public async Task <IActionResult> InviteUser(int id, [FromBody] InviteViewModel model)
{
var userId = User.GetUserId();
if (model.UserId == userId)
{
return(this.BadRequestError("You can't invite yourself."));
}
var ev = await _eventService.GetEventByIdAsync(id, nameof(Event.Period), nameof(Event.Owner));
if (userId != ev.Owner.Id)
{
return(this.BadRequestError("Only owner can invite users."));
}
if (ev.IsPrivate)
{
return(this.BadRequestError("You can't invite users on private event."));
}
if (ev.IsOld(DateTime.UtcNow))
{
return(this.BadRequestError("You can't invite users on events from the past."));
}
await _eventService.InviteUserAsync(ev.Id, model.UserId, userId, model.IsReadOnly);
var invitation = await _invitationService.GetInvitationAsync(id, model.UserId);
await _invitationManager.UserInvitedAsync(model.UserId, _mapper.Map <InvitationViewModel>(invitation));
return(Ok());
}
public async Task <IActionResult> OnPostAsync(string returnUrl = null)
{
returnUrl = returnUrl ?? Url.Content("~/");
ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
// check email
var existingUser = await _userManager.FindByEmailAsync(Input.Email);
if (existingUser != null)
{
ModelState.AddModelError("email", "Email is already used by another user.");
}
// check username
existingUser = await _userManager.FindByNameAsync(Input.Username);
if (existingUser != null)
{
ModelState.AddModelError("username", "Username is already taken.");
}
var inviteRequirementMet = true;
if (InvitationRequired && !_securityService.IsAdminInConfig(Input.Username))
{
if (string.IsNullOrEmpty(Input.InvitationCode))
{
ModelState.AddModelError("code", "Please enter the Invitation Code.");
}
else
{
var userId = await _invitationService.GetInvitationAsync(Input.Email, Input.InvitationCode);
inviteRequirementMet = !string.IsNullOrEmpty(userId);
if (!inviteRequirementMet)
{
ModelState.AddModelError("code", "Invitation Code is invalid.");
}
}
}
if (existingUser == null && inviteRequirementMet && ModelState.IsValid)
{
string avatarHash = string.Empty;
using (var md5 = MD5.Create())
{
var hash = md5.ComputeHash(Encoding.ASCII.GetBytes(Input.Email));
avatarHash = BitConverter.ToString(hash).Replace("-", "").ToLower();
}
var user = new ApplicationUser()
{
UserName = Input.Username,
Email = Input.Email,
AvatarHash = avatarHash
};
var result = await _userManager.CreateAsync(user, Input.Password);
if (result.Succeeded)
{
_logger.LogInformation("User created a new account with password.");
await _profileService.Add(user);
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
var siteUrl = _configuration["SiteUrl"];
var callbackUrl = Url.Action(
"ConfirmEmail",
"Account",
values: new { area = "Identity", userId = user.Id, code = code },
protocol: Request.Scheme);
await _emailSender.SendEmailAsync(Input.Email, "Confirm your email",
$"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>.");
if (_userManager.Options.SignIn.RequireConfirmedAccount)
{
return(RedirectToPage("RegisterConfirmation", new { email = Input.Email }));
}
else
{
await _signInManager.SignInAsync(user, isPersistent : false);
return(LocalRedirect(returnUrl));
}
}
foreach (var error in result.Errors)
{
ModelState.AddModelError(string.Empty, error.Description);
}
}
// If we got this far, something failed, redisplay form
return(Page());
}