public async Task SendPin([FromBody] SendPinRequest request)
{
OpContext.WebContext.MarkConfidential();
OpContext.ThrowIfNull(request, ClientFaultCodes.ContentMissing, "SendPinRequest", "Pin request object must be provided.");
OpContext.ValidateNotEmpty(request.ProcessToken, "ProcessToken", "Process token should be provided.");
OpContext.ValidateNotEmpty(request.Factor, "Factor", "Factor (email or phone) should be provided.");
OpContext.ThrowValidation();
var session = OpContext.OpenSession();
var process = GetActiveProcess(session, request.ProcessToken, confirmedOnly: false);
if (process == null)
{
return; //no indication process exist or not
}
OpContext.ThrowIf(process.CurrentFactor != null, ClientFaultCodes.InvalidAction, "token", "The previous process step is not completed.");
var iFactor = ProcessService.FindLoginExtraFactor(process.Login, request.Factor);
//now having completed at least one extra factor, we can openly indicate that we could not find next factor
OpContext.ThrowIfNull(iFactor, ClientFaultCodes.InvalidValue, "factor", "Login factor (email or phone) is not found for a user.");
//Check that factor type is one in the pending steps
var factorOk = process.PendingFactors.IsSet(iFactor.FactorType);
OpContext.ThrowIf(!factorOk, ClientFaultCodes.InvalidValue, "factor", "Login factor type attempted (email or phone) is not pending in the process.");
await ProcessService.SendPinAsync(process, iFactor, request.Factor); //we use factor from request, to avoid unencrypting twice
}
public User SignupUser([FromBody] UserSignup signup)
{
// signup request contains password, so mark it confidential, so the request body will NOT be logged
// to prevent passwords appearing in logs
this.WebContext.Flags |= WebCallFlags.Confidential;
//Validate
OpContext.ThrowIfNull(signup, ClientFaultCodes.InvalidValue, "UserSignup", "UserSignup object may not be null.");
OpContext.ValidateNotEmpty(signup.UserName, "UserName", "UserName may not be empty.");
OpContext.ValidateNotEmpty(signup.Password, "Password", "Password may not be empty.");
OpContext.ThrowValidation();
var session = OpenSession();
// check if user name is already taken
var existingUser = session.EntitySet <IUser>().Where(u => u.UserName == signup.UserName).WithOptions(QueryOptions.ForceIgnoreCase).FirstOrDefault();
OpContext.ThrowIf(existingUser != null, ClientFaultCodes.InvalidValue, "UserName", "User name {0} is already in use. Please choose other name.", signup.UserName);
// create login and user
var loginMgr = OpContext.App.GetService <ILoginManagementService>();
var user = session.NewUser(signup.UserName, UserType.Customer, signup.UserName);
var login = loginMgr.NewLogin(session, signup.UserName, signup.Password, loginId: user.Id, userId: user.Id); //Login.Id is the same as userID
session.SaveChanges();
// Let's create custom app event; we test here that this appEvent gets to AppEventLog
// log entries in web app are accumulated in buffered log attached to web call, and later
// dumped to WebCallLog.OperationLog column as text. Except - errors and app events, they are
// passed to global log as well.
OpContext.WriteAppEvent("Customer", "Signup", $"Customer {signup.UserName} signed up.");
return(user.ToModel());
}
private BookReview CreateUpdateReview(BookReview review, bool create)
{
OpContext.ThrowIfNull(review, ClientFaultCodes.ContentMissing, "Review", "Review object in message body is missing.");
//find book
var session = OpenSession();
var bk = session.GetEntity <IBook>(review.BookId);
//Validate using ValidationExtensions methods
//will throw and return BadRequest if book Id is invalid
OpContext.ThrowIfNull(bk, ClientFaultCodes.ObjectNotFound, "BookId", "Book not found. ID={0}", review.BookId);
//Validate input fields
OpContext.ValidateNotEmpty(review.Caption, "Caption", "Caption may not be empty.");
OpContext.ValidateNotEmpty(review.Review, "Review", "Review text may not be empty.");
OpContext.ValidateMaxLength(review.Caption, 100, "Caption", "Caption text is too long.");
// Review text is unlimited in database, but let's still limit it to 1000 chars
OpContext.ValidateMaxLength(review.Review, 1000, "Review", "Review text is too long, must be under 1000 chars");
OpContext.ValidateRange(review.Rating, 1, 5, "Rating", "Rating must be between 1 and 5");
OpContext.ThrowValidation(); //will throw if any faults had been detected; will return BadRequest with list of faults in the body
// get user;
var user = session.GetEntity <IUser>(OpContext.User.UserId);
// with AuthenticatedOnly attribute, we should always have user; still check just in case
OpContext.ThrowIfNull(user, ClientFaultCodes.ObjectNotFound, "User", "Current user not identified.");
//Create/update review entity
IBookReview entReview;
if (create)
{
entReview = session.NewReview(user, bk, review.Rating, review.Caption, review.Review);
}
else
{
entReview = session.GetEntity <IBookReview>(review.Id);
OpContext.ThrowIfNull(entReview, ClientFaultCodes.ObjectNotFound, "Review", "Review object not found, ID={0}.", review.Id);
entReview.Caption = review.Caption;
entReview.Rating = review.Rating;
entReview.Review = review.Review;
}
session.SaveChanges();
return(entReview.ToModel(details: true));
}
