protected override async Task <OperationResult> DoExecute(RemindLoginDto request)
{
User user;
if (string.IsNullOrEmpty(request.Pesel))
{
user = await _dbContext.Users.FirstOrDefaultAsync(u => u.Email == request.Email &&
u.EmailVerified == true &&
u.Pesel == null &&
u.Name == request.Name &&
u.Surname == request.Surname);
}
else
{
user = await _dbContext.Users.FirstOrDefaultAsync(u => u.Email == request.Email &&
u.EmailVerified == true &&
u.Pesel == request.Pesel);
}
if (user == null)
{
//Security issue: always return 200 even if user was no found
return(new OperationSucceded());
}
_sendEmailCommand.Execute(new EmailDto()
{
To = user.Email,
Title = EmailContentConfiguration.LoginRemindedTitle,
Body = EmailContentConfiguration.LoginRemindedBody(user.CandidateId)
});
return(new OperationSucceded());
}
public override async Task <OperationResult> Execute(ResetPasswordDto request)
{
if (string.IsNullOrWhiteSpace(request.Login))
{
return(new OperationSucceded());
}
User user = await _dbContext.Users.SingleAsync(u => u.EmailVerified && u.CandidateId == request.Login);
var passwordReset = new PasswordReset()
{
UserId = user.Id,
Id = Guid.NewGuid(),
InsertDateTime = DateTime.UtcNow
};
_dbContext.PasswordResets.Add(passwordReset);
await _dbContext.SaveChangesAsync();
_sendEmailCommand.Execute(new EmailDto()
{
To = user.Email,
Title = EmailContentConfiguration.ResetPasswordTitle,
Body = EmailContentConfiguration.ResetPasswordBody(_endpointConfig.SetNewPassword(passwordReset.Id.ToString()))
});
return(new OperationSucceded());
}
public override async Task <string> Execute(Guid request)
{
var email = _dbContext.ConfirmationEmails
.Include(ce => ce.User)
.FirstOrDefault(ce => ce.Id == request);
if (email == null)
{
throw new EmailVerificationTokenNotFoundException();
}
if (email.Used)
{
return(email.User.CandidateId);
}
email.Used = true;
var user = email.User;
user.EmailVerified = true;
await AssignCandidateId(user);
await _dbContext.SaveChangesAsync();
_sendEmailCommand.Execute(new EmailDto()
{
To = user.Email,
Title = EmailContentConfiguration.EmailVerifiedTitle,
Body = EmailContentConfiguration.EmailVerifiedBody(user.CandidateId)
});
return(user.CandidateId);
}
protected async override Task <int> DoExecute(RegisterDto request)
{
int alreaddyRegisteredUsers = _dbContext.Users.Count(u => u.Email == request.Email);
if (alreaddyRegisteredUsers >= _businessConfiguration.AllowedAccountsWithSameEmail)
{
throw new ValidationFailedException()
{
ValidationResult = new ValidationResult("Na ten email zarejestrowanych jest już za dużo użytkowników")
};
}
var user = new User
{
Email = request.Email,
Name = request.Name,
Surname = request.Surname,
Pesel = request.Pesel,
CandidateId = null,
PasswordHash = _passwordHasher.HashPassword(request.Password),
EmailVerified = false,
BirthDate = request.BirthDate.Value
};
EntityEntry <User> result = _dbContext.Users.Add(user);
await _dbContext.SaveChangesAsync();
if (!result.IsKeySet)
{
throw new Exception("Registration Failed");
}
Guid token = await GenerateEmailConfirmationToken(result.Entity.Id);
_sendEmailCommand.Execute(new EmailDto()
{
Body = EmailContentConfiguration.RegisteredBody(_endpointConfig.ConfirmEmail(token.ToString())),
Title = EmailContentConfiguration.RegisteredTitle,
To = user.Email
});
return(result.Entity.Id);
}