[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks
public async Task <IActionResult> Edit(string id, PutUserModel putUserModel)
{
try
{
AuthorizeHelper.Authorize(this.HttpContext, "Administrator", this.GetType().Name, "Edit", "user");
var userId = HttpContext.Session.GetString("_Id");
var user = await _moviemindAPIService.GetModel <GetUserModel>(userId, "users");
if (user.Id == Guid.Parse(id) || HttpContext.User.IsInRole("Editor"))
{
if (ModelState.IsValid)
{
await _moviemindAPIService.PutModel <PutUserModel>(id, putUserModel, "users");
return(RedirectToRoute(new { action = "Index", controller = "Users" }));
}
return(View(putUserModel));
}
else
{
return(RedirectToRoute(new { action = "Index", controller = "Users" }));
}
}
catch (MovieMindException e)
{
return(ErrorHelper.HandleError(e, this.View(putUserModel)));
}
}
public void PutAUserWithExistingUserPasses()
{
var mock = new Mock <IUserRepository>();
var username = "******";
var email = "*****@*****.**";
var id = 1;
var putUserModel = new PutUserModel
{
Username = username,
Active = true,
EmailAddress = email
};
var userModel = new UserModel
{
Id = id,
PassWord = "******",
UserName = "******",
Active = true,
Created = new DateTime(),
EmailAddress = "*****@*****.**",
Updated = new DateTime()
};
mock.Setup(e => e.CheckIfIdExists(id)).Returns(true);
mock.Setup(e => e.CheckIfUserExists(username)).Returns(false);
mock.Setup(e => e.CheckIfEmailExists(email)).Returns(false);
mock.Setup(e => e.GetSingleUser(id)).Returns(userModel);
var service = new UsersLogic(mock.Object);
service.UpdateAUser(id, putUserModel);
mock.Verify(x => x.Update(It.IsAny <UserModel>()), Times.Exactly(1));
}
public void UpdateAUser(int id, PutUserModel user)
{
var userExists = _userRepository.CheckIfIdExists(id);
if (!userExists)
{
throw new HttpNotFoundException(
$"Unable to patch user because it does not exist, id provided was: {id}");
}
var userToUpdate = _userRepository.GetSingleUser(id);
if (user.EmailAddress != null)
{
CheckIfEmailExists(user.EmailAddress);
userToUpdate.EmailAddress = user.EmailAddress;
}
if (user.Username != null)
{
CheckIfUserExists(user.Username);
userToUpdate.UserName = user.Username;
}
if (!user.Active)
{
userToUpdate.Active = false;
}
userToUpdate.Updated = DateTime.UtcNow;
_userRepository.Update(userToUpdate);
}
public async Task <IActionResult> Edit(string id)
{
try
{
AuthorizeHelper.Authorize(this.HttpContext, "Administrator", this.GetType().Name, "Edit", "user");
GetUserModel getUserModel = await _moviemindAPIService.GetModel <GetUserModel>(id, "users");
PutUserModel putUserModel = new PutUserModel
{
FirstName = getUserModel.FirstName,
LastName = getUserModel.LastName,
Email = getUserModel.Email,
Roles = getUserModel.Roles
};
return(View(putUserModel));
}
catch (MovieMindException e)
{
return(ErrorHelper.HandleError(e));
}
}
public async Task <IActionResult> PutUser(string id, PutUserModel putUserModel)
{
try
{
if (!Guid.TryParse(id, out Guid userId))
{
throw new GuidException("Invalid id", this.GetType().Name, "PutUser", "400");
}
await _userRepository.PutUser(id, putUserModel);
return(NoContent());
}
catch (MovieMindException e)
{
if (e.MovieMindError.Status.Equals("404"))
{
return(NotFound(e.MovieMindError));
}
else
{
return(BadRequest(e.MovieMindError));
}
}
}
public IActionResult Update([FromQuery] int id, [FromBody] PutUserModel user)
{
_usersLogic.UpdateAUser(id, user);
return(new NoContentResult());
}
public async Task PutUser(string id, PutUserModel putUserModel)
{
if (_user.Claims.Where(x => x.Type.Contains("role")).Count() == 1 &&
_user.IsInRole("Guest") &&
_user.Identity.Name != id.ToString())
{
throw new ForbiddenException("No access to change this users data", this.GetType().Name, "PutUser", "403");
}
try
{
if (putUserModel.Roles == null)
{
throw new IdentityException("User must have at least one role", this.GetType().Name, "PutUser", "400");
}
User user = await _context.Users.FirstOrDefaultAsync(x => x.Id == Guid.Parse(id));
if (user == null)
{
throw new EntityException("User not found", this.GetType().Name, "PutUser", "404");
}
user.FirstName = putUserModel.FirstName;
user.LastName = putUserModel.LastName;
user.Email = putUserModel.Email;
IdentityResult result = await _userManager.UpdateAsync(user);
if (!result.Succeeded)
{
string description = result.Errors.First().Description;
if (description.Contains("is already taken"))
{
description = "This email is already registered";
}
throw new IdentityException(description, this.GetType().Name, "PutUser", "400");
}
else
{
await _userManager.RemoveFromRolesAsync(user, await _userManager.GetRolesAsync(user));
await _userManager.AddToRolesAsync(user, putUserModel.Roles);
}
}
catch (MovieMindException)
{
throw;
}
catch (Exception e)
{
if (e.GetType().Name.Equals("InvalidOperationException"))
{
throw new IdentityException(e.Message, this.GetType().Name, "PutUser", "400");
}
throw new DatabaseException(e.InnerException.Message, this.GetType().Name, "PutUser", "400");
}
}
