public SaveResponse Update(IUnitOfWork uow, UserPermissionUpdateRequest request)
{
Check.NotNull(request, "request");
Check.NotNull(request.UserID, "userID");
Check.NotNull(request.Permissions, "permissions");
var userID = request.UserID.Value;
var oldList = new HashSet <string>(
GetExisting(uow.Connection, userID, request.Module, request.Submodule)
.Select(x => x.PermissionKey), StringComparer.OrdinalIgnoreCase);
var newList = new HashSet <string>(request.Permissions.ToList(),
StringComparer.OrdinalIgnoreCase);
if (oldList.SetEquals(newList))
{
return(new SaveResponse());
}
foreach (var k in oldList)
{
if (newList.Contains(k))
{
continue;
}
new SqlDelete(fld.TableName)
.Where(
new Criteria(fld.UserId) == userID &
new Criteria(fld.PermissionKey) == k)
.Execute(uow.Connection);
}
foreach (var k in newList)
{
if (oldList.Contains(k))
{
continue;
}
uow.Connection.Insert(new MyRow
{
UserId = userID,
PermissionKey = k
});
}
BatchGenerationUpdater.OnCommit(uow, fld.GenerationKey);
return(new SaveResponse());
}
public SaveResponse Update(IUnitOfWork uow, UserRoleUpdateRequest request)
{
Check.NotNull(request, "request");
Check.NotNull(request.UserID, "userID");
Check.NotNull(request.Roles, "permissions");
var userID = request.UserID.Value;
var oldList = new HashSet <Int32>(
GetExisting(uow.Connection, userID)
.Select(x => x.RoleId.Value));
var newList = new HashSet <Int32>(request.Roles.ToList());
if (oldList.SetEquals(newList))
{
return(new SaveResponse());
}
foreach (var k in oldList)
{
if (newList.Contains(k))
{
continue;
}
new SqlDelete(fld.TableName)
.Where(
new Criteria(fld.UserId) == userID &
new Criteria(fld.RoleId) == k)
.Execute(uow.Connection);
}
foreach (var k in newList)
{
if (oldList.Contains(k))
{
continue;
}
uow.Connection.Insert(new MyRow
{
UserId = userID,
RoleId = k
});
}
BatchGenerationUpdater.OnCommit(uow, fld.GenerationKey);
BatchGenerationUpdater.OnCommit(uow, Entities.UserPermissionRow.Fields.GenerationKey);
return(new SaveResponse());
}
public Result<ServiceResponse> ResetPassword(ResetPasswordRequest request)
{
return this.InTransaction("Default", uow =>
{
request.CheckNotNull();
if (string.IsNullOrEmpty(request.Token))
throw new ArgumentNullException("token");
int userId;
using (var ms = new MemoryStream(MachineKey.Unprotect(
Convert.FromBase64String(request.Token), "ResetPassword")))
using (var br = new BinaryReader(ms))
{
var dt = DateTime.FromBinary(br.ReadInt64());
if (dt < DateTime.UtcNow)
throw new ValidationError(Texts.Validation.InvalidResetToken);
userId = br.ReadInt32();
}
UserRow user;
using (var connection = SqlConnections.NewFor<UserRow>())
{
user = connection.TryById<UserRow>(userId);
if (user == null)
throw new ValidationError(Texts.Validation.InvalidResetToken);
}
if (request.ConfirmPassword != request.NewPassword)
throw new ValidationError("PasswordConfirmMismatch", LocalText.Get("Validation.PasswordConfirm"));
request.NewPassword = UserRepository.ValidatePassword(user.Username, request.NewPassword, false);
var salt = Membership.GeneratePassword(5, 1);
var hash = SiteMembershipProvider.ComputeSHA512(request.NewPassword + salt);
UserRepository.CheckPublicDemo(user.UserId);
uow.Connection.UpdateById(new UserRow
{
UserId = user.UserId.Value,
PasswordSalt = salt,
PasswordHash = hash
});
BatchGenerationUpdater.OnCommit(uow, UserRow.Fields.GenerationKey);
return new ServiceResponse();
});
}
public Result <ServiceResponse> ChangePassword(ChangePasswordRequest request)
{
if (Authorization.Username.Equals("demo", StringComparison.OrdinalIgnoreCase))
{
throw new Exception("This feature is disabled for demo user");
}
return(this.InTransaction("SimpleFeedlyConn", uow =>
{
request.CheckNotNull();
if (string.IsNullOrEmpty(request.OldPassword))
{
throw new ArgumentNullException("oldPassword");
}
var username = Authorization.Username;
if (!Dependency.Resolve <IAuthenticationService>().Validate(ref username, request.OldPassword))
{
throw new ValidationError("CurrentPasswordMismatch", Texts.Validation.CurrentPasswordMismatch);
}
if (request.ConfirmPassword != request.NewPassword)
{
throw new ValidationError("PasswordConfirmMismatch", LocalText.Get("Validation.PasswordConfirm"));
}
request.NewPassword = UserRepository.ValidatePassword(username, request.NewPassword, false);
var salt = Membership.GeneratePassword(5, 1);
var hash = SiteMembershipProvider.ComputeSHA512(request.NewPassword + salt);
var userId = int.Parse(Authorization.UserId);
UserRepository.CheckPublicDemo(userId);
uow.Connection.UpdateById(new UserRow
{
UserId = userId,
PasswordSalt = salt,
PasswordHash = hash
});
BatchGenerationUpdater.OnCommit(uow, UserRow.Fields.GenerationKey);
return new ServiceResponse();
}));
}
public ActionResult Activate(string t)
{
using (var connection = SqlConnections.NewByKey("Default"))
using (var uow = new UnitOfWork(connection))
{
int userId;
try
{
var bytes = HttpContext.RequestServices
.GetDataProtector("Activate").Unprotect(Convert.FromBase64String(t));
using (var ms = new MemoryStream(bytes))
using (var br = new BinaryReader(ms))
{
var dt = DateTime.FromBinary(br.ReadInt64());
if (dt < DateTime.UtcNow)
{
return(Error(Texts.Validation.InvalidActivateToken));
}
userId = br.ReadInt32();
}
}
catch (Exception)
{
return(Error(Texts.Validation.InvalidActivateToken));
}
var user = uow.Connection.TryById <UserRow>(userId);
if (user == null || user.IsActive != 0)
{
return(Error(Texts.Validation.InvalidActivateToken));
}
uow.Connection.UpdateById(new UserRow
{
UserId = user.UserId.Value,
IsActive = 1
});
BatchGenerationUpdater.OnCommit(uow, UserRow.Fields.GenerationKey);
uow.Commit();
return(new RedirectResult("~/Account/Login?activated=" + Uri.EscapeDataString(user.Email)));
}
}
public Result <ServiceResponse> ChangePassword(ChangePasswordRequest request)
{
return(this.InTransaction("Default", uow =>
{
request.CheckNotNull();
if (string.IsNullOrEmpty(request.OldPassword))
{
throw new ArgumentNullException("oldPassword");
}
var username = Authorization.Username;
if (!Dependency.Resolve <IAuthenticationService> ().Validate(ref username, request.OldPassword))
{
throw new ValidationError("CurrentPasswordMismatch", Texts.Validation.CurrentPasswordMismatch);
}
if (request.ConfirmPassword != request.NewPassword)
{
throw new ValidationError("PasswordConfirmMismatch", LocalText.Get("Validation.PasswordConfirm"));
}
request.NewPassword = UserRepository.ValidatePassword(username, request.NewPassword, false);
string salt = null;
var hash = UserRepository.GenerateHash(request.NewPassword, ref salt);
var userId = int.Parse(Authorization.UserId);
UserRepository.CheckPublicDemo(userId);
uow.Connection.UpdateById(new UserRow
{
UserId = userId,
PasswordSalt = salt,
PasswordHash = hash
});
BatchGenerationUpdater.OnCommit(uow, UserRow.Fields.GenerationKey);
return new ServiceResponse();
}));
}
protected override void AfterSave()
{
base.AfterSave();
BatchGenerationUpdater.OnCommit(this.UnitOfWork, fld.GenerationKey);
if (!Authorization.HasPermission(PermissionKeys.Tenants))
{
var permFlds = UserPermissionRow.Fields;
if (!Connection.Exists <UserPermissionRow>(permFlds.UserId == Row.UserId.Value && permFlds.PermissionKey == "Administration:User:Modify"))
{
Connection.InsertAndGetID(new UserPermissionRow
{
UserId = Row.UserId,
PermissionKey = "Administration:User:Modify",
Granted = true
});
}
if (!Connection.Exists <UserPermissionRow>(permFlds.UserId == Row.UserId.Value && permFlds.PermissionKey == "AdministrationTenants:User:Read"))
{
Connection.InsertAndGetID(new UserPermissionRow
{
UserId = Row.UserId,
PermissionKey = "AdministrationTenants:User:Read",
Granted = true
});
}
if (!Connection.Exists <UserPermissionRow>(permFlds.UserId == Row.UserId.Value && permFlds.PermissionKey == "Administration:Tenants:Read"))
{
Connection.InsertAndGetID(new UserPermissionRow
{
UserId = Row.UserId,
PermissionKey = "Administration:Tenants:Read",
Granted = true
});
}
}
}
protected override void AfterSave()
{
base.AfterSave();
BatchGenerationUpdater.OnCommit(this.UnitOfWork, fld.GenerationKey);
}
public SaveResponse Update(IUnitOfWork uow, UserPermissionUpdateRequest request)
{
Check.NotNull(request, "request");
Check.NotNull(request.UserID, "userID");
Check.NotNull(request.Permissions, "permissions");
var userID = request.UserID.Value;
var oldList = new Dictionary <string, bool>(StringComparer.OrdinalIgnoreCase);
foreach (var p in GetExisting(uow.Connection, userID, request.Module, request.Submodule))
{
oldList[p.PermissionKey] = p.Granted.Value;
}
var newList = new Dictionary <string, bool>(StringComparer.OrdinalIgnoreCase);
foreach (var p in request.Permissions)
{
newList[p.PermissionKey] = p.Granted ?? false;
}
if (oldList.Count == newList.Count &&
oldList.All(x => newList.ContainsKey(x.Key) && newList[x.Key] == x.Value))
{
return(new SaveResponse());
}
foreach (var k in oldList.Keys)
{
if (newList.ContainsKey(k))
{
continue;
}
new SqlDelete(fld.TableName)
.Where(
new Criteria(fld.UserId) == userID &
new Criteria(fld.PermissionKey) == k)
.Execute(uow.Connection);
}
foreach (var k in newList.Keys)
{
if (!oldList.ContainsKey(k))
{
uow.Connection.Insert(new MyRow
{
UserId = userID,
PermissionKey = k,
Granted = newList[k]
});
}
else if (oldList[k] != newList[k])
{
new SqlUpdate(fld.TableName)
.Where(
fld.UserId == userID &
fld.PermissionKey == k)
.Set(fld.Granted, newList[k])
.Execute(uow.Connection);
}
}
BatchGenerationUpdater.OnCommit(uow, fld.GenerationKey);
return(new SaveResponse());
}
public SaveResponse Update(IUnitOfWork uow, RolePermissionUpdateRequest request)
{
Check.NotNull(request, "request");
Check.NotNull(request.RoleID, "roleID");
Check.NotNull(request.Permissions, "permissions");
var roleID = request.RoleID.Value;
var oldList = new HashSet <string>(
GetExisting(uow.Connection, roleID, request.Module, request.Submodule)
.Select(x => x.PermissionKey), StringComparer.OrdinalIgnoreCase);
var newList = new HashSet <string>(request.Permissions.ToList(),
StringComparer.OrdinalIgnoreCase);
var allowedKeys = new UserPermissionRepository()
.ListPermissionKeys()
.Entities.ToDictionary(x => x);
if (newList.Any(x => !allowedKeys.ContainsKey(x)))
{
throw new AccessViolationException();
}
if (oldList.SetEquals(newList))
{
return(new SaveResponse());
}
foreach (var k in oldList)
{
if (newList.Contains(k))
{
continue;
}
new SqlDelete(fld.TableName)
.Where(
new Criteria(fld.RoleId) == roleID &
new Criteria(fld.PermissionKey) == k)
.Execute(uow.Connection);
}
foreach (var k in newList)
{
if (oldList.Contains(k))
{
continue;
}
uow.Connection.Insert(new MyRow
{
RoleId = roleID,
PermissionKey = k
});
}
BatchGenerationUpdater.OnCommit(uow, fld.GenerationKey);
BatchGenerationUpdater.OnCommit(uow, Entities.UserPermissionRow.Fields.GenerationKey);
return(new SaveResponse());
}
