public async Task <IActionResult> CreateMember(CreateMemberModel model)
{
bool checkEmailDomain = _identityService.ValidateEmailDomain(model.Email);
if (!checkEmailDomain)
{
return(Unauthorized(AppResult.InvalidEmailDomain()));
}
var entity = await _identityService.GetUserByEmailAsync(model.Email);
if (entity != null)
{
var validationData = new ValidationData();
validationData = validationData.Fail(code: AppResultCode.EmailExisted);
return(BadRequest(AppResult.FailValidation(validationData)));
}
var emailInfo = model.Email.GetEmailInfo();
entity = _identityService.ConvertToUser(model, emailInfo.Item3);
using (var transaction = context.Database.BeginTransaction())
{
model.Roles = model.Roles ?? new HashSet <string>();
if (model.CreateDepartmentMembers.Any(o => o.IsManager == true) ||
model.CreateAreaMembers.Any(o => o.IsManager == true))
{
model.Roles.Add(RoleName.MANAGER);
}
var result = await _identityService
.CreateUserWithoutPassAsync(entity, model.Roles);
if (!result.Succeeded)
{
foreach (var err in result.Errors)
{
ModelState.AddModelError(err.Code, err.Description);
}
var builder = ResultHelper.MakeInvalidAccountRegistrationResults(ModelState);
return(BadRequest(builder));
}
_logger.CustomProperties(entity).Info("Register new user");
var memberEntity = _service.CreateMember(model, entity, emailInfo);
//log event
var ev = _sysService.GetEventForNewUser(
$"Admin has created a user with email {model.Email}",
UserId);
_sysService.CreateAppEvent(ev);
//end log event
context.SaveChanges();
transaction.Commit();
}
return(NoContent());
}
public async Task <IActionResult> LogIn(AuthorizationGrantModel model)
{
var validationData = _service.ValidateLogin(User, model);
if (!validationData.IsValid)
{
return(BadRequest(AppResult.FailValidation(data: validationData)));
}
AppUser entity;
switch (model.grant_type)
{
case "password":
case null:
{
entity = await
_service.AuthenticateAsync(model.username, model.password);
if (entity == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid username or password")));
}
}
break;
case "refresh_token":
{
var validResult = _service.ValidateRefreshToken(model.refresh_token);
if (validResult == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid refresh token")));
}
entity = await _service.GetUserByIdAsync(validResult.Identity.Name);
if (entity == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid user identity")));
}
}
break;
case "firebase_token":
{
FirebaseToken validResult = await _service.ValidateFirebaseToken(model.firebase_token);
if (validResult == null)
{
return(Unauthorized(AppResult
.Unauthorized(mess: "Invalid Firebase token")));
}
UserRecord userRecord = await FirebaseAuth.DefaultInstance.GetUserAsync(validResult.Uid);
bool checkEmailDomain = _service.ValidateEmailDomain(userRecord.Email);
if (!checkEmailDomain)
{
return(Unauthorized(AppResult.InvalidEmailDomain()));
}
entity = await _service.GetUserByEmailAsync(userRecord.Email);
var userExisted = entity != null;
if (!userExisted || !entity.LoggedIn)
{
using (var transaction = context.Database.BeginTransaction())
{
Member memberEntity;
if (!userExisted)
{
var emailInfo = userRecord.Email.GetEmailInfo();
entity = _service.ConvertToUser(userRecord, emailInfo.Item3);
var result = await _service
.CreateUserWithoutPassAsync(entity);
if (!result.Succeeded)
{
foreach (var err in result.Errors)
{
ModelState.AddModelError(err.Code, err.Description);
}
var builder = ResultHelper.MakeInvalidAccountRegistrationResults(ModelState);
return(BadRequest(builder));
}
_logger.CustomProperties(entity).Info("Register new user");
memberEntity = _memberService.ConvertToMember(entity, entity.MemberCode);
memberEntity = _memberService.CreateMember(memberEntity);
}
else
{
entity = _service.UpdateUser(entity, userRecord);
var result = await _service.UpdateUserAsync(entity);
if (!result.Succeeded)
{
foreach (var err in result.Errors)
{
ModelState.AddModelError(err.Code, err.Description);
}
var builder = ResultHelper.MakeInvalidAccountRegistrationResults(ModelState);
return(BadRequest(builder));
}
memberEntity = _memberService.Members.Id(entity.Id).FirstOrDefault();
memberEntity = _memberService.UpdateMember(memberEntity, entity);
}
//log event
var ev = _sysService.GetEventForNewUser(
$"{memberEntity.Email} has logged into system for the first time",
memberEntity.UserId);
_sysService.CreateAppEvent(ev);
//end log event
context.SaveChanges();
transaction.Commit();
}
}
}
break;
default:
return(BadRequest(AppResult.Unsupported("Unsupported grant type")));
}
var identity =
await _service.GetIdentityAsync(entity, JwtBearerDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var utcNow = DateTime.UtcNow;
var props = new AuthenticationProperties()
{
IssuedUtc = utcNow,
ExpiresUtc = utcNow.AddHours(WebApi.Settings.Instance.TokenValidHours)
};
props.Parameters["refresh_expires"] = utcNow.AddHours(
WebApi.Settings.Instance.RefreshTokenValidHours);
var resp = _service.GenerateTokenResponse(principal, props, model.scope ?? AppOAuthScope.ROLES);
_logger.CustomProperties(entity).Info("Login user");
return(Ok(resp));
}
