public object Post(SignupUserRequest req)
{
req.AdditionalData = "";
req.Username = req.Username.ToLower ();
// assert password is safe enough
if (!req.Password.IsSafeAsPassword ())
throw new ValidationException () {ErrorMessage = "Password is unsafe"};
// assert username is not already taken
using (var db = DbConfig.GetConnection ()) {
var user = db.FirstOrDefault<DBUser> (u => u.Username == req.Username);
if (user != null)
throw new ConflictException () {ErrorMessage = "A user by that name already exists"};
}
// assert email is not already registered
using (var db = DbConfig.GetConnection ()) {
var user = db.FirstOrDefault<DBUser> (u => u.EmailAddress == req.EmailAddress);
if (user != null)
throw new ConflictException () {ErrorMessage = "The emailaddress is already registered"};
}
// assert all required fields are filled
var db_user = new DBUser ();
db_user.PopulateWith (req);
db_user.IsActivated = false;
db_user.IsVerified = false;
db_user.VerifySecret = Guid.NewGuid ().ToString ().Replace("-", "");
// write user to db
using (var db = DbConfig.GetConnection ()) {
db.Insert<DBUser> (db_user);
}
return new HttpResult () {
StatusCode = HttpStatusCode.OK
};
}
// TODO see if we can directly use DBUser
// update existing user
public object Put(UserRequest updated_user)
{
var user = new DBUser ();
// TODO make explicit mapping
user.PopulateWith (updated_user);
using (var conn = DbConfig.GetConnection ()) {
var stored_user = conn.FirstOrDefault<DBUser>("Username = {0}", user.Username);
if (stored_user == null) {
// user did not exist, can't update
return new HttpResult {
Status = 404,
StatusDescription = "User " + user.Username + " was not found," +
" and can't be updated. Try using HTTP POST to create a new user"
};
}
if (user.Password == "") {
// password was not sent so use the old password
// TODO hashing
user.Password = stored_user.Password;
}
conn.Update<DBUser> (user, u => u.Username == user.Username);
}
Logger.DebugFormat ("updating user information for user {0}", user.Username);
// do not return the password over the wire
user.Password = "";
return new HttpResult (user) {
StatusCode = System.Net.HttpStatusCode.OK,
StatusDescription = "Successfully updated user " + user.Username
};
}
/// <summary>
/// POST /admin/user
///
/// creates a new user.
///
/// returns HTTP Response =>
/// 201 Created
/// Location: http://localhost/admin/user/{Username}
/// </summary>
public object Post(UserRequest user)
{
var new_user = new DBUser ();
// TODO explicit mapping
new_user.PopulateWith (user);
// TODO move into RequestFilter
if (string.IsNullOrEmpty (user.Username))
throw new InvalidRequestDtoException { ErrorMessage = "Username was empty" };
if (string.IsNullOrEmpty (user.Password))
throw new InvalidRequestDtoException { ErrorMessage = "Password was empty" };
// TODO move into RequestFilter
if (! (user.Username.IsOnlySafeChars ()
&& user.Password.IsOnlySafeChars ()
&& user.EmailAddress.Replace ("@", "").IsOnlySafeChars ())) {
throw new ValidationException { ErrorMessage = "found unsafe/unallowed characters" };
}
// TODO move into RequestFilter
// lowercase the username
new_user.Username = new_user.Username.ToLower ();
// TODO move into API
new_user.CreateCryptoFields (user.Password);
using (var conn = connFactory.OpenDbConnection ()) {
var existing_user = conn.FirstOrDefault<DBUser> ("Username = {0}", new_user.Username);
if (existing_user != null)
throw new ConflictException (){ErrorMessage = "A user by that name already exists"};
conn.Insert<DBUser> (new_user);
}
return new HttpResult (new_user) {
StatusCode = HttpStatusCode.Created,
StatusDescription = "Sucessfully created user " + new_user.Username,
Headers = {
{ HttpHeaders.Location, base.Request.AbsoluteUri.CombineWith (new_user.Username) }
}
};
}
public object Post(SignupUserRequest req)
{
if (!JsonConfig.Config.Global.AllowSignup)
throw new Rainy.ErrorHandling.UnauthorizedException ();
req.AdditionalData = "";
req.Username = req.Username.ToLower ();
// assert password is safe enough
//if (!req.Password.IsSafeAsPassword ())
// throw new ValidationException () {ErrorMessage = "Password is unsafe"};
// assert username is not already taken
using (var db = connFactory.OpenDbConnection ()) {
var user = db.FirstOrDefault<DBUser> (u => u.Username == req.Username);
if (user != null)
throw new ConflictException () {ErrorMessage = "A user by that name already exists"};
// assert email is not already registered
user = db.FirstOrDefault<DBUser> (u => u.EmailAddress == req.EmailAddress);
if (user != null)
throw new ConflictException () {ErrorMessage = "The emailaddress is already registered"};
}
// assert all required fields are filled
var db_user = new DBUser ();
db_user.PopulateWith (req);
db_user.IsActivated = false;
if (JsonConfig.Config.Global.RequireModeration == false)
db_user.IsActivated = true;
db_user.IsVerified = true;
db_user.VerifySecret = Guid.NewGuid ().ToString ().Replace("-", "");
db_user.CreateCryptoFields (req.Password);
db_user.Password = "";
// write user to db
using (var db = connFactory.OpenDbConnection ()) {
db.Insert<DBUser> (db_user);
}
return new HttpResult () {
StatusCode = HttpStatusCode.OK
};
}
