private void AuditLogChanges(User user, ChangePersonalDetailsViewModel viewModel)
{
if (user.Firstname != viewModel.FirstName ||
user.Lastname != viewModel.LastName ||
user.ContactFirstName != viewModel.FirstName ||
user.ContactLastName != viewModel.LastName)
{
auditLogger.AuditChangeToUser(
AuditedAction.UserChangeName,
user,
new
{
OldFirstName = user.Firstname,
OldLastName = user.Lastname,
OldContactFirstName = user.ContactFirstName,
OldContactLastName = user.ContactLastName,
NewFirstName = viewModel.FirstName,
NewLastName = viewModel.LastName,
},
user);
}
if (user.JobTitle != viewModel.JobTitle ||
user.ContactJobTitle != viewModel.JobTitle)
{
auditLogger.AuditChangeToUser(
AuditedAction.UserChangeJobTitle,
user,
new
{
OldJobTitle = user.JobTitle,
OldContactJobTitle = user.ContactJobTitle,
NewJobTitle = viewModel.JobTitle,
},
user);
}
if (user.ContactPhoneNumber != viewModel.ContactPhoneNumber)
{
auditLogger.AuditChangeToUser(
AuditedAction.UserChangePhoneNumber,
user,
new
{
OldContactPhoneNumber = user.ContactPhoneNumber,
NewContactPhoneNumber = viewModel.ContactPhoneNumber,
},
user);
}
}
private void PurgeRegistrationsAction()
{
DateTime deadline = VirtualDateTime.Now.AddDays(0 - Global.PurgeUnconfirmedPinDays);
List <UserOrganisation> registrations = dataRepository.GetAll <UserOrganisation>()
.Where(uo => uo.PINConfirmedDate == null)
.Where(uo => uo.PINSentDate != null)
.Where(uo => uo.PINSentDate.Value < deadline)
.ToList();
foreach (UserOrganisation registration in registrations)
{
auditLogger.AuditChangeToUser(
AuditedAction.PurgeRegistration,
registration.User,
new
{
registration.UserId,
registration.User.EmailAddress,
registration.OrganisationId,
registration.Organisation.EmployerReference,
registration.Organisation.OrganisationName,
registration.Method,
registration.PINSentDate,
registration.PINConfirmedDate
});
dataRepository.Delete(registration);
dataRepository.SaveChanges();
}
}
public IActionResult ChangeContactPreferencesPost(long id, AdminChangeUserContactPreferencesViewModel viewModel)
{
var user = _adminService.SharedBusinessLogic.DataRepository.Get <User>(id);
viewModel.ParseAndValidateParameters(Request, m => m.Reason);
if (viewModel.HasAnyErrors())
{
viewModel.UserId = user.UserId;
viewModel.FullName = user.Fullname;
return(View("ChangeContactPreferences", viewModel));
}
auditLogger.AuditChangeToUser(
this,
AuditedAction.AdminChangeUserContactPreferences,
user,
new
{
AllowContact_Old = user.AllowContact ? "Yes" : "No",
AllowContact_New = viewModel.AllowContact ? "Yes" : "No",
SendUpdates_Old = user.SendUpdates ? "Yes" : "No",
SendUpdates_New = viewModel.SendUpdates ? "Yes" : "No",
viewModel.Reason
});
user.AllowContact = viewModel.AllowContact;
user.SendUpdates = viewModel.SendUpdates;
_adminService.SharedBusinessLogic.DataRepository.SaveChangesAsync().Wait();
return(RedirectToAction("ViewUser", "AdminViewUser", new { id = user.UserId }));
}
private void PurgeUser(User user)
{
auditLogger.AuditChangeToUser(
AuditedAction.PurgeUser,
user,
new { user.UserId, user.EmailAddress, user.JobTitle, user.Fullname });
user.SetStatus(UserStatuses.Retired, user, "User retired by PurgeUserJob");
dataRepository.SaveChanges();
}
public void UpdateEmail(User userToUpdate, string newEmailAddress)
{
if (userToUpdate is null)
{
throw new ArgumentNullException(nameof(userToUpdate));
}
if (newEmailAddress.IsNullOrWhiteSpace())
{
throw new ArgumentNullException(nameof(newEmailAddress));
}
if (userToUpdate.Status != UserStatuses.Active)
{
throw new ArgumentException($"Can only update emails for active users. UserId={userToUpdate.UserId}");
}
string oldEmailAddress = userToUpdate.EmailAddress;
// update email
DateTime now = VirtualDateTime.Now;
userToUpdate.EmailAddress = newEmailAddress;
userToUpdate.EmailVerifiedDate = now;
userToUpdate.Modified = now;
// save
dataRepository.SaveChanges();
// log email change
auditLogger.AuditChangeToUser(
AuditedAction.UserChangeEmailAddress,
userToUpdate,
new
{
OldEmailAddress = oldEmailAddress,
NewEmailAddress = newEmailAddress,
},
userToUpdate);
}
public async Task <IActionResult> ResendVerificationEmailPost(long id,
AdminResendVerificationEmailViewModel viewModel)
{
var user = SharedBusinessLogic.DataRepository.Get <User>(id);
viewModel.User = user;
if (user.EmailVerifiedDate != null)
{
viewModel.AddErrorFor <AdminResendVerificationEmailViewModel, object>(
m => m.OtherErrorMessagePlaceholder,
"This user's email address has already been verified");
return(View("ResendVerificationEmail", viewModel));
}
viewModel.ParseAndValidateParameters(Request, m => m.Reason);
if (viewModel.HasAnyErrors())
{
return(View("ResendVerificationEmail", viewModel));
}
auditLogger.AuditChangeToUser(
this,
AuditedAction.AdminResendVerificationEmail,
user,
new
{
viewModel.Reason
}
);
var verifyCode = Encryption.EncryptQuerystring(user.UserId + ":" + user.Created.ToSmallDateTime());
user.EmailVerifyHash = Crypto.GetSHA512Checksum(verifyCode);
user.EmailVerifySendDate = VirtualDateTime.Now;
SharedBusinessLogic.DataRepository.SaveChangesAsync().Wait();
var verifyUrl = Url.Action("VerifyEmail", "Account", new { vcode = verifyCode }, "https");
if (!_adminService.SharedBusinessLogic.SendEmailService.SendCreateAccountPendingVerificationAsync(verifyUrl, user.EmailAddress).Result)
{
viewModel.AddErrorFor <AdminResendVerificationEmailViewModel, object>(
m => m.OtherErrorMessagePlaceholder,
"Error whilst re-sending verification email. Please try again in a few minutes.");
return(View("ResendVerificationEmail", viewModel));
}
return(View("VerificationEmailSent", user));
}
public IActionResult ResendVerificationEmailPost(long id, AdminResendVerificationEmailViewModel viewModel)
{
User user = dataRepository.Get <User>(id);
viewModel.User = user;
if (user.EmailVerifiedDate != null)
{
viewModel.AddErrorFor(
m => m.OtherErrorMessagePlaceholder,
"This user's email address has already been verified");
return(View("ResendVerificationEmail", viewModel));
}
viewModel.ParseAndValidateParameters(Request, m => m.Reason);
if (viewModel.HasAnyErrors())
{
return(View("ResendVerificationEmail", viewModel));
}
auditLogger.AuditChangeToUser(
AuditedAction.AdminResendVerificationEmail,
user,
new
{
viewModel.Reason
},
User);
string verificationCode = Guid.NewGuid().ToString("N");
string verificationUrl = Url.Action(
"VerifyEmail",
"AccountCreation",
new { code = verificationCode },
"https");
emailSendingService.SendAccountVerificationEmail(user.EmailAddress, verificationUrl);
user.EmailVerifyHash = verificationCode;
user.EmailVerifySendDate = VirtualDateTime.Now;
dataRepository.SaveChanges();
return(View("VerificationEmailSent", user));
}