public async Task <IActionResult> SharePassword([FromBody] SharePasswordModel sharePasswordModel, CancellationToken cancellationToken) { var result = await _walletService.SharePassword(sharePasswordModel, HttpContext.User, cancellationToken); if (result.Success) { return(Ok(result)); } return(BadRequest(result)); }
public async Task <Status> SharePassword(SharePasswordModel model, ClaimsPrincipal userClaims, CancellationToken cancellationToken) { var userIdString = userClaims.FindFirst(ClaimTypes.NameIdentifier).Value; Guid.TryParse(userIdString, out Guid userId); var function = await _passwordWalletContext.Functions .FirstOrDefaultAsync(x => x.Name == FunctionName.Wallet.SharePassword, cancellationToken); await LogFunction(function.Id, userId, cancellationToken); var user = _passwordWalletContext.Users.FirstOrDefault(user => user.Login == model.Login); if (user == null) { return(new Status(false, string.Format("User: {0} not exist", model.Login))); } var owner = await _passwordWalletContext.Users .FirstOrDefaultAsync(user => user.Id == userId, cancellationToken); if (owner == null) { return(new Status(false, string.Format("User: {0} not exist", userIdString))); } var password = await _passwordWalletContext.Passwords .FirstOrDefaultAsync(password => password.Id == model.PasswordId, cancellationToken); if (password == null) { return(new Status(false, "Password not found")); } var authorizationResult = await _authorizationService .AuthorizeAsync(userClaims, password, Policy.OnlyOwner); if (!authorizationResult.Succeeded) { return(new Status(false, "You have to be an owner to share password")); } var isExist = _passwordWalletContext.SharedPasswords .Any(x => x.PasswordId == model.PasswordId && x.UserId == user.Id); if (isExist) { return(new Status(false, string.Format("You already share this password to user: {0}", user.Login))); } var sharedPassword = new SharedPassword { PasswordId = password.Id, UserId = user.Id }; await _passwordWalletContext.AddAsync(sharedPassword); await _passwordWalletContext.SaveChangesAsync(cancellationToken); return(new Status(true, "Successful shared password")); }