public async Task <User> RegisterUser(RegisterUserModel model)
{
if (!await registerUserPolicy.IsValid(model))
{
throw new PolicyViolationException(registerUserPolicy.PolicyViolations);
}
model.Password = "******";
var salt = encrypter.GenerateSalt();
var hashedPassword = encrypter.GenerateHash(model.Password, salt);
var user = dbContext.Users.Add(new User(userInfoProvider.Username)
{
CreatedBy = userInfoProvider.Username,
LastModifiedBy = userInfoProvider.Username,
Firstname = model.Firstname,
Lastname = model.Lastname,
Username = model.Username,
ResetPasswordOnNextLogin = true,
PasswordHash = model.IsAdUser ? null : hashedPassword,
Salt = salt,
IsActiveDirectoryUser = model.IsAdUser,
Email = model.Email
});
CreateRoles(model.Roles, user.Entity);
await dbContext.SaveChangesAsync();
return(user.Entity);
}
public async Task <PasswordResetRequestResponseModel> RequestPasswordReset(PasswordResetRequestModel model)
{
if (!await requestPasswordResetPolicy.IsValid(model))
{
throw new PolicyViolationException(requestPasswordResetPolicy.PolicyViolations);
}
var user = await dbContext
.Users
.Where(n => n.Username.Trim().ToUpper() == model.Username.Trim().ToUpper())
.FirstAsync();
//Expire Old Password Reset Requests
var existingRequests = await dbContext.PasswordResetRequests.Where(n => n.UserId == user.UserId && n.IsActive).ToListAsync();
foreach (var existingRequest in existingRequests)
{
existingRequest.IsActive = false;
}
//Generate New Request
var resetRequest = new PasswordResetRequest(user.UserId);
dbContext.PasswordResetRequests.Add(resetRequest);
await dbContext.SaveChangesAsync();
var email = this.commsService.GetBaseEmail();
email.Subject = "JonkerBudgetCore.Api - Password Reset";
email.IsBodyHtml = true;
email.Body = $@"<style type=""text / css"">
p {{
font-family: ""sans-serif"";
font-size: 15px;
}}
</style>
<p>
Hi {user.Firstname},<br />
<br />
A password reset has been requested for your account ({user.Username}) on JonkerBudgetCore.Api ({websiteConfiguration.BaseAddress}).<br />
If you did not request a password reset or believe this is in error, please contact the administrator immediately.<br />
<br />
To reset your password, please click the following link:<br />
<a href=""{websiteConfiguration.BaseAddress}/reset-password/{resetRequest.UserId}/{resetRequest.Token}"">Reset My Password</a> <br />
<br />
Regards, <br />
JonkerBudgetCore.Api<br />
</p>";
email.To = user.Email;
var emailResult = await this.commsService.SendEmail(email);
return(new PasswordResetRequestResponseModel()
{
EmailAddress = user.Email
});
}
public async Task <bool> IsValid(RegisterUserModel model)
{
policyViolations = new List <PolicyViolation>();
if (!await usernamePolicy.IsValid(new UsernameModel {
Username = model.Username
}))
{
policyViolations.AddRange(usernamePolicy.PolicyViolations);
}
return(!(policyViolations?.Count > 0));
}
public async Task <ResetPasswordResponseModel> ResetPassword(ResetPasswordModel model)
{
if (!await resetPasswordPolicy.IsValid(model))
{
throw new PolicyViolationException(resetPasswordPolicy.PolicyViolations);
}
var passwordModel = new PasswordModel()
{
Password = model.Password
};
if (!await passwordPolicy.IsValid(passwordModel))
{
throw new PolicyViolationException(passwordPolicy.PolicyViolations);
}
var user = await dbContext
.Users
.Where(n => n.UserId == model.UserId)
.FirstAsync();
var resetRequest = await dbContext
.PasswordResetRequests
.Where(n => n.UserId == user.UserId)
.OrderByDescending(n => n.DateTimeIn)
.FirstOrDefaultAsync();
resetRequest.IsActive = false;
resetRequest.PasswordResetTime = DateTime.Now;
IEncrypter encrypter = new Encrypter();
user.PasswordHash = encrypter.GenerateHash(model.Password, user.Salt);
user.LockoutExpiryDate = null;
user.FailedLoginAttempts = 0;
user.ResetPasswordOnNextLogin = false;
await dbContext.SaveChangesAsync();
return(new ResetPasswordResponseModel()
{
Username = user.Username
});
}
public async Task <User> RegisterDomainUser(RegisterDomainUserModel model)
{
if (!await registerDomainUserPolicy.IsValid(model))
{
throw new PolicyViolationException(registerDomainUserPolicy.PolicyViolations);
}
var user = dbContext.Users.Add(new User(userInfoProvider.Username)
{
CreatedBy = userInfoProvider.Username,
LastModifiedBy = userInfoProvider.Username,
Username = model.Username,
IsActiveDirectoryUser = true
});
CreateRoles(model.Roles, user.Entity);
await dbContext.SaveChangesAsync();
return(user.Entity);
}
public async Task <User> UpdateUser(UpdateUserModel model)
{
if (!await updateUserPolicy.IsValid(model))
{
throw new PolicyViolationException(updateUserPolicy.PolicyViolations);
}
var userToUpdate = dbContext.Users.Include("UserRoles").First(match => match.UserId == model.UserId);
userToUpdate.LastModifiedBy = userInfoProvider.Username;
userToUpdate.LastModifiedDateUtc = DateTime.UtcNow;
userToUpdate.Firstname = model.Firstname;
userToUpdate.Lastname = model.Lastname;
userToUpdate.Username = model.Username;
userToUpdate.ResetPasswordOnNextLogin = true;
userToUpdate.IsActiveDirectoryUser = model.IsAdUser;
userToUpdate.Email = model.Email;
UpdateRoles(model.Roles, userToUpdate);
await dbContext.SaveChangesAsync();
return(userToUpdate);
}
