INBOUND_SEND_API/DB/SP's/PROC_REMIT_INBOUND_LOGIN.sql

GO
use FastMoneyPro_Remit;

GO
CREATE OR ALTER PROC PROC_REMIT_INBOUND_LOGIN
(
	@Flag VARCHAR(20)
	, @UserName VARCHAR(80) = NULL
	, @Password VARCHAR(120) = NULL
	, @AgentId INT = NULL
	, @IpAddress VARCHAR(20) = NULL
	, @SessionIdentifier VARCHAR(40) = NULL
	, @ExpiresIn INT = NULL
)
AS;
SET NOCOUNT ON;
SET XACT_ABORT ON;
BEGIN TRY
	IF @Flag = 'LOGIN'
	BEGIN
		DECLARE @ErrorMsg VARCHAR(MAX) = NULL
		DECLARE @UserId INT, @UserActive CHAR(1), @LoginPwd VARCHAR(120), @LoginUserAgtId INT, @EmpId INT, @IsLocked CHAR(1), @LoginTime DATETIME
					, @LastLoginTs DATETIME, @AgentActiveStatus CHAR(1), @ForceChangePwd CHAR(1), @InvalidPwdCount TINYINT, @LockUserDays INT

		DECLARE @AttemptsCount INT
		SELECT TOP 1 @AttemptsCount = loginAttemptCount
				, @LockUserDays = ISNULL(lockUserDays,30) 
		FROM passwordFormat WITH(NOLOCK)

		SELECT 
			 @UserId	= userId
			,@UserActive	= ISNULL(au.isActive, 'N')
			,@LoginPwd	= pwd
			,@LoginUserAgtId	= au.agentId
			,@EmpId	= employeeId
			,@IsLocked	= ISNULL(isLocked, 'N')
			,@LoginTime	= loginTime
			,@LastLoginTs	= lastLoginTs
			,@AgentActiveStatus	= ISNULL(am.isActive, 'N')
			,@ForceChangePwd	= au.forceChangePwd
			,@InvalidPwdCount	= ISNULL(AU.wrongPwdCount, 0)
		FROM applicationUsers au WITH(NOLOCK)
		INNER JOIN agentMaster am WITH(NOLOCK) ON au.agentId = am.agentId
		WHERE userName = @UserName and ISNULL(au.isDeleted, 'N') = 'N'

		IF ISNULL(@InvalidPwdCount, 0) > @AttemptsCount
		BEGIN
			UPDATE applicationUsers SET 
				 wrongPwdCount	= ISNULL(wrongPwdCount, 0) + 1
			WHERE userId = @userId

			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'You are locked due to Continious Invalid login attempts. Please, contact your administrator.', @Id = NULL;
			RETURN;
		END
		IF @UserId IS NULL
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Login fails, Incorrect user name or password.', @Id = NULL;
			RETURN;
		END
		IF @UserActive = 'N'
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'User is not active.', @Id = NULL;
			RETURN;
		END 
		IF @AgentActiveStatus = 'N'
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Your account is blocked.', @Id = NULL;
			RETURN;
		END
		IF (@LoginPwd <> ISNULL(dbo.FNAEncryptString(@Password), ''))
		BEGIN
			UPDATE applicationUsers SET 
				 wrongPwdCount	= ISNULL(wrongPwdCount, 0) + 1
			WHERE userId = @userId

			SET @InvalidPwdCount += 1
			IF @InvalidPwdCount < @AttemptsCount
			BEGIN
				SET @ErrorMsg = 'Login fails, Incorrect user name or password, attempts left: ' + CAST((@AttemptsCount - @InvalidPwdCount) AS VARCHAR)

				EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Your account is blocked.', @Id = NULL;
				RETURN;	
			END
		END
		IF ISNULL(@InvalidPwdCount, 0) >= @AttemptsCount
		BEGIN
			UPDATE applicationUsers SET 
					isLocked		= 'Y'
					,lastLoginTs	= GETDATE()
					,wrongPwdCount	= ISNULL(wrongPwdCount, 0) + 1
			WHERE userId = @userId

			INSERT INTO userLockHistory(username, lockReason, createdBy, createdDate)
			SELECT @userName, 'Your account has been locked due to Invalid login attempts', 'system', GETDATE()

			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Your account is blocked.', @Id = NULL;
			RETURN;	
		END
		IF (@AgentId <> ISNULL(@LoginUserAgtId, -1))
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Invalid Agent Id.', @Id = NULL;
			RETURN;	
		END
		IF(@isLocked = 'Y')
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Your account has been locked. Please, contact your administrator.', @Id = NULL;
			RETURN;
		END
		IF(DATEDIFF(DAY, @LastLoginTs, GETDATE()) >= @LockUserDays)
		BEGIN
			UPDATE applicationUsers SET 
				 isLocked		= 'Y'
				,lastLoginTs	= GETDATE()
			WHERE userId = @userId

			INSERT INTO userLockHistory(username, lockReason, createdBy, createdDate)
			SELECT @userName, 'Your account has been locked due to not login for fix period.', 'system', GETDATE()

			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Your account has been locked due to not login for fix period.', @Id = NULL;
			RETURN;
		END

		UPDATE applicationUsers SET	
			 lastLoginTs = GETDATE()
		WHERE userId = @userId

		UPDATE TBL_USER_SESSION SET IsExpired = 1 WHERE UserId = @userId

		INSERT INTO TBL_USER_SESSION(UserId, SessionIdentifier, IpAddress, ExpiryDate)
		SELECT @userId, @SessionIdentifier, @IpAddress, DATEADD(MINUTE, @ExpiresIn, GETDATE())

		EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 100, @ErrorMessage = 'Success.', @Id = @userId, @Extra = NULL;
	END
	ELSE IF @Flag = 'APPID'
	BEGIN
		DECLARE @AppId VARCHAR(50), @SecretKey VARCHAR(50)
		SELECT @AppId = AppId, @SecretKey = APISecretKey
		FROM TBL_API_SECRET_KEY AK(NOLOCK)
		INNER JOIN applicationUsers AU(NOLOCK) ON AU.userId = AK.UserId
		WHERE au.UserName = @UserName
		AND Status = 1

		IF ISNULL(@AppId, '') = ''
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Invalid auth key, contact HO.', @Id = NULL;
			RETURN;
		END

		EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 100, @ErrorMessage = 'Success.', @Id = @AppId, @Extra = @SecretKey;
	END
	ELSE IF @Flag = 'CHECK-AUTH'
	BEGIN
		SELECT 
			 @UserId	= userId
			,@UserActive	= ISNULL(au.isActive, 'N')
			,@LoginUserAgtId	= au.agentId
			,@EmpId	= employeeId
			,@IsLocked	= ISNULL(isLocked, 'N')
			,@AgentActiveStatus	= ISNULL(am.isActive, 'N')
		FROM applicationUsers au WITH(NOLOCK)
		INNER JOIN agentMaster am WITH(NOLOCK) ON au.agentId = am.agentId
		WHERE userName = @UserName and ISNULL(au.isDeleted, 'N') = 'N'

		IF @UserId IS NULL
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Login fails, Incorrect user name or password.', @Id = NULL;
			RETURN;
		END
		IF @UserActive = 'N'
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'User is not active.', @Id = NULL;
			RETURN;
		END 
		IF @AgentActiveStatus = 'N'
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Your account is blocked.', @Id = NULL;
			RETURN;
		END
		IF (@AgentId <> ISNULL(@LoginUserAgtId, -1))
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Invalid Agent Id.', @Id = NULL;
			RETURN;	
		END
		IF(@isLocked = 'Y')
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Your account has been locked. Please, contact your administrator.', @Id = NULL;
			RETURN;
		END

		IF NOT EXISTS(SELECT 'X' FROM TBL_USER_SESSION (NOLOCK) WHERE UserId = @UserId AND IsExpired = 0 AND SessionIdentifier = @SessionIdentifier)
		BEGIN
			EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = 'Invalid or inactive Session.', @Id = NULL;
			RETURN;
		END

		EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 100, @ErrorMessage = 'Success.', @Id = @userId, @Extra = NULL;
	END
END TRY
BEGIN CATCH
	IF @@TRANCOUNT>0    
		ROLLBACK TRANSACTION
	
	SET @ErrorMsg = 'Exception executing SP: ' + ERROR_MESSAGE()
	EXEC SW_PROC_ERROR_HANDLER @ErrorCode = 101, @ErrorMessage = @ErrorMsg, @Id = NULL;
END CATCH