// Remove a new user according to: // UserName // Note: This operation cannot be recovered. // public async Task <IHttpActionResult> RemoveUser(iS3LoginUser loginUser) { if (loginUser == null) { return(BadRequest("Argument Null")); } var user = await dbContext.Users.FirstOrDefaultAsync(c => c.UserName == loginUser.UserName); if (user == null) { return(BadRequest("User does not exists")); } var userName = RequestContext.Principal.Identity.GetUserName(); if (string.Compare(loginUser.UserName, userName, true) == 0) { return(BadRequest("Cannot remove self")); } dbContext.Users.Remove(user); await dbContext.SaveChangesAsync(); string success = string.Format("User {0} removed successfully.", loginUser.UserName); return(Ok(success)); }
// Change password of current user, the following three passwords should be provided. // OldPassword, Password, ConfirmPassword // Note: This operation cannot be recovered. // public async Task <IHttpActionResult> ChangePassword(iS3LoginUser loginUser) { if (loginUser == null) { return(BadRequest("Argument Null")); } if (loginUser.OldPassword == null || loginUser.OldPassword.Length == 0) { return(BadRequest("Old password could not be empty")); } if (loginUser.Password != loginUser.ConfirmPassword) { return(BadRequest("Password not consistent")); } var userName = RequestContext.Principal.Identity.GetUserName(); var user = await dbContext.Users.FirstAsync(c => c.UserName == userName); var userID = user.Id; var manager = Request.GetOwinContext().GetUserManager <iS3UserManager>(); var result = await manager.ChangePasswordAsync(userID, loginUser.OldPassword, loginUser.Password); if (!result.Succeeded) { return(BadRequest(result.Errors.FirstOrDefault())); } await dbContext.SaveChangesAsync(); return(Ok("Password changed")); }
//[Authorize(Roles = "Admin")] // Add a new user according to: // UserName, Password, Role // public async Task <IHttpActionResult> AddUser(iS3LoginUser loginUser) { if (loginUser == null) { return(BadRequest("Argument Null")); } if (loginUser.Password != loginUser.ConfirmPassword) { return(BadRequest("Password not consistent")); } string password = loginUser.Password; // Erase the password for safety. loginUser.Password = null; loginUser.ConfirmPassword = null; var userExists = await dbContext.Users.AnyAsync(c => c.UserName == loginUser.UserName); if (userExists) { //var exist = await dbContext.Users.FirstAsync(c => c.UserName == user.UserName); return(BadRequest("User already exists")); } var manager = new iS3UserManager(new UserStore <iS3IdentityUser>(dbContext)); var user = new iS3IdentityUser(loginUser.UserName); var result = await manager.CreateAsync(user, password); if (!result.Succeeded) { return(BadRequest(result.Errors.FirstOrDefault())); } await manager.AddClaimAsync(user.Id, new Claim(ClaimTypes.Name, loginUser.UserName)); await manager.AddClaimAsync(user.Id, new Claim(ClaimTypes.Role, loginUser.Role)); // add a claim to Identity.Claims // Claim.Type = iS3ClaimTypes.AuthorizedProjects, // Claim.Value = user.AuthorizedProjects // //await manager.AddClaimAsync(user.Id, // new Claim(iS3ClaimTypes.AuthorizedProjects, loginUser.AuthorizedProjects)); await dbContext.SaveChangesAsync(); string success = string.Format("User {0} created successfully.", loginUser.UserName); return(Ok(success)); }