public virtual async Task <BlogPost> CreateAsync(
[NotNull] CmsUser author,
[NotNull] Blog blog,
[NotNull] string title,
[NotNull] string slug,
[CanBeNull] string shortDescription = null,
[CanBeNull] string content = null)
{
Check.NotNull(author, nameof(author));
Check.NotNull(blog, nameof(blog));
Check.NotNullOrEmpty(title, nameof(title));
Check.NotNullOrEmpty(slug, nameof(slug));
await CheckBlogExistenceAsync(blog.Id);
var blogPost = new BlogPost(
GuidGenerator.Create(),
blog.Id,
author.Id,
title,
slug,
shortDescription,
content,
CurrentTenant.Id
);
await CheckSlugExistenceAsync(blog.Id, blogPost.Slug);
return(blogPost);
}
public async Task RemoveUserFromRolesAsync(CmsUser user, params string[] roleNames)
{
foreach (var role in roleNames)
{
await _manager.RemoveFromRoleAsync(user.Id, role);
}
}
public virtual async Task <Comment> CreateAsync([NotNull] CmsUser creator,
[NotNull] string entityType,
[NotNull] string entityId,
[NotNull] string text,
[CanBeNull] Guid?repliedCommentId = null)
{
Check.NotNull(creator, nameof(creator));
Check.NotNullOrWhiteSpace(entityType, nameof(entityType), CommentConsts.MaxEntityTypeLength);
Check.NotNullOrWhiteSpace(entityId, nameof(entityId), CommentConsts.MaxEntityIdLength);
Check.NotNullOrWhiteSpace(text, nameof(text), CommentConsts.MaxTextLength);
if (!await DefinitionStore.IsDefinedAsync(entityType))
{
throw new EntityNotCommentableException(entityType);
}
return(new Comment(
GuidGenerator.Create(),
entityType,
entityId,
text,
repliedCommentId,
creator.Id,
CurrentTenant.Id));
}
private bool IsPasswordValid(CmsUser user, string password)
{
return(SimpleHash.VerifyHash(password,
SimpleHash.Algorith.SHA512,
user.Hash
));
}
public async Task <bool> CreateAsync(UserViewModel model)
{
if (!_modelState.IsValid)
{
return(false);
}
var existingUser = await _users.GetUserByNameAsync(model.UserName);
if (existingUser != null)
{
_modelState.AddModelError(string.Empty, "The user already exists!");
return(false);
}
if (string.IsNullOrWhiteSpace(model.NewPassword))
{
_modelState.AddModelError(string.Empty, "You must type a password.");
return(false);
}
var newUser = new CmsUser
{
DisplayName = model.DisplayName,
Email = model.Email,
UserName = model.UserName
};
await _users.CreateAsync(newUser, model.NewPassword);
await _users.AddUserToRoleAsync(newUser, model.SelectedRole);
return(true);
}
public async Task <ActionResult <CmsUser> > PostUser([FromBody] CmsUser user)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
try
{
var result = await _userManager.CreateAsync(user, user.PasswordHash);
if (result == IdentityResult.Success)
{
result = await _userManager.AddToRoleAsync(user, "admin");
if (result != IdentityResult.Success)
{
return(BadRequest(result));
}
}
else
{
return(BadRequest(result));
}
user = await _userManager.FindByEmailAsync(user.Email);
return(CreatedAtAction("GetUser", new { id = user.Id }, user));
}
catch (Exception ex)
{
_loggin.LogError($"Failed to create User: {ex}");
return(BadRequest("Failed Create User"));
}
}
public async Task <Rating> SetStarAsync(CmsUser user, string entityType, string entityId, short starCount)
{
var currentUserRating = await RatingRepository.GetCurrentUserRatingAsync(entityType, entityId, user.Id);
if (currentUserRating != null)
{
currentUserRating.SetStarCount(starCount);
return(await RatingRepository.UpdateAsync(currentUserRating));
}
if (!await RatingDefinitionStore.IsDefinedAsync(entityType))
{
throw new EntityCantHaveRatingException(entityType);
}
return(await RatingRepository.InsertAsync(
new Rating(
GuidGenerator.Create(),
entityType,
entityId,
starCount,
user.Id,
CurrentTenant.Id
)
));
}
public async Task <string> GenerateJwtAsync(CmsUser user)
{
var claims = new List <Claim>
{
new(ClaimTypes.NameIdentifier, user.Id),
new(ClaimTypes.Email, user.Email),
new(ClaimTypes.Name, user.FirstName),
new(ClaimTypes.Surname, user.LastName)
};
var isAdministrator = await _userManager.IsInRoleAsync(user, CmsUserRoles.AdminRole).ConfigureAwait(false);
if (isAdministrator)
{
claims.Add(new Claim(ClaimTypes.Role, CmsUserRoles.AdminRole));
}
var token = new JwtSecurityToken(
claims: claims,
expires: DateTime.UtcNow.AddDays(7),
signingCredentials: new SigningCredentials(_appJwt.GetSymmetricSecurityKey(),
SecurityAlgorithms.HmacSha256));
var tokenHandler = new JwtSecurityTokenHandler();
var encryptedToken = tokenHandler.WriteToken(token);
return(encryptedToken);
}
public static async Task RegisterAdminAsync()
{
using (var users = new UserRepository())
{
var user = await users.GetUserByNameAsync("admin");
if (user == null)
{
var adminUser = new CmsUser
{
UserName = "******",
Email = "*****@*****.**",
DisplayName = "Administartor"
};
await users.CreateAsync(adminUser, "Passw0rd1234!");
}
}
using (var roles = new RoleRepository())
{
if (roles.GetRoleByNameAsync("admin") == null)
{
await roles.CreateAsync(new IdentityRole("admin"));
}
if (roles.GetRoleByNameAsync("editor") == null)
{
await roles.CreateAsync(new IdentityRole("editor"));
}
if (roles.GetRoleByNameAsync("author") == null)
{
await roles.CreateAsync(new IdentityRole("author"));
}
}
}
private static async Task SeedUsers(UserManager <CmsUser> userManager)
{
const string adminName = "admin";
var usr = await userManager.FindByNameAsync(adminName)
.ConfigureAwait(false);
if (usr == null)
{
var user = new CmsUser
{
UserName = adminName,
Email = "*****@*****.**",
FirstName = "admin",
LastName = "admin"
};
var result = await userManager.CreateAsync(user, "admin")
.ConfigureAwait(false);
if (result.Succeeded)
{
await userManager.AddToRoleAsync(user, CmsUserRoles.AdminRole)
.ConfigureAwait(false);
}
}
}
public static PermissionType NaviAccessMode(IDbContext db, CmsUser cmsUser, NaviNode navi)
{
PermissionType mode = PermissionType.Default;
if (cmsUser != null && cmsUser.RoleId >= RoleType.Super)
{
mode = PermissionType.Admin;
}
else if (cmsUser != null && navi != null)
{
NaviNode currentNode = navi;
while (currentNode != null)
{
NaviPermission pp = db.Set <NaviPermission>().SingleOrDefault(
e => e.User.Id == cmsUser.Id && e.Section.Id == currentNode.Id);
if (pp != null)
{
mode = pp.AccessMode;
break;
}
currentNode = currentNode.Parent;
}
}
return(mode);
}
public static PermissionType PageAccessMode(IDbContext db, CmsUser cmsUser, CmsPage page)
{
PermissionType mode = PermissionType.Default;
if (cmsUser != null && cmsUser.RoleId >= RoleType.Super)
{
//supervisor
mode = PermissionType.Admin;
}
else if (cmsUser != null && page != null)
{
PagePermission pp = db.Set <PagePermission>().SingleOrDefault(
e => e.User.Id == cmsUser.Id && e.Page.Id == page.Id);
if (pp != null)
{
mode = pp.AccessMode;
}
else
{
mode = NaviAccessMode(db, cmsUser, page.NaviNode);
}
}
// TODO: Add site specific access checking
if (CmsHelper.Site == "fratalk" && page.Type.Title == "PAGE" && mode != PermissionType.Admin)
{
return(PermissionType.Default);
}
return(mode);
}
public ActionResult Edit(CmsUser user, FormCollection forms)
{
user.Password = forms.Get("Password");
this.userService.Update(user);
TempData["SuccessResult"] = "Account information was successfully saved";
return(RedirectToAction("Edit", "Accounts", new { id = user.Id }));
}
public ActionResult Edit(CmsUser user, FormCollection forms)
{
user.Password = forms.Get("Password");
this.userService.Update(user);
TempData["SuccessResult"] = "Account information was successfully saved";
return RedirectToAction("Edit", "Accounts", new {id = user.Id});
}
public void SetUp()
{
alex = new CmsUser(){Login = "******", Password = "******"};
var userData = new Mock<IUserData>();
userData.Setup(x => x.Login("alex", "password")).Returns(alex);
UserService userService = new UserService(userData.Object);
controller = new AccountController(userService);
}
public ViewResult Manage(string id, string sectionId, string adName)
{
var allNodes = db.Set <NaviNode>().OrderBy(e => e.NodeName).ToList();
TreeBuilder tb = new TreeBuilder(allNodes);
IEnumerable <SelectListItem> sections = tb.BuildTree();
ViewBag.AccessModes = AccessModes;
IEnumerable <SelectListItem> users = db.Set <CmsUser>().OrderBy(e => e.UserName)
.ToList().Select(e => new SelectListItem
{
Value = e.AdName,
Text = e.UserName
});
ViewBag.Users = users;
//pre-selected information
if (!String.IsNullOrWhiteSpace(sectionId))
{
int sid = Convert.ToInt32(sectionId);
NaviNode n = db.Set <NaviNode>().SingleOrDefault(e => e.Id == sid);
if (n != null)
{
ViewBag.SectionId = sid;
}
}
//current user role
if (!String.IsNullOrWhiteSpace(id))
{
int pageId = Convert.ToInt32(id);
CmsPage p = db.Set <CmsPage>().SingleOrDefault(e => e.Id == pageId);
if (p != null)
{
ViewBag.SectionId = p.NaviNode.Id;
ViewBag.PageId = pageId;
}
}
if (!String.IsNullOrWhiteSpace(adName))
{
CmsUser u = db.Set <CmsUser>().SingleOrDefault(e => e.AdName == adName);
if (u != null)
{
ViewBag.AdName = adName;
}
}
ViewBag.RoleId = SecurityHelper.CurrentCmsUserRole(db);
return(View(sections));
}
public ViewResult Edit(int?id)
{
if (null != id)
{
CmsUser user = this.userService.Load(id.Value);
return(View(user));
}
return(View(new CmsUser()));
}
public CmsUserResult(CmsUser user)
{
UserID = user.UserID;
UserName = user.UserName;
FullName = string.IsNullOrEmpty(user.FullName) ? $"{user.FirstName} {user.MiddleName} {user.LastName}" : user.FullName;
Email = user.Email;
UserPrivilegeLevel = user.UserPrivilegeLevel;
}
public CmsUser Login(string userName, string password)
{
CmsUser user = userData.Login(userName, password);
if (null != user && IsPasswordValid(user, password))
{
return(user);
}
return(null);
}
private bool IsPasswordValid(string userName, string password)
{
CmsUser user = this.userService.Login(userName, password);
if (null != user)
{
return(user.IsValid);
}
return(false);
}
public static RoleType CurrentCmsUserRole(IDbContext db)
{
RoleType role = RoleType.Normal;
CmsUser cmsUser = CurrentCmsUser(db);
if (cmsUser != null)
{
role = cmsUser.RoleId;
}
return(role);
}
public void SetUp()
{
alex = new CmsUser()
{
Login = "******", Password = "******"
};
var userData = new Mock <IUserData>();
userData.Setup(x => x.Login("alex", "password")).Returns(alex);
UserService userService = new UserService(userData.Object);
controller = new AccountController(userService);
}
public static CmsUser CurrentCmsUser(IDbContext db)
{
CmsUser cmsUser = null;
if (HttpContext.Current.User != null)
{
IIdentity WinId = HttpContext.Current.User.Identity;
WindowsIdentity wi = (WindowsIdentity)WinId;
string accountName = wi.Name.ToLower();
cmsUser = db.Set <CmsUser>().SingleOrDefault(e => e.AdName == accountName);
}
return(cmsUser);
}
private static async Task EnsureUser(UserManager <CmsUser> userManager, InitialUserInfo userInfo)
{
var user = await userManager.FindByNameAsync(userInfo.UserName);
if (user == null)
{
user = new CmsUser
{
UserName = userInfo.UserName,
Email = userInfo.Email,
DisplayName = userInfo.DisplayName,
EmailConfirmed = true
};
await userManager.CreateAsync(user, userInfo.Password);
}
}
public CmsUserResult(CmsUser user)
{
UserID = user.UserID;
UserName = user.UserName;
if (string.IsNullOrEmpty(user.FullName))
{
FullName = $"{user.FirstName} {user.MiddleName} {user.LastName}";
}
else
{
FullName = user.FullName;
}
Email = user.Email;
UserPrivilegeLevel = user.UserPrivilegeLevel;
}
public async Task SeedAsync()
{
_ctx.Database.EnsureCreated();
IdentityRole role = await _roleManager.FindByNameAsync("admin");
if (role == null)
{
var roleResult = _roleManager.CreateAsync(new IdentityRole {
Id = "admin", Name = "admin", NormalizedName = "admin", ConcurrencyStamp = DateTime.Now.Ticks.ToString()
});
if (roleResult.Result != IdentityResult.Success)
{
throw new InvalidOperationException("Could not create new user role");
}
}
CmsUser user = await _userManager.FindByEmailAsync("*****@*****.**");
if (user == null)
{
user = new CmsUser
{
ApiUser = true,
Email = "*****@*****.**",
UserName = "******"
};
var result = await _userManager.CreateAsync(user, "P@ssw0rd!");
if (result == IdentityResult.Success)
{
result = await _userManager.AddToRoleAsync(user, "admin");
if (result != IdentityResult.Success)
{
throw new InvalidOperationException("Could not add user to role");
}
}
else
{
throw new InvalidOperationException("Could not create new user in seeder");
}
}
}
public static bool IsSuperUser(CmsUser cmsUser)
{
bool isSuperUser = false;
isSuperUser = cmsUser != null && cmsUser.RoleId >= RoleType.Super;
//return isSuperUser;
//if (HttpContext.Current.User != null)
//{
// IIdentity WinId = HttpContext.Current.User.Identity;
// WindowsIdentity wi = (WindowsIdentity)WinId;
// string accountName = wi.Name.ToLower();
// CmsUser cmsUser = db.CmsUsers.SingleOrDefault(e => e.Id == accountName);
// isSuperUser = cmsUser != null && cmsUser.RoleId >= 1;
//if (!isSuperUser)
//{
// //HashSet<string> groupNames = new HashSet<string>();
// if (!wi.IsAnonymous && wi.IsAuthenticated)
// {
// WindowsPrincipal user = new WindowsPrincipal(wi);
// IdentityReferenceCollection irc = wi.Groups;
// foreach (IdentityReference ir in irc)
// {
// //groupNames.Add(ir.Translate(typeof(NTAccount)).Value);
// isSuperUser = superuserSet.Contains(ir.Translate(typeof(NTAccount)).Value);
// if (isSuperUser)
// {
// break;
// }
// }
// }
//}
//}
return(isSuperUser);
}
public ViewResult UserPermissions(string u)
{
ViewBag.RoleId = SecurityHelper.CurrentCmsUserRole(db);
CmsUser user = db.Set <CmsUser>().SingleOrDefault(e => e.AdName == u);
if (user == null)
{
ViewBag.Message = "User does not exist.";
return(View("error"));
}
List <PagePermission> pp = db.Set <PagePermission>().Where(e => e.User.AdName == u).ToList();
List <NaviPermission> np = db.Set <NaviPermission>().Where(e => e.User.AdName == u).ToList();
ViewBag.Page = pp;
ViewBag.Navi = np;
ViewBag.User = user;
return(View(user));
}
private void ClearPermissions(CmsUser user)
{
List <NaviPermission> naviPermissions =
db.Set <NaviPermission>().Where(e => e.User.Id == user.Id).ToList();
foreach (NaviPermission np in naviPermissions)
{
db.Set <NaviPermission>().Remove(np);
}
List <PagePermission> PagePermissions =
db.Set <PagePermission>().Where(e => e.User.Id == user.Id).ToList();
foreach (PagePermission pp in PagePermissions)
{
db.Set <PagePermission>().Remove(pp);
}
}
[CustomeAuthorizeForAjaxAndNonAjax(Roles = "RegisterNewCMSUser")] //This method is called using ajax requests so authorize it with the custome attribute we created for the logged in users with the appropriate role.
public async Task <IActionResult> Register(RegisterViewModel model)
{
if (ModelState.IsValid)
{
//Create new user object as ApplicationUser instance, thensubmit it to AspNetUsers using UserManager.
var user = new CmsUser
{
UserName = model.Email,
Email = model.Email,
DisplayName = model.DisplayName
//AspNetUsers table has nearly 14 columns, we fill email and and password only.
//others will be filled by microsoft if requierd.
//Also, we added the column DisplayName, so we will fill it as well.
};
// Store user data in AspNetUsers database table
var result = await _userManager.CreateAsync(user, model.Password);
//this will create a user, and assign true to "result" if creation is successful.
//if creation is not successful, "result" will contain Errors array and description for each one.
// If user is successfully created, sign-in the user using:
if (result.Succeeded)
{
//After the successfull Create or Edit, we do not return a view because we already did the Create or Edit using Ajax request,
//which means we did not reload the page, so return the _ViewAll.cshtml which has the html table, return it as serialized html in json file, to be rendered in Index.cshtml as a partial view:
return(Json(new { isValid = true, html = SerializeHtmlElemtnsToString.RenderRazorViewToString(this, "_ViewAll", _userManager.Users) }));
//return NotFound();
}
//If result is not success, If there are any errors, add them to the ModelState object
// which will be displayed by the validation summary tag helper
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
return(Json(new { isValid = false, html = SerializeHtmlElemtnsToString.RenderRazorViewToString(this, "Register", model) }));
}
//if the model submitted is not valid according to the Attriburtes in [] in the model file in Models folder:
return(Json(new { isValid = false, html = SerializeHtmlElemtnsToString.RenderRazorViewToString(this, "Register", model) }));
}
public ViewResult SingleUser(string username, string start, string end)
{
DateTime sDate = Convert.ToDateTime(start);
DateTime eDate = Convert.ToDateTime(end);
CmsUser user = _userRepo.GetAll().Single(e => e.AdName == username);
var publishPages = _verPageRepo.GetAll()
.Where(e => e.Published.CompareTo(sDate) >= 0 &&
e.Published.CompareTo(eDate) < 0 && e.PublishedBy == user.AdName)
.Select(e => e.Title + ", " + e.Published).ToList();
var createPages = _pageRepo.GetAll()
.Where(e => e.Created.CompareTo(sDate) >= 0 &&
e.Created.CompareTo(eDate) < 0 && e.CreatedBy == user.AdName)
.Select(e => e.Title + ", " + e.Created).ToList();
ViewBag.UserName = user.UserName;
ViewBag.PublishPages = publishPages;
ViewBag.CreatePages = createPages;
return(View());
}
public static void RegisterAdmin()
{
using (var context = new CmsContext())
using (var userStore = new UserStore <CmsUser>(context))
using (var userManager = new UserManager <CmsUser>(userStore))
{
var user = userStore.FindByNameAsync("admin").Result;
if (user == null)
{
var adminUser = new CmsUser
{
UserName = "******",
Email = "*****@*****.**",
DisplayName = "Administrator"
};
userManager.Create(adminUser, "Passw0rd1234");
}
}
}
public void Save(CmsUser user)
{
base.Save(user);
}
