public ValidationSender(ExternalServicesConfig config, ILogger <ValidationSender> log, ITokenMemoryCache memoryCache, IHostingEnvironment hostingEnv)
{
_config = config;
_log = log;
_memoryCache = memoryCache;
_hostingEnv = hostingEnv;
}
/// <summary>
/// </summary>
public GenericUserResources(BusinessDbContext context, ILogger <GenericUserResources> logger, ValidationSender validation, ITokenMemoryCache memoryCache)
{
_context = context;
_logger = logger;
_validation = validation;
_memoryCache = memoryCache;
}
public RefreshTokens(BusinessDbContext context, ISmsSender smsSender,
ILogger <RefreshTokens> logger,
ITokenMemoryCache memoryCache,
TokenAuthOptions tokenOptions,
TokenService tokenService, IHostingEnvironment hostingEnvironment)
{
_context = context;
_smsSender = smsSender;
_logger = logger;
_memoryCache = memoryCache;
_tokenService = tokenService;
_hostingEnvironment = hostingEnvironment;
}
public TempUser Process(ITokenMemoryCache memoryCache, string model)
{
var savedUser = memoryCache.GetForChallenge(model);
if (savedUser == null)
{
throw new CheckValidationTokenException("Customer never received a challenge token");
}
if (!memoryCache.IsEqual(savedUser, model))
{
throw new CheckValidationTokenException("Customer entered in wrong challenge token");
}
return(savedUser);
}
public GenericUserAuth(
BusinessDbContext context,
ValidationSender validation,
ILogger <GenericUserAuth> logger,
ITokenMemoryCache memoryCache,
TokenService tokenService,
IHostingEnvironment hostingEnvironment, ExternalServicesConfig config)
{
_context = context;
_validation = validation;
_logger = logger;
_tokenService = tokenService;
_memoryCache = memoryCache;
_hostingEnvironment = hostingEnvironment;
_config = config;
}
public async Task <GenericUser> Process(IHostingEnvironment hostingEnvironment, ITokenMemoryCache memoryCache, BusinessDbContext context, ValidationSender validation, TempUser tempUser)
{
using (var transaction = context.Database.BeginTransaction())
{
tempUser.PhoneNumber = tempUser.PhoneNumber.CleanPhone();
// Check out our users, if we already someone, then no need to validate, its just an error
var check = await context.Users.AnyAsync(u => (!string.IsNullOrEmpty(u.PhoneNumber) && (u.PhoneNumber == tempUser.PhoneNumber)) || (!string.IsNullOrEmpty(u.Email) && (u.Email == tempUser.Email)));
if (check)
{
throw new ProcessEventException("You have already signed up. Please login instead");
}
// Also need to check if their is any pending validation and in that case we would not take this info
var waitingUeser = context.AllUsers.FirstOrDefault(
u =>
((!string.IsNullOrEmpty(u.PhoneNumber) && u.PhoneNumber == tempUser.PhoneNumber) || (!string.IsNullOrEmpty(u.Email) && u.Email == tempUser.Email)) &&
u.Enabled == false);
if (waitingUeser != null)
{
try
{
if (!string.IsNullOrWhiteSpace(tempUser.Email))
{
Log.Information("Sending Email Validation to {user}", tempUser);
try
{
await validation.SendValidationToEmail(tempUser);
}
catch (Exception e)
{
Console.WriteLine(e);
throw new ProcessEventException("Could not send verification to that email. Please use a different email address");
}
memoryCache.SetForChallenge(tempUser);
}
else if (!string.IsNullOrWhiteSpace(tempUser.PhoneNumber))
{
Log.Information("Sending SMS Validation to {user}", tempUser);
try
{
await validation.SendValidationToSms(tempUser);
}
catch (Exception e)
{
Console.WriteLine(e);
throw new ProcessEventException("Could not send a verification message to that phone number. Please use a number able to receive texts.");
}
memoryCache.SetForChallenge(tempUser);
}
}
catch (Exception e)
{
Log.Error(e, "Error when sending out a validation email to an incoming user {email} , {phone}", tempUser.Email, tempUser.PhoneNumber);
throw new ProcessEventException("Could not send out a validation link to the number or email provided");
}
throw new ProcessEventException("Your already signed up, you just need to confirm your information. Check your inbox or text messages.");
}
// Create a temporary account now, just keep account disabled untill verified.
// TODO: background cron job which purges accounts unvalidated after xxx amount of time
var addr = new Address(tempUser);
context.Address.Add(addr);
var user = new GenericUser()
{
Name = tempUser.Name,
Email = tempUser.Email,
PhoneNumber = tempUser.PhoneNumber,
Address = addr,
UserName = string.IsNullOrEmpty(tempUser.Email) ? tempUser.PhoneNumber : tempUser.Email
};
// Set our join date and last login
user.JoinDate = user.LastLogin = DateTime.Now;
context.AllUsers.Add(user);
context.SaveChanges();
user.SetPassword(tempUser.Password);
context.SaveChanges();
Log.Information("Created a new user, unvalidated {user}", user);
// Need to set our tempUser id to our user
tempUser.Id = user.Id;
// TODO: Remove any chance of this obvious inserurity prior to real production usage via removing the check altogther.
if (Constants.Testing.CheckIfOverride(tempUser) && (hostingEnvironment.IsDevelopment() || hostingEnvironment.IsEnvironment("Testing")))
{
tempUser.Token = Constants.Testing.TestValidationToken;
// Hold our token and tempUser for a while to give our user a chance to validate their info
memoryCache.SetForChallenge(tempUser);
transaction.Commit();
return(user);
}
// We prefer to send validation through email but will send through sms if needed
if (!string.IsNullOrWhiteSpace(tempUser.Email))
{
Log.Information("Sending Email Validation to {user}", user.Email);
await validation.SendValidationToEmail(tempUser);
memoryCache.SetForChallenge(tempUser);
}
else if (!string.IsNullOrWhiteSpace(tempUser.PhoneNumber))
{
Log.Information("Sending SMS Validation to {user}", user.PhoneNumber);
await validation.SendValidationToSms(tempUser);
memoryCache.SetForChallenge(tempUser);
}
transaction.Commit();
return(user);
}
}
