/// <summary>
/// POST /admin/user
///
/// creates a new user.
///
/// returns HTTP Response =>
/// 201 Created
/// Location: http://localhost/admin/user/{Username}
/// </summary>
public object Post(UserRequest user)
{
var new_user = new DBUser();
// TODO explicit mapping
new_user.PopulateWith(user);
// TODO move into RequestFilter
if (string.IsNullOrEmpty(user.Username))
{
throw new ArgumentNullException("user.Username");
}
// TODO move into RequestFilter
if (!(user.Username.IsOnlySafeChars() &&
user.Password.IsOnlySafeChars() &&
user.EmailAddress.Replace("@", "").IsOnlySafeChars()))
{
throw new ArgumentException("found unsafe/unallowed characters");
}
// TODO move into RequestFilter
// lowercase the username
new_user.Username = new_user.Username.ToLower();
using (var conn = DbConfig.GetConnection()) {
var existing_user = conn.FirstOrDefault <DBUser> ("Username = {0}", new_user.Username);
if (existing_user != null)
{
throw new ConflictException()
{
ErrorMessage = "A user by that name already exists"
}
}
;
conn.Insert <DBUser> (new_user);
}
return(new HttpResult(new_user)
{
StatusCode = HttpStatusCode.Created,
StatusDescription = "Sucessfully created user " + new_user.Username,
Headers =
{
{ HttpHeaders.Location, base.Request.AbsoluteUri.CombineWith(new_user.Username) }
}
});
}
// TODO see if we can directly use DBUser
// update existing user
public object Put(UserRequest updated_user)
{
var user = new DBUser();
// TODO make explicit mapping
user.PopulateWith(updated_user);
using (var conn = DbConfig.GetConnection()) {
var stored_user = conn.FirstOrDefault <DBUser>("Username = {0}", user.Username);
if (stored_user == null)
{
// user did not exist, can't update
return(new HttpResult {
Status = 404,
StatusDescription = "User " + user.Username + " was not found," +
" and can't be updated. Try using HTTP POST to create a new user"
});
}
if (user.Password == "")
{
// password was not sent so use the old password
// TODO hashing
user.Password = stored_user.Password;
}
conn.Update <DBUser> (user, u => u.Username == user.Username);
}
Logger.DebugFormat("updating user information for user {0}", user.Username);
// do not return the password over the wire
user.Password = "";
return(new HttpResult(user)
{
StatusCode = System.Net.HttpStatusCode.OK,
StatusDescription = "Successfully updated user " + user.Username
});
}
public object Post(SignupUserRequest req)
{
req.AdditionalData = "";
req.Username = req.Username.ToLower();
// assert password is safe enough
if (!req.Password.IsSafeAsPassword())
{
throw new ValidationException()
{
ErrorMessage = "Password is unsafe"
}
}
;
// assert username is not already taken
using (var db = DbConfig.GetConnection()) {
var user = db.FirstOrDefault <DBUser> (u => u.Username == req.Username);
if (user != null)
{
throw new ConflictException()
{
ErrorMessage = "A user by that name already exists"
}
}
;
}
// assert email is not already registered
using (var db = DbConfig.GetConnection()) {
var user = db.FirstOrDefault <DBUser> (u => u.EmailAddress == req.EmailAddress);
if (user != null)
{
throw new ConflictException()
{
ErrorMessage = "The emailaddress is already registered"
}
}
;
}
// assert all required fields are filled
var db_user = new DBUser();
db_user.PopulateWith(req);
db_user.IsActivated = false;
db_user.IsVerified = false;
db_user.VerifySecret = Guid.NewGuid().ToString().Replace("-", "");
// write user to db
using (var db = DbConfig.GetConnection()) {
db.Insert <DBUser> (db_user);
}
return(new HttpResult()
{
StatusCode = HttpStatusCode.OK
});
}
public object Post(SignupUserRequest req)
{
if (!JsonConfig.Config.Global.AllowSignup)
{
throw new Rainy.ErrorHandling.UnauthorizedException();
}
req.AdditionalData = "";
req.Username = req.Username.ToLower();
// assert password is safe enough
//if (!req.Password.IsSafeAsPassword ())
// throw new ValidationException () {ErrorMessage = "Password is unsafe"};
// assert username is not already taken
using (var db = connFactory.OpenDbConnection()) {
var user = db.FirstOrDefault <DBUser> (u => u.Username == req.Username);
if (user != null)
{
throw new ConflictException()
{
ErrorMessage = "A user by that name already exists"
}
}
;
// assert email is not already registered
user = db.FirstOrDefault <DBUser> (u => u.EmailAddress == req.EmailAddress);
if (user != null)
{
throw new ConflictException()
{
ErrorMessage = "The emailaddress is already registered"
}
}
;
}
// assert all required fields are filled
var db_user = new DBUser();
db_user.PopulateWith(req);
db_user.IsActivated = false;
if (JsonConfig.Config.Global.RequireModeration == false)
{
db_user.IsActivated = true;
}
db_user.IsVerified = true;
db_user.VerifySecret = Guid.NewGuid().ToString().Replace("-", "");
db_user.CreateCryptoFields(req.Password);
db_user.Password = "";
// write user to db
using (var db = connFactory.OpenDbConnection()) {
db.Insert <DBUser> (db_user);
}
return(new HttpResult()
{
StatusCode = HttpStatusCode.OK
});
}
