public DataAccessResponse <string> CreateUser(Dto.ApplicationUser userDto, string password, bool isAuthor)
{
var resp = new DataAccessResponse <string> {
ResponseCode = ResponseCode.Fail
};
bool userExists = true;
if (string.IsNullOrEmpty(userDto.Email))
{
userExists = _db.Users.Any(u => u.UserName == userDto.UserName);
}
else
{
userExists = _db.Users.Any(u => u.UserName == userDto.UserName || u.Email == userDto.Email);
}
if (userExists)
{
resp.ResponseMessage = ErrorMessage.UserExists;
return(resp);
}
var userModel = new ApplicationUser
{
NameSurname = userDto.NameSurname,
Email = userDto.Email ?? "",
EmailConfirmed = userDto.EmailConfirmed,
PhoneNumber = userDto.PhoneNumber,
UserName = userDto.UserName,
Status = userDto.Status,
TwoFactorEnabled = userDto.ContactPermission, // contact permission field matched with twoFactorEnabled column
PasswordHash = HashPassword(password),
SecurityStamp = Guid.NewGuid().ToString()
};
var newUser = _db.Users.Add(userModel);
//if (isAuthor)
//{
// var role = new IdentityUserRole
// {
// UserId = newUser.Id,
// RoleId = DatabaseKey.ApplicationRoleId.Author
// };
// newUser.Roles.Add(role);
//}
_db.SaveChanges();
resp.ResponseCode = ResponseCode.Success;
resp.ResponseData = newUser.Id;
return(resp);
}
public async Task <ResponseBase> Register(ApplicationUser userDto, string password)
{
var resp = new ResponseBase {
Type = ResponseType.Fail
};
var userByName = await _userManager.FindByNameAsync(userDto.UserName);
if (userByName != null)
{
resp.ErrorCode = ErrorCode.UserExists;
return(resp);
}
var userByEmail = await _userManager.FindByEmailAsync(userDto.Email);
if (userByEmail != null)
{
resp.ErrorCode = ErrorCode.UserExists;
return(resp);
}
var userModel = new Dal.Entities.Identity.ApplicationUser
{
Id = userDto.Id,
Email = userDto.Email ?? "",
EmailConfirmed = userDto.EmailConfirmed,
UserName = userDto.UserName,
NameSurname = userDto.NameSurname,
PasswordHash = HashPassword(password),
SecurityStamp = Guid.NewGuid().ToString(),
CreatedAt = userDto.CreatedAt
};
await _userManager.CreateAsync(userModel);
userDto.Id = userModel.Id;
if (userDto.Id == null)
{
//not expected
resp.ErrorCode = ErrorCode.ApplicationException;
_logger.LogError(string.Format("New user {0} cannot be registered.", userDto.Email));
return(resp);
}
//log user registration
_logger.LogInformation(string.Format("New user {0} has registered.", userDto.Id));
resp.Type = ResponseType.Success;
return(resp);
}
public async Task <DataResponse <string> > GetToken(ApplicationUser userDto, string password)
{
var resp = new DataResponse <string>
{
Type = ResponseType.Fail
};
Dal.Entities.Identity.ApplicationUser user;
if (userDto.UserName.Contains("@")) // login via email
{
user = await _userManager.FindByEmailAsync(userDto.Email);
}
else // login via username
{
user = await _userManager.FindByNameAsync(userDto.UserName);
}
if (user == null)
{
resp.ErrorCode = ErrorCode.UserNotFound;
resp.Type = ResponseType.RecordNotFound;
return(resp);
}
var isPasswordValid = await _userManager.CheckPasswordAsync(user, password);
if (!isPasswordValid)
{
resp.ErrorCode = ErrorCode.IncorrectUsernameOrPassword;
return(resp);
}
//get user roles
var roles = await _userManager.GetRolesAsync(user);
//get user claims
var claims = await _userManager.GetClaimsAsync(user);
userDto.Email = user.Email;
userDto.PhoneNumber = user.PhoneNumber;
userDto.Id = user.Id;
userDto.Roles = roles;
userDto.Claims = claims.ToDictionary(p => p.Type, p => p.Value);
var token = GenerateToken(userDto);
resp.Data = token;
resp.Type = ResponseType.Success;
return(resp);
}
public int Edit(Dto.ApplicationUser user)
{
var userModel = _db.Users.Single(u => u.Id == user.Id);
userModel.NameSurname = user.NameSurname;
//userModel.Email = user.Email;
//userModel.PhoneNumber = user.PhoneNumber;
//userModel.Status = user.Status;
_db.Entry(userModel).State = System.Data.Entity.EntityState.Modified;
return(_db.SaveChanges());
}
private string GenerateToken(ApplicationUser user)
{
var handler = new JwtSecurityTokenHandler();
List <Claim> claims = new List <Claim>();
foreach (var userRole in user.Roles)
{
var roleIdentifierClaim = new Claim(ClaimTypes.Role, userRole, ClaimValueTypes.String);
claims.Add(roleIdentifierClaim);
}
var nameIdentifierClaim = new Claim(ClaimTypes.NameIdentifier, user.Id.ToString(), ClaimValueTypes.String);
var emailClaim = new Claim(ClaimTypes.Email, user.Email, ClaimValueTypes.String);
var phoneClaim = new Claim(ClaimTypes.MobilePhone, user.PhoneNumber ?? "", ClaimValueTypes.String);
claims.Add(new Claim("id", user.Id.ToString()));
claims.Add(new Claim("username", user.UserName));
claims.Add(nameIdentifierClaim);
claims.Add(emailClaim);
claims.Add(phoneClaim);
foreach (var userClaim in user.Claims)
{
var id = GetClaimId(userClaim.Value);
claims.Add(new Claim(string.Format(":{0}:", id), id));
}
ClaimsIdentity identity = new ClaimsIdentity(new GenericIdentity(user.Email, "Token"), claims);
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = JwtTokenConstants.Issuer,
Audience = JwtTokenConstants.Audience,
SigningCredentials = JwtTokenConstants.SigningCredentials,
Subject = identity,
Expires = DateTime.Now.Add(JwtTokenConstants.TokenExpirationTime),
NotBefore = DateTime.Now
});
return(handler.WriteToken(securityToken));
}
public Dto.ApplicationUser GetUserInfo(string userId)
{
var query = _db.Users.FirstOrDefault(u => u.Id == userId);
if (query == null)
{
return(null);
}
var user = new Dto.ApplicationUser
{
Id = userId,
NameSurname = query.NameSurname,
Email = query.Email,
UserName = query.UserName,
PhoneNumber = query.PhoneNumber
};
return(user);
}
