM formdata) { // Find User - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); // Find Project var project = await _dbContext.Projects.FindAsync(formdata.ProjectID); if (project == null) return NotFound(new { message = "Project Not Found" }); - // Check If Project Already Exist - var checkProject = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => + // Check if the project already exists + bool projectExists = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => aup.User.Id == formdata.UserID && aup.Project.Name == project.Name && aup.UserRole == "owner")); - // If Conflict If Project Found - if (checkProject != null) return Conflict(new { message = "Project Already Exist" }); - + // If the project exists, return a conflict response + if (projectExists) return Conflict(new { message = "Project Already Exists" }); + // Create Project var newProject = new Project { @@ -488,21 +499,27 @@ await _dbContext.AddAsync( [HttpPost("[action]")] public async Task CreateProject([FromForm] ProjectVM formdata) { + // Find User - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); //var user = await _dbContext.Users.FindAsync(userId); if (user == null) return NotFound(new { message = "User Not Found" }); - // Check If Project Already Exist - var project = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => + // Check if the project already exists + bool projectExists = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => aup.User.Id == formdata.UserID && aup.Project.Name == formdata.Name && aup.UserRole == "owner")); - // If Conflict If Project Found - if (project != null) return Conflict(new { message = "Project Already Exist" }); + // If the project exists, return a conflict response + if (projectExists) return Conflict(new { message = "Project Already Exists" }); // Create Project var newProject = new Project @@ -640,17 +657,23 @@ await _dbContext.ProjectTags.AddRangeAsync( [HttpPost("[action]")] public async Task AddUser([FromForm] ProjectUserVM formdata) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); + if (user == null) return NotFound(new { message = "User Not Found" }); - var checkowner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => aup.User.Id == user.Id && aup.Project.ProjectID == formdata.ProjectID && aup.UserRole == "owner")); - if (checkowner == null) return Unauthorized(new { message = "You are not the owner of the project" }); - + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + // Find Tag In Database var projectUser = _dbContext.ProjectUsers.Find(formdata.UserID, formdata.ProjectID); @@ -708,16 +731,26 @@ public async Task AddUser([FromForm] ProjectUserVM formdata) [Authorize] public async Task AddTag([FromForm] ProjectTagVM formdata) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); + if (user == null) return NotFound(new { message = "User Not Found" }); - var checkowner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => + + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => aup.User.Id == user.Id && aup.Project.ProjectID == formdata.ProjectID && aup.UserRole == "owner")); - if (checkowner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) + { + return Unauthorized(new { message = "You are not the owner of the project" }); + } // Find Tag In Database Tag tag = _dbContext.Tag.SingleOrDefault(t => t.Name == formdata.TagName); @@ -771,17 +804,23 @@ public async Task UploadFile([FromForm] ProjectFileUploadVM formd { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == formdata.ProjectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == formdata.ProjectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + if (formdata.Directory == null) { formdata.Directory = ""; } @@ -880,17 +919,24 @@ public async Task UploadNotebook([FromForm] ProjectNotebookUpload try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == noteBookData.ProjectID && - aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == noteBookData.ProjectID && + aup.UserRole == "owner")); + + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + // Find Project var project = await _dbContext.Projects.FindAsync(noteBookData.ProjectID); @@ -970,17 +1016,22 @@ public async Task UploadNotebookNewVersion([FromForm] ProjectNote try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == noteBookData.ProjectID && - aup.UserRole == "owner")); - - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == noteBookData.ProjectID && + aup.UserRole == "owner")); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + // Find Project var project = await _dbContext.Projects.FindAsync(noteBookData.ProjectID); @@ -1048,17 +1099,23 @@ public async Task UploadExistingNotebook([FromForm] ExistingProje { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID ==noteBookData.ProjectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == noteBookData.ProjectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + var project = await _dbContext.Projects.FindAsync(noteBookData.ProjectID); if (project == null) return NotFound(new { message = "Project Not Found" }); @@ -1198,17 +1255,23 @@ public async Task CreateFolder([FromForm] FolderUploadProfileView { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == formdata.ProjectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == formdata.ProjectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + if (formdata.Directory == null) { formdata.Directory = ""; } @@ -1264,17 +1327,23 @@ public async Task CreateNotebookFolder([FromForm] FolderUploadPro { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == formdata.ProjectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == formdata.ProjectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + if (formdata.Directory == null) { formdata.Directory = ""; } @@ -1336,19 +1405,24 @@ public async Task AddDatasetToNotebook([FromForm] int notebookID, { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); var notebook = _dbContext.Notebook.SingleOrDefault(n => n.NotebookID == notebookID); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == notebook.ProjectID && - aup.UserRole == "owner")); - - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == notebook.ProjectID && + aup.UserRole == "owner")); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + var dataset = await _dbContext.ObservableNotebookDataset .FirstOrDefaultAsync(d => d.NotebookID == notebookID && d.BlobFileID == blobFileID); @@ -1394,17 +1468,23 @@ public async Task AddDatasetToNotebook([FromForm] int notebookID, [HttpPut("[action]/{projectID}")] public async Task UpdateProject([FromRoute] int projectID, [FromForm] ProjectVM formdata) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == projectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == projectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + // Check Model State if (!ModelState.IsValid) return BadRequest(ModelState); @@ -1458,19 +1538,25 @@ public async Task DeleteDatasetFromNotebook([FromForm] int notebo { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); var notebook = _dbContext.Notebook.SingleOrDefault(n => n.NotebookID == notebookID); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == notebook.ProjectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == notebook.ProjectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + var dataset = await _dbContext.ObservableNotebookDataset .FirstOrDefaultAsync(d => d.NotebookID == notebookID && d.BlobFileID == blobFileID); @@ -1504,17 +1590,23 @@ public async Task DeleteDatasetFromNotebook([FromForm] int notebo [HttpPut("[action]")] public async Task UpdateUser([FromForm] ProjectUserVM formdata) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == formdata.ProjectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == formdata.ProjectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); + // Find Many To Many var userRole = await _dbContext.ProjectUsers.FindAsync(formdata.UserID, formdata.ProjectID); @@ -1558,20 +1650,25 @@ public async Task UpdateUser([FromForm] ProjectUserVM formdata) [HttpPut("[action]")] public async Task RenameNotebook([FromForm] NotebookNameChangeVM notebookNameChangeVM) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); var notebookE = await _dbContext.Notebook.FindAsync(notebookNameChangeVM.NotebookID); if (notebookE == null) return NotFound(new { message = "File Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == notebookE.ProjectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == notebookE.ProjectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); Notebook notebook = await _dbContext.Notebook.FindAsync(notebookNameChangeVM.NotebookID); @@ -1602,17 +1699,22 @@ public async Task DeleteProject([FromRoute] int projectID) { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == projectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == projectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); // Check Model State if (!ModelState.IsValid) return BadRequest(ModelState); @@ -1672,17 +1774,23 @@ public async Task DeleteProject([FromRoute] int projectID) [HttpDelete("[action]/{projectID}/{userID}")] public async Task RemoveUser([FromRoute] int projectID, int userID) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == projectID && - aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == projectID && + aup.UserRole == "owner")); + + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); // Find Many To Many var projectUser = await _dbContext.ProjectUsers.FindAsync(userID, projectID); @@ -1712,17 +1820,22 @@ public async Task RemoveUser([FromRoute] int projectID, int userI [HttpDelete("[action]/{projectID}/{tagID}")] public async Task RemoveTag([FromRoute] int projectID, [FromRoute] int tagID) { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == projectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == projectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); // Find ProjectTag In Database ProjectTag projectTag = _dbContext.ProjectTags @@ -1773,20 +1886,25 @@ public async Task DeleteFile([FromRoute] int fileID, [FromRoute] { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); var blobFile = await _dbContext.BlobFiles.FindAsync(fileID); if (blobFile == null) return NotFound(new { message = "File Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == blobFile.ProjectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == blobFile.ProjectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); if (isMember) { if (blobFile.Extension != ".$$") @@ -1841,20 +1959,25 @@ public async Task DeleteNotebook([FromRoute] int notebookID, [Fro { try { - var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; - var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.UserName == username); + // Find User + var userIdClaim = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; + if (string.IsNullOrEmpty(userIdClaim) || !int.TryParse(userIdClaim, out var userId)) + { + return Unauthorized(new { message = "Invalid user identifier." }); + } + var user = await _dbContext.Users.SingleOrDefaultAsync(u => u.Id == userId); if (user == null) return NotFound(new { message = "User Not Found" }); var notebook = await _dbContext.Notebook.FindAsync(notebookID); if (notebook == null) return NotFound(new { message = "File Not Found" }); - var checkOwner = _dbContext.Projects - .SingleOrDefault(p => p.ProjectUsers.Any(aup => - aup.User.Id == user.Id && - aup.Project.ProjectID == notebook.ProjectID && - aup.UserRole == "owner")); + bool isOwner = await _dbContext.Projects + .AnyAsync(p => p.ProjectUsers.Any(aup => + aup.User.Id == user.Id && + aup.Project.ProjectID == notebook.ProjectID && + aup.UserRole == "owner")); - if (checkOwner == null) return Unauthorized(new { message = "You are not the owner of the project" }); + if (!isOwner) return Unauthorized(new { message = "You are not the owner of the project" }); if (isMember) { //await _blobService.DeleteNotebookAsync(notebook);