public async Task AddHardwareVaultAsync(string employeeId, string vaultId) { if (employeeId == null) { throw new ArgumentNullException(nameof(employeeId)); } if (vaultId == null) { throw new ArgumentNullException(nameof(vaultId)); } _dataProtectionService.Validate(); var employee = await GetEmployeeByIdAsync(employeeId); if (employee == null) { throw new Exception("Employee not found"); } if (employee.HardwareVaults.Count > 0) { throw new Exception("Cannot add more than one hardware vault."); } var vault = await _hardwareVaultService.GetVaultByIdAsync(vaultId); if (vault == null) { throw new Exception($"Vault {vault} not found"); } if (vault.Status != VaultStatus.Ready) { throw new Exception($"Vault {vaultId} in a status that does not allow to reserve."); } vault.EmployeeId = employeeId; vault.Status = VaultStatus.Reserved; vault.IsStatusApplied = false; vault.MasterPassword = _dataProtectionService.Encrypt(GenerateMasterPassword()); var accounts = await GetAccountsByEmployeeIdAsync(employeeId); var tasks = new List <HardwareVaultTask>(); // Create a task for accounts that were created without a vault foreach (var account in accounts.Where(x => x.Password != null)) { tasks.Add(_hardwareVaultTaskService.GetAccountCreateTask(vault.Id, account.Id, account.Password, account.OtpSecret)); } if (tasks.Count > 0) { vault.NeedSync = true; } using (TransactionScope transactionScope = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled)) { await _hardwareVaultService.UpdateVaultAsync(vault); await _hardwareVaultService.CreateVaultActivationAsync(vaultId); if (tasks.Count > 0) { await _hardwareVaultTaskService.AddRangeTasksAsync(tasks); } transactionScope.Complete(); } }