private async Task <gUser> UpdatePassword(gUser SelectedUser)
{
/// find the current user details from the database
gUser userDetails = await DbContext.Users.FindAsync(SelectedUser.Id).ConfigureAwait(false);
if (userDetails == null)
{
gAppConst.Error(ref ErrorsList, "User not found!");
return(null);
}
/// generate new password reset token
string passResetToken = await UserManager.GeneratePasswordResetTokenAsync(userDetails).ConfigureAwait(false);
/// reset user's password
IdentityResult result = await UserManager.ResetPasswordAsync(
userDetails, passResetToken, SelectedUser.NewPassword).ConfigureAwait(false);
/// if result is Failed
if (!result.Succeeded)
{
foreach (var item in result.Errors)
{
ErrorsList.Add(new gError(item.Code, item.Description));
}
return(null);
}
/// else the result is a success.
return(userDetails);
}
public async Task <IActionResult> PutMyPassword([FromBody] gUser modifiedUser)
{
try
{
int.TryParse(User.Claims.First(c => c.Type == "UserId").Value, out int userId);
if (modifiedUser.Id != userId)
{
gAppConst.Error(ref ErrorsList, "Not Authorised!");
return(BadRequest(ErrorsList));
}
gUser result = await UpdatePassword(modifiedUser).ConfigureAwait(false);
if (result != null)
{
return(Ok(result));
}
return(BadRequest(ErrorsList));
}
catch (Exception) // DbUpdateException, DbUpdateConcurrencyException
{
/// Add the error below to the error list and return bad request
gAppConst.Error(ref ErrorsList, $"Server Issue. Please Contact Administrator.");
return(BadRequest(ErrorsList));
}
}
[Authorize(gAppConst.AccessPolicies.LevelOne)] /// Done
public async Task <IActionResult> Delete([FromBody] gUser thisUser)
{
try
{
/// if the User record with the same id is not found
if (!await DbContext.Users.AnyAsync(u => u.Id == thisUser.Id).ConfigureAwait(false))
{
gAppConst.Error(ref ErrorsList, "User not found");
return(BadRequest(ErrorsList));
}
/// else the User is found
/// now delete the user record
DbContext.Users.Remove(await DbContext.Users.FindAsync(thisUser.Id).ConfigureAwait(false));
/// save the changes to the database
await DbContext.SaveChangesAsync().ConfigureAwait(false);
/// return 200 Ok status
return(Ok($"User ID ('{thisUser.Id}') was deleted"));
}
catch (Exception)
{
/// Add the error below to the error list and return bad Department
gAppConst.Error(ref ErrorsList, $"Server Issue. Please Contact Administrator.");
return(BadRequest(ErrorsList));
}
}
[Authorize(gAppConst.AccessPolicies.LevelOne)] /// Done
public async Task <IActionResult> Put([FromBody] gUser modifiedUser)
{
try
{
/// Try to validate the model
TryValidateModel(modifiedUser);
/// remove the passwordHash and confrimPassword since
/// the password update gets handled by another method in this class
ModelState.Remove("PasswordHash");
if (!ModelState.IsValid)
{
/// extract the errors and return bad request containing the errors
gAppConst.ExtractErrors(ModelState, ref ErrorsList);
return(BadRequest(ErrorsList));
}
/// if the user record with the same id is not found
if (!await DbContext.Users.AnyAsync(u => u.Id == modifiedUser.Id).ConfigureAwait(false))
{
gAppConst.Error(ref ErrorsList, "User not found");
return(BadRequest(ErrorsList));
}
modifiedUser.Department = await DbContext.Departments.FindAsync(modifiedUser.Department.Id).ConfigureAwait(false);
modifiedUser.Role = await DbContext.Roles.FindAsync(modifiedUser.Role.Id).ConfigureAwait(false);
/// find the current user details from the database
gUser userDetails = await DbContext.Users.FindAsync(modifiedUser.Id).ConfigureAwait(false);
/// update the user details with the new details
userDetails.FirstName = modifiedUser.FirstName;
userDetails.Surname = modifiedUser.Surname;
userDetails.Email = modifiedUser.Email;
userDetails.PhoneNumber = modifiedUser.PhoneNumber;
userDetails.Role = modifiedUser.Role;
userDetails.Department = modifiedUser.Department;
/// thus update user in the context
DbContext.Users.Update(userDetails);
/// save the changes to the database
await DbContext.SaveChangesAsync().ConfigureAwait(false);
/// thus return 200 ok status with the updated object
return(Ok(userDetails));
}
catch (Exception) // DbUpdateException, DbUpdateConcurrencyException
{
/// Add the error below to the error list and return bad request
gAppConst.Error(ref ErrorsList, $"Server Issue. Please Contact Administrator.");
return(BadRequest(ErrorsList));
}
}
/// <summary>
/// Update db
/// </summary>
private async Task <string> RequestUpdateDb(FileCompleteContext ctx, gUser user)
{
var avatarUrl = ctx.HttpContext.Request.Scheme + "://" + ctx.HttpContext.Request.Host.Value + "/api/file/avatar/" + user.Id;
var response = await _fileMngClient.SaveAvatarAsync(new gSaveAvatarRequest()
{
AvatarUrl = avatarUrl
});
if (response == null)
{
_logger.LogError("Unknown error occured while requesting user info");
}
if (response.Status.Status != Protos.RequestStatus.Success)
{
_logger.LogError(response.Status.Message);
}
return(avatarUrl);
}
/// <summary>
/// Handle the upload completion
/// </summary>
protected override async Task OnUploadCompleted(FileCompleteContext ctx)
{
try
{
gUser user = await MoveFilesToFolder(ctx);
// Update db
string avatarUrl = await RequestUpdateDb(ctx, user);
// Attach avatar info to header, because tus send 204 (no response body is allowed)
ctx.HttpContext.Response.Headers.Add("upload-data", Helpers.JsonSerialize(new { AvatarUrl = avatarUrl }));
}
catch (Exception _ex)
{
_logger.LogError(_ex.Message);
throw _ex;
}
}
public async Task <IActionResult> PutPassword([FromBody] gUser modifiedUser)
{
try
{
gUser result = await UpdatePassword(modifiedUser).ConfigureAwait(false);
if (result != null)
{
return(Ok(result));
}
return(BadRequest(ErrorsList));
}
catch (Exception) // DbUpdateException, DbUpdateConcurrencyException
{
/// Add the error below to the error list and return bad request
gAppConst.Error(ref ErrorsList, $"Server Issue. Please Contact Administrator.");
return(BadRequest(ErrorsList));
}
}
[HttpPut("put/{userId}/{isBlocked}")] /// Done
public async Task <IActionResult> Put(int userId, bool isBlocked)
{
try
{
/// if the user with the same id is not found
gUser user = await DbContext.Users.Include(u => u.Role).Include(u => u.Department).FirstAsync(u => u.Id == userId).ConfigureAwait(false);
if (user == null)
{
gAppConst.Error(ref ErrorsList, "User not found");
return(BadRequest(ErrorsList));
}
user.IsBlocked = isBlocked;
ModelState.Clear();
/// Try to validate the model
if (!TryValidateModel(user))
{
/// extract the errors and return bad request containing the errors
gAppConst.ExtractErrors(ModelState, ref ErrorsList);
return(BadRequest(ErrorsList));
}
/// update user in the context
DbContext.Users.Update(user);
/// save the changes to the database
await DbContext.SaveChangesAsync().ConfigureAwait(false);
/// thus return 200 ok status with the updated object
return(Ok(user));
}
catch (Exception) // DbUpdateException, DbUpdateConcurrencyException
{
/// Add the error below to the error list and return bad request
gAppConst.Error(ref ErrorsList, $"Server Issue. Please Contact Administrator.");
return(BadRequest(ErrorsList));
}
}
/// <summary>
/// Moves the uploaded files to the avatar folder
/// tus protocol puts the uploaded files into the store, XtraUpload move those files to the user directory
/// </summary>
private void MoveFilesToFolder(FileCompleteContext ctx, gUser user)
{
string userFolder = Path.Combine(_uploadOpts.CurrentValue.UploadPath, user.Id);
string avatarFolder = Path.Combine(userFolder, "avatar");
// Create user root directory
if (!Directory.Exists(userFolder))
{
Directory.CreateDirectory(userFolder);
}
// Creat avatar directory
if (!Directory.Exists(avatarFolder))
{
Directory.CreateDirectory(avatarFolder);
}
// move avatar to the avatar folder
DirectoryInfo directoryInfo = new DirectoryInfo(_uploadOpts.CurrentValue.UploadPath);
foreach (FileInfo file in directoryInfo.GetFiles(ctx.FileId + "*"))
{
// Exemple of file names generated by tus are (...69375.metadata, ...69375.uploadlength ...)
string[] subNames = file.Name.Split('.');
string subName = subNames.Count() == 2 ? '.' + subNames[1] : "orig.avatar.png";
File.Move(file.FullName, Path.Combine(avatarFolder, subName), true);
}
// crop image
string avatarPath = Path.Combine(avatarFolder, "orig.avatar.png");
using FileStream smallavatar = new FileStream(Path.Combine(avatarFolder, "avatar.png"), FileMode.Create);
using Image image = Image.Load(File.ReadAllBytes(avatarPath), out IImageFormat format);
using Image smallthumbnail = image.Clone(i => i.Resize(128, 128).Crop(new Rectangle(0, 0, 128, 128)));
smallthumbnail.Save(smallavatar, format);
return;
}
[HttpPost("[action]")] /// Done
public async Task <IActionResult> Login([FromBody] dynamic jsonData)
{
gAppConst.GetBrowserDetails(Request.Headers["User-Agent"].ToString(), out string BrowserName);
bool rememberMe;
gUser user;
gLoginRecord loginRecord;
try
{
/// extract the info from jsonData received
user = new gUser
{
Email = jsonData.email,
PasswordHash = jsonData.password
};
loginRecord = new gLoginRecord
{
BrowserName = BrowserName,
};
rememberMe = (bool)jsonData.rememberMe;
}
catch (Exception) /// catch error if jsonData is null
{
gAppConst.Error(ref ErrorsList, "Invalid Input. Please Contact Admin.");
return(BadRequest(ErrorsList));
}
try
{
/// check if the email address exists. if not return bad request
if (!DbContext.Users.Any(u => u.Email == user.Email))
{
gAppConst.Error(ref ErrorsList, "Wrong Email.", "Email");
return(BadRequest(ErrorsList.ToArray()));
}
/// else user with the specified email is found. then get the user object from database
gUser userDetails = DbContext.Users.Include(u => u.Department)
.Include(u => u.Role)
.Where(u => u.Email == user.Email)
.FirstOrDefault();
/// try to sign-in the user by using the password provided
var loginResult = await authManager.PasswordSignInAsync(userDetails, user.PasswordHash, rememberMe, false).ConfigureAwait(false);
/// if sign-in succeeded then return OK status
if (loginResult.Succeeded)
{
/// get the last login record
gLoginRecord LastLogin = null;
try
{
LastLogin = await DbContext.LoginRecords.LastAsync(l => l.UserId == userDetails.Id).ConfigureAwait(false);
/// If it is not the user's first login then populate the current users last login date property
if (LastLogin != null)
{
userDetails.LastLoginDate = LastLogin.TimeStamp;
}
}
catch (Exception) { }
loginRecord.UserId = userDetails.Id;
/// Add the login record and return the user's details
await DbContext.LoginRecords.AddAsync(loginRecord).ConfigureAwait(false);
await DbContext.SaveChangesAsync().ConfigureAwait(false);
return(Ok(userDetails));
}
/// else user has entered the wrong password
gAppConst.Error(ref ErrorsList, "Wrong Password", "Password");
return(BadRequest(ErrorsList));
}
catch (Exception eee)
{
/// if there are any exception return login failed error
gAppConst.Error(ref ErrorsList, "Login Failed");
return(BadRequest(ErrorsList));
}
}
[Authorize(gAppConst.AccessPolicies.LevelOne)] /// Done
public async Task <IActionResult> Post([FromBody] gUser newUser)
{
try
{
newUser.PasswordHash = newUser.NewPassword;
ModelState.Clear();
/// if model validation failed
if (!TryValidateModel(newUser))
{
gAppConst.ExtractErrors(ModelState, ref ErrorsList);
/// return bad request with all the errors
return(BadRequest(ErrorsList));
}
/// check the database to see if a user with the same email exists
if (await DbContext.Users.AnyAsync(d => d.Email == newUser.Email).ConfigureAwait(false))
{
/// extract the errors and return bad request containing the errors
gAppConst.Error(ref ErrorsList, "Email already exists.");
return(BadRequest(ErrorsList));
}
newUser.Department = await DbContext.Departments.FindAsync(newUser.Department.Id).ConfigureAwait(false);
newUser.Role = await DbContext.Roles.FindAsync(newUser.Role.Id).ConfigureAwait(false);
/// else user object is made without any errors
/// Create the new user
IdentityResult newUserResult = await UserManager.CreateAsync(newUser, newUser.PasswordHash)
.ConfigureAwait(false);
/// If result failed
if (!newUserResult.Succeeded)
{
/// Add the error below to the error list and return bad request
foreach (var error in newUserResult.Errors)
{
gAppConst.Error(ref ErrorsList, error.Description, error.Code);
}
return(BadRequest(ErrorsList));
}
/// else result is successful the try to add the access claim for the user
IdentityResult addedClaimResult = await UserManager.AddClaimAsync(
newUser,
new Claim(gAppConst.AccessClaims.Type, newUser.Role.AccessClaim)
).ConfigureAwait(false);
/// if claim failed to be created
if (!addedClaimResult.Succeeded)
{
/// remove the user account and return appropriate error
DbContext.Users.Remove(newUser);
await DbContext.SaveChangesAsync().ConfigureAwait(false);
gAppConst.Error(ref ErrorsList, "Server Issue. Please Contact Administrator.");
return(BadRequest(ErrorsList));
}
/// return 201 created status with the new object
/// and success message
return(Created("Success", newUser));
}
catch (Exception) // DbUpdateException, DbUpdateConcurrencyException
{
/// Add the error below to the error list and return bad request
gAppConst.Error(ref ErrorsList, $"Server Issue. Please Contact Administrator.");
return(BadRequest(ErrorsList));
}
}
