Beispiel #1
0
        public IActionResult ChangePassword(UserRegistrationModel existingUser)
        {
            //hash and store the password
            existingUser.HashedPassword = _passwordHelper.Hash(existingUser.Password);
            existingUser.RefreshMetadata(existingUser.UserName);

            //validate input model
            ModelState.Clear();
            TryValidateModel(existingUser);
            if (!ModelState.IsValid)
            {
                //if invalid, return validation errors
                ModelState.AddModelError("", "Invalid input detected");
                existingUser.Password       = "";
                existingUser.HashedPassword = "";
                return(View("ManageAccount", existingUser));
            }


            // Look for the user
            var user = _dbContext.Users.SingleOrDefault(x => x.UserName == HttpContext.User.Identity.Name);

            //sanity checks
            if (existingUser.UserName != user.UserName)
            {
                //if invalid, return validation errors
                ModelState.AddModelError("UserName", "You can't change another user's password!");
                existingUser.Password       = "";
                existingUser.HashedPassword = "";
                existingUser.UserName       = user.UserName;
                return(View("ManageAccount", existingUser));
            }

            //update metadata and password on DB copy of data (so we dont risk a request being allowed to update random unrelated fields!)
            user.RefreshMetadata(existingUser.UserName);
            user.HashedPassword = existingUser.HashedPassword;//already computed, so no need to do so again

            //persist to database
            _dbContext.Users.Update(user);
            _dbContext.SaveChanges();

            //refresh the page
            existingUser.Password       = "";
            existingUser.HashedPassword = "";
            existingUser.StatusMessage  = "Password successfully changed!";
            return(View("ManageAccount", existingUser));
        }
Beispiel #2
0
        public async Task <IActionResult> RegisterNewUserAsync(UserRegistrationModel newUser)
        {
            var adminNewUserSetupMode = ViewBag.IsAdmin ?? false;

            //update metadata
            newUser.RefreshMetadata(newUser.UserName);

            //hash and store the password
            newUser.HashedPassword = _passwordHelper.Hash(newUser.Password);

            //mark the user as active by default
            newUser.IsActive = true;

            //validate input model
            ModelState.Clear();
            TryValidateModel(newUser);
            if (!ModelState.IsValid)
            {
                //if invalid, return validation errors
                ModelState.AddModelError("", "Invalid input detected");
                newUser.Password       = "";
                newUser.HashedPassword = "";
                return(View("Register", newUser));
            }

            //if another user with the same user name exists, add a validation message and return the validation message to the page
            if (_dbContext.Users.Any(x => x.UserName == newUser.UserName))
            {
                ModelState.AddModelError("UserName", "User Name already exists - please pick a different user name.");
                newUser.Password       = "";
                newUser.HashedPassword = "";
                return(View("Register", newUser));
            }

            //if this is the only user in the system, make them an admin
            if (_dbContext.Users.Where(x => x.IsActive).Count() == 0)
            {
                newUser.IsAdmin = true;
            }
            else
            {
                newUser.IsAdmin = false;
            }


            //persist to database
            _dbContext.Users.Add(newUser);
            _dbContext.SaveChanges();

            if (adminNewUserSetupMode)
            {
                //redirect back to user management screen
                return(RedirectToAction("ManageUsers", "Admin"));
            }
            else
            {
                //log in the user
                await LoginUserAsync(newUser.UserName, newUser.RememberMe);

                //redirect to the home page
                return(RedirectToAction("Index", "Inventory"));
            }
        }