public async Task <SearchUserAccountsResponse> SearchUserAccounts([FromBody] SearchUserAccountsRequest request)
{
var response = new SearchUserAccountsResponse();
if (response.InitializeFromModelStateIfInvalid(ModelState))
{
return(response);
}
if (request.UserAccountSearchCriteria.SiteAccountID.HasValue)
{
string email = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value;
UserAccount user = await _userAccountGetByEmail.ExecuteAsync(email, true);
AuthorizationResult authResult = await _authorizationService.AuthorizeAsync(User,
new SiteAccountUserAccountRoleModel { SiteAccountID = request.UserAccountSearchCriteria.SiteAccountID.Value, UserAccount = user },
new SiteAccountRoleRequirement(new Role[] { Role.AdminRole, Role.OwnerRole, Role.BasicRole }));
if (!authResult.Succeeded)
{
return new SearchUserAccountsResponse {
ResponseError = new ResponseError {
ErrorMessage = "Not Authed"
}
}
}
;
}
response.UserAccounts = _userAccountSearch.Execute(request.UserAccountSearchCriteria)
.Select(user => user.RemoveSensitiveData());
return(response);
}
}
public async Task <DeletePostResponse> DeletePost([FromBody] DeletePostRequest deletePostRequest)
{
string email = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value;
UserAccount user = await _userAccountGetByEmail.ExecuteAsync(email, true);
AuthorizationResult authResult = await _authorizationService.AuthorizeAsync(User,
new SiteAccountUserAccountRoleModel { SiteAccountID = deletePostRequest.SiteAccountID, UserAccount = user },
new SiteAccountRoleRequirement(new Role[] { Role.AdminRole, Role.OwnerRole, Role.BasicRole }));
if (authResult.Succeeded)
{
await AzureStorage.DeletePostImage(deletePostRequest.PostID);
await _postDelete.ExecuteAsync(deletePostRequest.PostID);
}
return(new DeletePostResponse {
PostID = deletePostRequest.PostID
});
}
public async Task <ValidateUserContextResponse> ValidateUserContext([FromBody] ValidateUserContextRequest request)
{
var response = new ValidateUserContextResponse();
if (response.InitializeFromModelStateIfInvalid(ModelState))
{
return(response);
}
string authedEmail = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value;
if (authedEmail != request.Email)
{
return(BuildErrorResponse(response, ResponseError.ResponseErrorType.ModelValidation, "invalid email"));
}
var user = await _userAccountGetByEmail.ExecuteAsync(request.Email);
if (user == null)
{
return(BuildErrorResponse(response, ResponseError.ResponseErrorType.ModelValidation, "invalid email"));
}
// Try to pull out a cached key using the provided token
string hashedToken = Cryptography.Hash(request.Token, user.UserAccountSalt);
string serverToken = _cache.Get <string>(hashedToken);
// Even if its there we will be using a new token next time so remove this one.
_cache.Remove(hashedToken);
if (serverToken != user.EmailAddress)// Make sure it matches the user making the request.
{
return(BuildErrorResponse(response, ResponseError.ResponseErrorType.ModelValidation, "invalid token"));
}
response.NewToken = Guid.NewGuid().ToString();
_cache.Set <string>(Cryptography.Hash(response.NewToken, user.UserAccountSalt), user.EmailAddress, TimeSpan.FromMinutes(30));
response.UserAcount = user;//.RemoveSensitiveData();
return(response);
}
public async Task <SaveSiteAccountResponse> Save([FromBody] SaveSiteAccountRequest request)
{
SaveSiteAccountResponse response = new SaveSiteAccountResponse();
if (response.InitializeFromModelStateIfInvalid(ModelState))
{
return(response);
}
if (request.ShouldUpdateAllProps)
{
await _siteAccountUpsert.ExecuteAsync(request.SiteAccount);
}
else
{
var existingSite = _siteAccountSearch.Execute(new SiteAccountSearchCriteria
{
IncludedSiteAccounts = new List <Guid> {
request.SiteAccount.ID
}
}).First();
request.SiteAccount.CopyProperties(existingSite,
(propInfo, source, target) => request.PropsToUpdate.Contains(propInfo.Name));
if (request.SiteAccountUserAccounts.Any(saua => saua.RoleID != Role.GuestRoleID ||
saua.IsActive))
{
string email = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value;
UserAccount user = await _userAccountGetByEmail.ExecuteAsync(email, true);
AuthorizationResult authResult = await _authorizationService.AuthorizeAsync(User,
new SiteAccountUserAccountRoleModel { SiteAccountID = request.SiteAccount.ID, UserAccount = user },
new SiteAccountRoleRequirement(new Role[] { Role.AdminRole, Role.OwnerRole, Role.BasicRole }));
if (!authResult.Succeeded)
{
return new SaveSiteAccountResponse {
ResponseError = new ResponseError {
ErrorMessage = "Not Authed"
}
}
}
;
}
foreach (var saua in request.SiteAccountUserAccounts)
{
saua.SiteAccountID = existingSite.ID;
var existingSiteUser = existingSite.SiteAccountUserAccounts.FirstOrDefault(user => user.UserAccountID == saua.UserAccountID);
if (existingSiteUser != null)
{
existingSite.SiteAccountUserAccounts.Remove(existingSiteUser);
}
existingSite.SiteAccountUserAccounts.Add(saua);
}
await _siteAccountUpsert.ExecuteAsync(existingSite);
}
return(response);
}
}
public static Func <OAuthCreatingTicketContext, Task> New(AuthenticationProvider provider)
{
async Task CreateTask(OAuthCreatingTicketContext context)
{
// Create the request for user data
var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
// Send Request and get response
var response = await context.Backchannel.SendAsync(request,
HttpCompletionOption.ResponseHeadersRead, context.HttpContext.RequestAborted);
JObject contentJObject = JObject.Parse(await response.Content.ReadAsStringAsync());
UserAccount userAccount = new UserAccount();
// Parse the response for the email, names, and avatar url
switch (provider)
{
case AuthenticationProvider.Github:
userAccount.AddGitHubEmailAddress(contentJObject);
break;
case AuthenticationProvider.Google:
userAccount.AddGoogleEmail(contentJObject)
.AddGoogleNames(contentJObject)
.AddGoogleAvatarLink(contentJObject);
break;
}
// If an Email wasnt parsed fail out
if (string.IsNullOrEmpty(userAccount.EmailAddress))
{
context.Fail("No Email Provided.");
return;
}
// Check for existing user. Create if not exists. update.
UserAccountGetByEmail userAccountGetByEmail = new UserAccountGetByEmail(new IPManDataContext(ConfigurationService.Configuration));
UserAccountUpsert userAccountUpsert = new UserAccountUpsert(new IPManDataContext(ConfigurationService.Configuration));
UserAccount preExistingUser = await userAccountGetByEmail.ExecuteAsync(userAccount.EmailAddress, true);
if (preExistingUser == null)
{
userAccount.AddCreatedData();
}
else
{
userAccount = preExistingUser;
}
userAccount.AddLoginData(provider);
await userAccountUpsert.ExecuteAsync(userAccount, preExistingUser == null);
context.Identity.AddClaim(new Claim("TempSalt", userAccount.UserAccountSalt));
context.Success();
}
return(CreateTask);
}
