Beispiel #1
0
        public async Task <IActionResult> UpdateUser(string id, [FromBody] UserEditViewModel user)
        {
            User appUser = await _accountManager.GetUserByIdAsync(id);

            string[] currentRoles = appUser != null ? (await _accountManager.GetUserRolesAsync(appUser)).ToArray() : null;

            Task <AuthorizationResult> manageUsersPolicy = _authorizationService.AuthorizeAsync(User, id, AccountManagementOperations.Update);
            Task <AuthorizationResult> assignRolePolicy  = _authorizationService.AuthorizeAsync(User, (user.Roles, currentRoles), Authorization.Policies.AssignAllowedRolesPolicy);


            if ((await Task.WhenAll(manageUsersPolicy, assignRolePolicy)).Any(r => !r.Succeeded))
            {
                return(new ChallengeResult());
            }

            if (ModelState.IsValid)
            {
                if (user == null)
                {
                    return(BadRequest($"{nameof(user)} cannot be null"));
                }

                if (!string.IsNullOrWhiteSpace(user.Id) && id != user.Id)
                {
                    return(BadRequest("Conflicting user id in parameter and model data"));
                }

                if (appUser == null)
                {
                    return(NotFound(id));
                }

                bool isPasswordChanged = !string.IsNullOrWhiteSpace(user.NewPassword);
                bool isUserNameChanged = !appUser.UserName.Equals(user.UserName, StringComparison.OrdinalIgnoreCase);

                if (Utilities.GetUserId(User) == id)
                {
                    if (string.IsNullOrWhiteSpace(user.CurrentPassword))
                    {
                        if (isPasswordChanged)
                        {
                            AddError("Current password is required when changing your own password", "Password");
                        }

                        if (isUserNameChanged)
                        {
                            AddError("Current password is required when changing your own username", "Username");
                        }
                    }
                    else if (isPasswordChanged || isUserNameChanged)
                    {
                        if (!await _accountManager.CheckPasswordAsync(appUser, user.CurrentPassword))
                        {
                            AddError("The username/password couple is invalid.");
                        }
                    }
                }

                if (ModelState.IsValid)
                {
                    _mapper.Map <UserEditViewModel, User>(user, appUser);

                    (bool Succeeded, string[] Errors)result = await _accountManager.UpdateUserAsync(appUser, user.Roles);

                    if (result.Succeeded)
                    {
                        if (isPasswordChanged)
                        {
                            if (!string.IsNullOrWhiteSpace(user.CurrentPassword))
                            {
                                result = await _accountManager.UpdatePasswordAsync(appUser, user.CurrentPassword, user.NewPassword);
                            }
                            else
                            {
                                result = await _accountManager.ResetPasswordAsync(appUser, user.NewPassword);
                            }
                        }

                        if (result.Succeeded)
                        {
                            return(NoContent());
                        }
                    }

                    AddError(result.Errors);
                }
            }

            return(BadRequest(ModelState));
        }