public IActionResult Edit(int id,
EditProductViewModel model)
{
try
{
var domain = Service <TemplateDomain>();
var product = domain.GetProductById(id);
if (product == null)
{
return(NotFound(new ApiResult()
{
Code = ResultCode.NotFound,
Message = ResultCode.NotFound.DisplayName()
}));
}
domain.EditProduct(product, model);
_uow.SaveChanges();
_logger.CustomProperties(new { id, model }).Info("Edit product");
return(NoContent());
}
catch (Exception e)
{
_logger.Error(e);
return(Error(new ApiResult()
{
Code = ResultCode.UnknownError,
Message = ResultCode.UnknownError.DisplayName() + ": " + e.Message
}));
}
}
public async Task <IActionResult> CreateMember(CreateMemberModel model)
{
bool checkEmailDomain = _identityService.ValidateEmailDomain(model.Email);
if (!checkEmailDomain)
{
return(Unauthorized(AppResult.InvalidEmailDomain()));
}
var entity = await _identityService.GetUserByEmailAsync(model.Email);
if (entity != null)
{
var validationData = new ValidationData();
validationData = validationData.Fail(code: AppResultCode.EmailExisted);
return(BadRequest(AppResult.FailValidation(validationData)));
}
var emailInfo = model.Email.GetEmailInfo();
entity = _identityService.ConvertToUser(model, emailInfo.Item3);
using (var transaction = context.Database.BeginTransaction())
{
model.Roles = model.Roles ?? new HashSet <string>();
if (model.CreateDepartmentMembers.Any(o => o.IsManager == true) ||
model.CreateAreaMembers.Any(o => o.IsManager == true))
{
model.Roles.Add(RoleName.MANAGER);
}
var result = await _identityService
.CreateUserWithoutPassAsync(entity, model.Roles);
if (!result.Succeeded)
{
foreach (var err in result.Errors)
{
ModelState.AddModelError(err.Code, err.Description);
}
var builder = ResultHelper.MakeInvalidAccountRegistrationResults(ModelState);
return(BadRequest(builder));
}
_logger.CustomProperties(entity).Info("Register new user");
var memberEntity = _service.CreateMember(model, entity, emailInfo);
//log event
var ev = _sysService.GetEventForNewUser(
$"Admin has created a user with email {model.Email}",
UserId);
_sysService.CreateAppEvent(ev);
//end log event
context.SaveChanges();
transaction.Commit();
}
return(NoContent());
}
public async Task <IActionResult> OnPost(Business.Models.LoginModel model,
string return_url = Constants.Routing.DASHBOARD)
{
SetPageInfo();
//this is auto handled by anti-forgery: return 400 bad request
if (User.Identity.IsAuthenticated)
{
Message = "Already logged in";
MessageTitle = "Already logged in";
return(this.MessageView());
}
var entity = await identityService.AuthenticateAsync(model.username, model.password);
if (entity != null)
{
#region Custom Signin for extra claims store
var principal = await identityService.GetApplicationPrincipalAsync(entity);
var utcNow = DateTime.UtcNow;
var cookieProps = new AuthenticationProperties()
{
IssuedUtc = utcNow,
};
if (model.remember_me)
{
cookieProps.IsPersistent = true;
cookieProps.ExpiresUtc = utcNow.AddHours(Settings.Instance.CookiePersistentHours);
}
await HttpContext.SignInAsync(principal.Identity.AuthenticationType,
principal, cookieProps);
#endregion
_logger.CustomProperties(entity).Info("Login user");
#region Generate token
var identity =
await identityService.GetIdentityAsync(entity, JwtBearerDefaults.AuthenticationScheme);
principal = new ClaimsPrincipal(identity);
var props = new AuthenticationProperties()
{
IssuedUtc = utcNow,
ExpiresUtc = utcNow.AddHours(WebAdmin.Settings.Instance.TokenValidHours)
};
props.Parameters["refresh_expires"] = utcNow.AddHours(
WebAdmin.Settings.Instance.RefreshTokenValidHours);
var resp = identityService.GenerateTokenResponse(principal, props);
#endregion
return(LocalRedirect($"{Constants.Routing.INDEX}?access_token=" +
$"{resp.access_token}" +
$"&refresh_token={resp.refresh_token}" +
$"&expires_utc={resp.expires_utc}" +
$"&issued_utc={resp.issued_utc}" +
$"&token_type={resp.token_type}&" +
$"&return_url={return_url}"));
}
Message = "Invalid username or password";
return(Page());
}
public IActionResult Edit(int id,
EditGroupViewModel model)
{
try
{
if (ModelState.IsValid)
{
var domain = Service <GroupDomain>();
var group = domain.Groups.Id(id);
if (group == null)
{
return(NotFound(new ApiResult()
{
Code = ResultCode.NotFound,
Message = ResultCode.NotFound.DisplayName()
}));
}
domain.EditGroup(group, model);
var ev = _eDomain.EditGroup(group, User);
_uow.SaveChanges();
var data = new Dictionary <string, string>();
data["title"] = "Your group is edited";
data["message"] = ev.Message;
_eDomain.Notify(new Message
{
Topic = $"GROUP_MEMBER_{group.Id}",
Data = data
});
_logger.CustomProperties(new { id, model }).Info("Edit group");
return(NoContent());
}
var message = "";
if (ModelState.ContainsKey("name"))
{
message += string.Join('\n',
ModelState["name"].Errors.Select(e => e.ErrorMessage).ToList());
}
return(BadRequest(new ApiResult()
{
Code = ResultCode.FailValidation,
Data = ModelState,
Message = message
}));
}
catch (Exception e)
{
_logger.Error(e);
return(Error(new ApiResult()
{
Code = ResultCode.UnknownError,
Message = ResultCode.UnknownError.DisplayName() + ": " + e.Message
}));
}
}
public async Task <IActionResult> LogIn([FromForm] AuthorizationGrantModel model)
{
var validationData = _service.ValidateLogin(User, model);
if (!validationData.IsValid)
{
return(BadRequest(AppResult.FailValidation(data: validationData)));
}
AppUser entity = null;
switch (model.grant_type)
{
case "password":
case null:
{
entity = await
_service.AuthenticateAsync(model.username, model.password);
if (entity == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid username or password")));
}
}
break;
case "refresh_token":
{
var validResult = _service.ValidateRefreshToken(model.refresh_token);
if (validResult == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid refresh token")));
}
entity = await _service.GetUserByIdAsync(validResult.Identity.Name);
if (entity == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid user identity")));
}
}
break;
default:
return(BadRequest(AppResult
.Unsupported("Unsupported grant type")));
}
var identity =
await _service.GetIdentityAsync(entity, JwtBearerDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var utcNow = DateTime.UtcNow;
var props = new AuthenticationProperties()
{
IssuedUtc = utcNow,
ExpiresUtc = utcNow.AddHours(WebApi.Settings.Instance.TokenValidHours)
};
props.Parameters["refresh_expires"] = utcNow.AddHours(
WebApi.Settings.Instance.RefreshTokenValidHours);
var resp = _service.GenerateTokenResponse(principal, props, model.scope);
_logger.CustomProperties(entity).Info("Login user");
return(Ok(resp));
}
public IActionResult Edit(int id,
EditTaskViewModel model)
{
try
{
if (ModelState.IsValid)
{
var domain = Service <TaskDomain>();
var task = domain.Tasks.Id(id);
if (task == null)
{
return(NotFound(new ApiResult()
{
Code = ResultCode.NotFound,
Message = ResultCode.NotFound.DisplayName()
}));
}
domain.EditTask(task, model);
var ev = _eDomain.EditTask(task, User);
_uow.SaveChanges();
if (task.OfUser != task.CreatedUser)
{
var data = new Dictionary <string, string>();
data["title"] = "Your task has been edited";
data["message"] = ev.Message;
_eDomain.Notify(new Message
{
Topic = User.Identity.Name == task.OfUser ? task.CreatedUser : task.OfUser,
Data = data
});
}
_logger.CustomProperties(new { id, model }).Info("Edit task");
return(NoContent());
}
var message = "";
if (ModelState.ContainsKey("name"))
{
message += string.Join('\n',
ModelState["name"].Errors.Select(e => e.ErrorMessage).ToList());
}
return(BadRequest(new ApiResult()
{
Code = ResultCode.FailValidation,
Data = ModelState,
Message = message
}));
}
catch (Exception e)
{
_logger.Error(e);
return(Error(new ApiResult()
{
Code = ResultCode.UnknownError,
Message = ResultCode.UnknownError.DisplayName() + ": " + e.Message
}));
}
}
public async Task <IActionResult> LogIn(AuthorizationGrantModel model)
{
var validationData = _service.ValidateLogin(User, model);
if (!validationData.IsValid)
{
return(BadRequest(AppResult.FailValidation(data: validationData)));
}
AppUser entity;
switch (model.grant_type)
{
case "password":
case null:
{
entity = await
_service.AuthenticateAsync(model.username, model.password);
if (entity == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid username or password")));
}
}
break;
case "refresh_token":
{
var validResult = _service.ValidateRefreshToken(model.refresh_token);
if (validResult == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid refresh token")));
}
entity = await _service.GetUserByIdAsync(validResult.Identity.Name);
if (entity == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid user identity")));
}
}
break;
case "firebase_token":
{
FirebaseToken validResult = await _service.ValidateFirebaseToken(model.firebase_token);
if (validResult == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid Firebase token")));
}
UserRecord userRecord = await FirebaseAuth.DefaultInstance.GetUserAsync(validResult.Uid);
bool checkEmailDomain = _service.ValidateEmailDomain(userRecord.Email);
if (!checkEmailDomain)
{
return(Unauthorized(AppResult.InvalidEmailDomain()));
}
entity = await _service.GetUserByEmailAsync(userRecord.Email);
var userExisted = entity != null;
if (!userExisted || !entity.LoggedIn)
{
using (var transaction = context.Database.BeginTransaction())
{
Member memberEntity;
if (!userExisted)
{
var emailInfo = userRecord.Email.GetEmailInfo();
entity = _service.ConvertToUser(userRecord, emailInfo.Item3);
var result = await _service
.CreateUserWithoutPassAsync(entity);
if (!result.Succeeded)
{
foreach (var err in result.Errors)
{
ModelState.AddModelError(err.Code, err.Description);
}
var builder = ResultHelper.MakeInvalidAccountRegistrationResults(ModelState);
return(BadRequest(builder));
}
_logger.CustomProperties(entity).Info("Register new user");
memberEntity = _memberService.ConvertToMember(entity, entity.MemberCode);
memberEntity = _memberService.CreateMember(memberEntity);
}
else
{
entity = _service.UpdateUser(entity, userRecord);
var result = await _service.UpdateUserAsync(entity);
if (!result.Succeeded)
{
foreach (var err in result.Errors)
{
ModelState.AddModelError(err.Code, err.Description);
}
var builder = ResultHelper.MakeInvalidAccountRegistrationResults(ModelState);
return(BadRequest(builder));
}
memberEntity = _memberService.Members.Id(entity.Id).FirstOrDefault();
memberEntity = _memberService.UpdateMember(memberEntity, entity);
}
//log event
var ev = _sysService.GetEventForNewUser(
$"{memberEntity.Email} has logged into system for the first time",
memberEntity.UserId);
_sysService.CreateAppEvent(ev);
//end log event
context.SaveChanges();
transaction.Commit();
}
}
}
break;
default:
return(BadRequest(AppResult.Unsupported("Unsupported grant type")));
}
var identity =
await _service.GetIdentityAsync(entity, JwtBearerDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var utcNow = DateTime.UtcNow;
var props = new AuthenticationProperties()
{
IssuedUtc = utcNow,
ExpiresUtc = utcNow.AddHours(WebApi.Settings.Instance.TokenValidHours)
};
props.Parameters["refresh_expires"] = utcNow.AddHours(
WebApi.Settings.Instance.RefreshTokenValidHours);
var resp = _service.GenerateTokenResponse(principal, props, model.scope ?? AppOAuthScope.ROLES);
_logger.CustomProperties(entity).Info("Login user");
return(Ok(resp));
}
public async Task <IActionResult> OnPost(Business.Models.LoginModel model,
string return_url = Routing.DASHBOARD)
{
SetPageInfo();
//this is auto handled by anti-forgery: return 400 bad request
if (User.Identity.IsAuthenticated)
{
Message = "Can only logged in once at a time";
MessageTitle = "Already logged in";
return(this.MessageView());
}
FirebaseToken validResult = await identityService.ValidateFirebaseToken(model.firebase_token);
if (validResult == null)
{
Message = "Invalid firebase token";
return(Page());
}
UserRecord userRecord = await FirebaseAuth.DefaultInstance.GetUserAsync(validResult.Uid);
bool checkEmailDomain = identityService.ValidateEmailDomain(userRecord.Email);
if (!checkEmailDomain)
{
Message = "Invalid email domain";
return(Page());
}
AppUser entity = await identityService.GetUserByEmailAsync(userRecord.Email);
if (entity == null)
{
Message = "Access denied";
return(Page());
}
if (!entity.LoggedIn)
{
using (var transaction = context.Database.BeginTransaction())
{
Member memberEntity;
entity = identityService.UpdateUser(entity, userRecord);
var result = await identityService.UpdateUserAsync(entity);
if (!result.Succeeded)
{
foreach (var err in result.Errors)
{
ModelState.AddModelError(err.Code, err.Description);
}
var builder = ResultHelper.MakeInvalidAccountRegistrationResults(ModelState);
return(BadRequest(builder));
}
memberEntity = memberService.Members.Id(entity.Id).FirstOrDefault();
memberEntity = memberService.UpdateMember(memberEntity, entity);
//log event
var ev = systemService.GetEventForNewUser(
$"{memberEntity.Email} has logged into system for the first time",
memberEntity.UserId);
systemService.CreateAppEvent(ev);
//end log event
context.SaveChanges();
transaction.Commit();
}
}
#region Custom Signin for extra claims store
var principal = await identityService.GetApplicationPrincipalAsync(entity);
var validationData = identityService.ValidateLoginAdmin(principal, entity);
if (!validationData.IsValid)
{
Message = string.Join("<br/>", validationData.Results.Select(o => o.Message));
return(Page());
}
var utcNow = DateTime.UtcNow;
var cookieProps = new AuthenticationProperties()
{
IssuedUtc = utcNow,
};
if (model.remember_me)
{
cookieProps.IsPersistent = true;
cookieProps.ExpiresUtc = utcNow.AddHours(Settings.Instance.CookiePersistentHours);
}
await HttpContext.SignInAsync(principal.Identity.AuthenticationType,
principal, cookieProps);
#endregion
_logger.CustomProperties(entity).Info("Login user");
#region Generate token
var identity =
await identityService.GetIdentityAsync(entity, JwtBearerDefaults.AuthenticationScheme);
principal = new ClaimsPrincipal(identity);
var props = new AuthenticationProperties()
{
IssuedUtc = utcNow,
ExpiresUtc = utcNow.AddHours(WebAdmin.Settings.Instance.TokenValidHours)
};
props.Parameters["refresh_expires"] = utcNow.AddHours(
WebAdmin.Settings.Instance.RefreshTokenValidHours);
var resp = identityService.GenerateTokenResponse(principal, props, AppOAuthScope.ROLES);
_logger.CustomProperties(entity).Info("Login user");
#endregion
return(LocalRedirect($"{Routing.INDEX}?access_token=" +
$"{resp.access_token}" +
$"&refresh_token={resp.refresh_token}" +
$"&expires_utc={resp.expires_utc}" +
$"&issued_utc={resp.issued_utc}" +
$"&token_type={resp.token_type}&" +
$"&return_url={return_url}"));
}
public async Task <IActionResult> LogIn([FromForm] AuthorizationGrantModel model)
{
var validationResult = _service.ValidateLogin(User, model);
if (!validationResult.Valid)
{
return(BadRequest(validationResult.Result));
}
AppUser entity = null;
switch (model.grant_type)
{
case "password":
case null:
{
entity = await
_service.AuthenticateAsync(model.username, model.password);
if (entity == null)
{
return(Unauthorized(new AppResultBuilder()
.Unauthorized(mess: "Invalid username or password")));
}
}
break;
case "refresh_token":
{
var validResult = _service.ValidateRefreshToken(model.refresh_token);
if (validResult == null)
{
return(Unauthorized(new AppResultBuilder()
.Unauthorized(mess: "Invalid refresh token")));
}
entity = await _service.GetUserByIdAsync(validResult.Identity.Name);
if (entity == null)
{
return(Unauthorized(new AppResultBuilder()
.Unauthorized(mess: "Invalid user identity")));
}
}
break;
default:
return(BadRequest(new AppResultBuilder()
.Unsupported("Unsupported grant type")));
}
var identity =
await _service.GetIdentityAsync(entity, JwtBearerDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var utcNow = DateTime.UtcNow;
var props = new AuthenticationProperties()
{
IssuedUtc = utcNow,
ExpiresUtc = utcNow.AddHours(WebApi.Settings.Instance.TokenValidHours)
};
props.Parameters["refresh_expires"] = utcNow.AddHours(
WebApi.Settings.Instance.RefreshTokenValidHours);
var resp = _service.GenerateTokenResponse(principal, props, model.scope);
_logger.CustomProperties(entity).Info("Login user");
if (principal.IsInRole(RoleName.Device))
{
if (model.fcm_token == null)
{
return(BadRequest(new AppResultBuilder()
.FailValidation(mess: "FCM Token is required for device login")));
}
using (var trans = context.Database.BeginTransaction())
{
var device = _deviceService.Devices.Id(entity.Id).FirstOrDefault();
var oldFcmToken = device.CurrentFcmToken;
_deviceService.ChangeDeviceToken(device, model.fcm_token, resp.access_token);
context.SaveChanges();
_service.LoginDevice(device, oldFcmToken, model.fcm_token);
trans.Commit();
}
}
return(Ok(resp));
}
public async Task <IActionResult> LogIn(AuthorizationGrantViewModel model)
{
try
{
AppUsers user = null;
switch (model.grant_type)
{
case "password":
case null:
{
user = await
_iDomain.AuthenticateAsync(model.username, model.password);
if (user == null)
{
return(Unauthorized(new ApiResult()
{
Code = ResultCode.Unauthorized,
Message = "Invalid username or password"
}));
}
}
break;
case "refresh_token":
{
var validResult = _iDomain.ValidateRefreshToken(model.refresh_token);
if (validResult == null)
{
return(Unauthorized(new ApiResult()
{
Code = ResultCode.Unauthorized,
Message = "Invalid refresh_token"
}));
}
user = await _iDomain.GetUserById(validResult.Identity.Name);
if (user == null)
{
return(Unauthorized(new ApiResult()
{
Code = ResultCode.Unauthorized,
Message = "Invalid user identity"
}));
}
}
break;
default:
return(BadRequest(new ApiResult()
{
Code = ResultCode.Unsupported,
Message = "Unsupported grant_type"
}));
}
var identity =
await _iDomain.GetIdentityAsync(user, JwtBearerDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var utcNow = DateTime.UtcNow;
var props = new AuthenticationProperties()
{
IssuedUtc = utcNow,
ExpiresUtc = utcNow.AddHours(App.Instance.TokenValidHours)
};
var ticket = new AuthenticationTicket(principal, props,
principal.Identity.AuthenticationType);
var resp = _iDomain.GenerateTokenResponse(ticket);
if (model.fcm_token != null)
{
var linkResult = await _iDomain.LinkFCMToken(user, model.fcm_token);
if (!linkResult.Succeeded)
{
throw new Exception("Can not link FCM token");
}
}
_logger.CustomProperties(user).Info("Login user");
return(Ok(resp));
}
catch (Exception e)
{
_logger.Error(e);
return(Error(new ApiResult()
{
Code = ResultCode.UnknownError,
Message = ResultCode.UnknownError.DisplayName() + ": " + e.Message
}));
}
}
