Username added to JWT; Promotion to Admin fixed

4 files changed, 192 insertions, 129 deletions

diff --git a/src/DevHive.Services/Services/CommentService.cs b/src/DevHive.Services/Services/CommentService.cs
new file mode 100644
index 0000000..e0eb88a
--- /dev/null
+++ b/src/DevHive.Services/Services/CommentService.cs
@@ -0,0 +1,156 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using AutoMapper;
+using DevHive.Data.Models;
+using DevHive.Services.Models.Comment;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using DevHive.Services.Interfaces;
+using DevHive.Data.Interfaces.Repositories;
+using System.Linq;
+
+namespace DevHive.Services.Services
+{
+    public class CommentService : ICommentService
+	{
+		private readonly IUserRepository _userRepository;
+		private readonly IPostRepository _postRepository;
+		private readonly ICommentRepository _commentRepository;
+		private readonly IMapper _postMapper;
+
+		public CommentService(IUserRepository userRepository, IPostRepository postRepository, ICommentRepository commentRepository, IMapper postMapper)
+		{
+			this._userRepository = userRepository;
+			this._postRepository = postRepository;
+			this._commentRepository = commentRepository;
+			this._postMapper = postMapper;
+		}
+
+		#region Create
+		public async Task<Guid> AddComment(CreateCommentServiceModel createCommentServiceModel)
+		{
+			if (!await this._postRepository.DoesPostExist(createCommentServiceModel.PostId))
+				throw new ArgumentException("Post does not exist!");
+
+			Comment comment = this._postMapper.Map<Comment>(createCommentServiceModel);
+			comment.TimeCreated = DateTime.Now;
+
+			comment.Creator = await this._userRepository.GetByIdAsync(createCommentServiceModel.CreatorId);
+			comment.Post = await this._postRepository.GetByIdAsync(createCommentServiceModel.PostId);
+
+			bool success = await this._commentRepository.AddAsync(comment);
+			if (success)
+			{
+				Comment newComment = await this._commentRepository
+					.GetCommentByIssuerAndTimeCreatedAsync(comment.Creator.Id, comment.TimeCreated);
+
+				return newComment.Id;
+			}
+			else
+				return Guid.Empty;
+		}
+		#endregion
+
+		#region Read
+		public async Task<ReadCommentServiceModel> GetCommentById(Guid id)
+		{
+			Comment comment = await this._commentRepository.GetByIdAsync(id) ??
+				throw new ArgumentException("The comment does not exist");
+
+			User user = await this._userRepository.GetByIdAsync(comment.Creator.Id) ??
+				throw new ArgumentException("The user does not exist");
+
+			ReadCommentServiceModel readCommentServiceModel = this._postMapper.Map<ReadCommentServiceModel>(comment);
+			readCommentServiceModel.IssuerFirstName = user.FirstName;
+			readCommentServiceModel.IssuerLastName = user.LastName;
+			readCommentServiceModel.IssuerUsername = user.UserName;
+
+			return readCommentServiceModel;
+		}
+		#endregion
+
+		#region Update
+		public async Task<Guid> UpdateComment(UpdateCommentServiceModel updateCommentServiceModel)
+		{
+			if (!await this._commentRepository.DoesCommentExist(updateCommentServiceModel.CommentId))
+				throw new ArgumentException("Comment does not exist!");
+
+			Comment comment = this._postMapper.Map<Comment>(updateCommentServiceModel);
+			comment.TimeCreated = DateTime.Now;
+
+			comment.Creator = await this._userRepository.GetByIdAsync(updateCommentServiceModel.CreatorId);
+			comment.Post = await this._postRepository.GetByIdAsync(updateCommentServiceModel.PostId);
+
+			bool result = await this._commentRepository.EditAsync(updateCommentServiceModel.CommentId, comment);
+
+			if (result)
+				return (await this._commentRepository.GetByIdAsync(updateCommentServiceModel.CommentId)).Id;
+			else
+				return Guid.Empty;
+		}
+		#endregion
+
+		#region Delete
+		public async Task<bool> DeleteComment(Guid id)
+		{
+			if (!await this._commentRepository.DoesCommentExist(id))
+				throw new ArgumentException("Comment does not exist!");
+
+			Comment comment = await this._commentRepository.GetByIdAsync(id);
+			return await this._commentRepository.DeleteAsync(comment);
+		}
+		#endregion
+
+		#region Validations
+		public async Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData)
+		{
+			User user = await this.GetUserForValidation(rawTokenData);
+
+			return user.Id == userId;
+		}
+
+		public async Task<bool> ValidateJwtForComment(Guid commentId, string rawTokenData)
+		{
+			Comment comment = await this._commentRepository.GetByIdAsync(commentId) ??
+				throw new ArgumentException("Comment does not exist!");
+			User user = await this.GetUserForValidation(rawTokenData);
+
+			//If user made the comment
+			if (comment.Creator.Id == user.Id)
+				return true;
+			//If user is admin
+			else if (user.Roles.Any(x => x.Name == Role.AdminRole))
+				return true;
+			else
+				return false;
+		}
+
+		private async Task<User> GetUserForValidation(string rawTokenData)
+		{
+			JwtSecurityToken jwt = new JwtSecurityTokenHandler().ReadJwtToken(rawTokenData.Remove(0, 7));
+
+			Guid jwtUserId = Guid.Parse(this.GetClaimTypeValues("ID", jwt.Claims).First());
+			//HashSet<string> jwtRoleNames = this.GetClaimTypeValues("role", jwt.Claims);
+
+			User user = await this._userRepository.GetByIdAsync(jwtUserId) ??
+				throw new ArgumentException("User does not exist!");
+
+			return user;
+		}
+
+
+		private List<string> GetClaimTypeValues(string type, IEnumerable<Claim> claims)
+		{
+			List<string> toReturn = new();
+
+			foreach (var claim in claims)
+				if (claim.Type == type)
+					toReturn.Add(claim.Value);
+
+			return toReturn;
+		}
+		#endregion
+	}
+}
+
diff --git a/src/DevHive.Services/Services/FeedService.cs b/src/DevHive.Services/Services/FeedService.cs
index c17861d..37d653c 100644
--- a/src/DevHive.Services/Services/FeedService.cs
+++ b/src/DevHive.Services/Services/FeedService.cs
@@ -7,7 +7,7 @@ using DevHive.Data.Interfaces.Repositories;
 using DevHive.Data.Models;
 using DevHive.Services.Interfaces;
 using DevHive.Services.Models;
-using DevHive.Services.Models.Post.Post;
+using DevHive.Services.Models.Post;
 
 namespace DevHive.Services.Services
 {
@@ -54,5 +54,29 @@ namespace DevHive.Services.Services
 
 			return readPageServiceModel;
 		}
+
+		public async Task<ReadPageServiceModel> GetUserPage(GetPageServiceModel model) {
+			User user = null;
+
+			if (!string.IsNullOrEmpty(model.Username))
+				user = await this._userRepository.GetByUsernameAsync(model.Username);
+			else
+				throw new ArgumentException("Invalid given data!");
+
+			if (user == null)
+				throw new ArgumentException("User doesn't exist!");
+
+			List<Post> posts = await this._feedRepository
+				.GetUsersPosts(user, model.FirstRequestIssued, model.PageNumber, model.PageSize);
+
+			if (posts.Count <= 0)
+				throw new ArgumentException("User hasn't posted anything yet!");
+
+			ReadPageServiceModel readPageServiceModel = new();
+			foreach (Post post in posts)
+				readPageServiceModel.Posts.Add(this._mapper.Map<ReadPostServiceModel>(post));
+
+			return readPageServiceModel;
+		}
 	}
 }
diff --git a/src/DevHive.Services/Services/PostService.cs b/src/DevHive.Services/Services/PostService.cs
index 7ce7b58..0eaac94 100644
--- a/src/DevHive.Services/Services/PostService.cs
+++ b/src/DevHive.Services/Services/PostService.cs
@@ -3,8 +3,7 @@ using System.Collections.Generic;
 using System.Threading.Tasks;
 using AutoMapper;
 using DevHive.Data.Models;
-using DevHive.Services.Models.Post.Comment;
-using DevHive.Services.Models.Post.Post;
+using DevHive.Services.Models.Post;
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using DevHive.Services.Interfaces;
@@ -13,7 +12,7 @@ using System.Linq;
 
 namespace DevHive.Services.Services
 {
-	public class PostService : IPostService
+    public class PostService : IPostService
 	{
 		private readonly ICloudService _cloudService;
 		private readonly IUserRepository _userRepository;
@@ -55,29 +54,6 @@ namespace DevHive.Services.Services
 			else
 				return Guid.Empty;
 		}
-
-		public async Task<Guid> AddComment(CreateCommentServiceModel createCommentServiceModel)
-		{
-			if (!await this._postRepository.DoesPostExist(createCommentServiceModel.PostId))
-				throw new ArgumentException("Post does not exist!");
-
-			Comment comment = this._postMapper.Map<Comment>(createCommentServiceModel);
-			comment.TimeCreated = DateTime.Now;
-
-			comment.Creator = await this._userRepository.GetByIdAsync(createCommentServiceModel.CreatorId);
-			comment.Post = await this._postRepository.GetByIdAsync(createCommentServiceModel.PostId);
-
-			bool success = await this._commentRepository.AddAsync(comment);
-			if (success)
-			{
-				Comment newComment = await this._commentRepository
-					.GetCommentByIssuerAndTimeCreatedAsync(comment.Creator.Id, comment.TimeCreated);
-
-				return newComment.Id;
-			}
-			else
-				return Guid.Empty;
-		}
 		#endregion
 
 		#region Read
@@ -96,22 +72,6 @@ namespace DevHive.Services.Services
 
 			return readPostServiceModel;
 		}
-
-		public async Task<ReadCommentServiceModel> GetCommentById(Guid id)
-		{
-			Comment comment = await this._commentRepository.GetByIdAsync(id) ??
-				throw new ArgumentException("The comment does not exist");
-
-			User user = await this._userRepository.GetByIdAsync(comment.Creator.Id) ??
-				throw new ArgumentException("The user does not exist");
-
-			ReadCommentServiceModel readCommentServiceModel = this._postMapper.Map<ReadCommentServiceModel>(comment);
-			readCommentServiceModel.IssuerFirstName = user.FirstName;
-			readCommentServiceModel.IssuerLastName = user.LastName;
-			readCommentServiceModel.IssuerUsername = user.UserName;
-
-			return readCommentServiceModel;
-		}
 		#endregion
 
 		#region Update
@@ -146,25 +106,6 @@ namespace DevHive.Services.Services
 			else
 				return Guid.Empty;
 		}
-
-		public async Task<Guid> UpdateComment(UpdateCommentServiceModel updateCommentServiceModel)
-		{
-			if (!await this._commentRepository.DoesCommentExist(updateCommentServiceModel.CommentId))
-				throw new ArgumentException("Comment does not exist!");
-
-			Comment comment = this._postMapper.Map<Comment>(updateCommentServiceModel);
-			comment.TimeCreated = DateTime.Now;
-
-			comment.Creator = await this._userRepository.GetByIdAsync(updateCommentServiceModel.CreatorId);
-			comment.Post = await this._postRepository.GetByIdAsync(updateCommentServiceModel.PostId);
-
-			bool result = await this._commentRepository.EditAsync(updateCommentServiceModel.CommentId, comment);
-
-			if (result)
-				return (await this._commentRepository.GetByIdAsync(updateCommentServiceModel.CommentId)).Id;
-			else
-				return Guid.Empty;
-		}
 		#endregion
 
 		#region Delete
@@ -185,15 +126,6 @@ namespace DevHive.Services.Services
 
 			return await this._postRepository.DeleteAsync(post);
 		}
-
-		public async Task<bool> DeleteComment(Guid id)
-		{
-			if (!await this._commentRepository.DoesCommentExist(id))
-				throw new ArgumentException("Comment does not exist!");
-
-			Comment comment = await this._commentRepository.GetByIdAsync(id);
-			return await this._commentRepository.DeleteAsync(comment);
-		}
 		#endregion
 
 		#region Validations
diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs
index ea53f1a..c2c42e0 100644
--- a/src/DevHive.Services/Services/UserService.cs
+++ b/src/DevHive.Services/Services/UserService.cs
@@ -53,7 +53,7 @@ namespace DevHive.Services.Services
 			if (user.PasswordHash != PasswordModifications.GeneratePasswordHash(loginModel.Password))
 				throw new ArgumentException("Incorrect password!");
 
-			return new TokenModel(WriteJWTSecurityToken(user.Id, user.Roles));
+			return new TokenModel(WriteJWTSecurityToken(user.Id, user.UserName, user.Roles));
 		}
 
 		public async Task<TokenModel> RegisterUser(RegisterServiceModel registerModel)
@@ -78,7 +78,7 @@ namespace DevHive.Services.Services
 
 			await this._userRepository.AddAsync(user);
 
-			return new TokenModel(WriteJWTSecurityToken(user.Id, user.Roles));
+			return new TokenModel(WriteJWTSecurityToken(user.Id, user.UserName, user.Roles));
 		}
 		#endregion
 
@@ -107,8 +107,6 @@ namespace DevHive.Services.Services
 		{
 			await this.ValidateUserOnUpdate(updateUserServiceModel);
 
-			await this.ValidateUserCollections(updateUserServiceModel);
-
 			User user = await this.PopulateModel(updateUserServiceModel);
 
 			bool successful = await this._userRepository.EditAsync(updateUserServiceModel.Id, user);
@@ -190,62 +188,13 @@ namespace DevHive.Services.Services
 				throw new ArgumentException("Username already exists!");
 		}
 
-		private async Task ValidateUserCollections(UpdateUserServiceModel updateUserServiceModel)
-		{
-			//Do NOT allow a user to change his roles, unless he is an Admin
-			bool isAdmin = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id))
-				.Roles.Any(r => r.Name == Role.AdminRole);
-
-			if (isAdmin)
-			{
-				// Roles
-				foreach (var role in updateUserServiceModel.Roles)
-				{
-					Role returnedRole = await this._roleRepository.GetByNameAsync(role.Name) ??
-						throw new ArgumentException($"Role {role.Name} does not exist!");
-				}
-			}
-			//Preserve original user roles
-			else
-			{
-				HashSet<Role> roles = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id)).Roles;
-
-				foreach (var role in roles)
-				{
-					Role returnedRole = await this._roleRepository.GetByNameAsync(role.Name) ??
-						throw new ArgumentException($"Role {role.Name} does not exist!");
-				}
-			}
-
-			// Friends
-			foreach (var friend in updateUserServiceModel.Friends)
-			{
-				User returnedFriend = await this._userRepository.GetByUsernameAsync(friend.UserName) ??
-					throw new ArgumentException($"User {friend.UserName} does not exist!");
-			}
-
-			// Languages
-			foreach (var language in updateUserServiceModel.Languages)
-			{
-				Language returnedLanguage = await this._languageRepository.GetByNameAsync(language.Name) ??
-					throw new ArgumentException($"Language {language.Name} does not exist!");
-			}
-
-			// Technology
-			foreach (var technology in updateUserServiceModel.Technologies)
-			{
-				Technology returnedTechnology = await this._technologyRepository.GetByNameAsync(technology.Name) ??
-					throw new ArgumentException($"Technology {technology.Name} does not exist!");
-			}
-		}
-
-		private string WriteJWTSecurityToken(Guid userId, HashSet<Role> roles)
+		private string WriteJWTSecurityToken(Guid userId, string username, HashSet<Role> roles)
 		{
 			byte[] signingKey = Encoding.ASCII.GetBytes(_jwtOptions.Secret);
-
 			HashSet<Claim> claims = new()
 			{
 				new Claim("ID", $"{userId}"),
+				new Claim("Username", username),
 			};
 
 			foreach (var role in roles)
@@ -269,12 +218,12 @@ namespace DevHive.Services.Services
 		#endregion
 
 		#region Misc
-		public async Task<Guid> SuperSecretPromotionToAdmin(Guid userId)
+		public async Task<TokenModel> SuperSecretPromotionToAdmin(Guid userId)
 		{
 			User user = await this._userRepository.GetByIdAsync(userId) ??
 				throw new ArgumentException("User does not exist! Can't promote shit in this country...");
 
-			if (!await this._roleRepository.DoesNameExist("Admin"))
+			if (!await this._roleRepository.DoesNameExist(Role.AdminRole))
 			{
 				Role adminRole = new()
 				{
@@ -290,7 +239,9 @@ namespace DevHive.Services.Services
 			user.Roles.Add(admin);
 			await this._userRepository.EditAsync(user.Id, user);
 
-			return admin.Id;
+			User newUser = await this._userRepository.GetByIdAsync(userId);
+
+			return new TokenModel(WriteJWTSecurityToken(newUser.Id, newUser.UserName, newUser.Roles);
 		}
 
 		private async Task<User> PopulateModel(UpdateUserServiceModel updateUserServiceModel)