public async Task <IActionResult> InviteUser(int id, [FromBody] InviteViewModel model) { var userId = User.GetUserId(); if (model.UserId == userId) { return(this.BadRequestError("You can't invite yourself.")); } var ev = await _eventService.GetEventByIdAsync(id, nameof(Event.Period), nameof(Event.Owner)); if (userId != ev.Owner.Id) { return(this.BadRequestError("Only owner can invite users.")); } if (ev.IsPrivate) { return(this.BadRequestError("You can't invite users on private event.")); } if (ev.IsOld(DateTime.UtcNow)) { return(this.BadRequestError("You can't invite users on events from the past.")); } await _eventService.InviteUserAsync(ev.Id, model.UserId, userId, model.IsReadOnly); var invitation = await _invitationService.GetInvitationAsync(id, model.UserId); await _invitationManager.UserInvitedAsync(model.UserId, _mapper.Map <InvitationViewModel>(invitation)); return(Ok()); }
public async Task <IActionResult> OnPostAsync(string returnUrl = null) { returnUrl = returnUrl ?? Url.Content("~/"); ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList(); // check email var existingUser = await _userManager.FindByEmailAsync(Input.Email); if (existingUser != null) { ModelState.AddModelError("email", "Email is already used by another user."); } // check username existingUser = await _userManager.FindByNameAsync(Input.Username); if (existingUser != null) { ModelState.AddModelError("username", "Username is already taken."); } var inviteRequirementMet = true; if (InvitationRequired && !_securityService.IsAdminInConfig(Input.Username)) { if (string.IsNullOrEmpty(Input.InvitationCode)) { ModelState.AddModelError("code", "Please enter the Invitation Code."); } else { var userId = await _invitationService.GetInvitationAsync(Input.Email, Input.InvitationCode); inviteRequirementMet = !string.IsNullOrEmpty(userId); if (!inviteRequirementMet) { ModelState.AddModelError("code", "Invitation Code is invalid."); } } } if (existingUser == null && inviteRequirementMet && ModelState.IsValid) { string avatarHash = string.Empty; using (var md5 = MD5.Create()) { var hash = md5.ComputeHash(Encoding.ASCII.GetBytes(Input.Email)); avatarHash = BitConverter.ToString(hash).Replace("-", "").ToLower(); } var user = new ApplicationUser() { UserName = Input.Username, Email = Input.Email, AvatarHash = avatarHash }; var result = await _userManager.CreateAsync(user, Input.Password); if (result.Succeeded) { _logger.LogInformation("User created a new account with password."); await _profileService.Add(user); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var siteUrl = _configuration["SiteUrl"]; var callbackUrl = Url.Action( "ConfirmEmail", "Account", values: new { area = "Identity", userId = user.Id, code = code }, protocol: Request.Scheme); await _emailSender.SendEmailAsync(Input.Email, "Confirm your email", $"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>clicking here</a>."); if (_userManager.Options.SignIn.RequireConfirmedAccount) { return(RedirectToPage("RegisterConfirmation", new { email = Input.Email })); } else { await _signInManager.SignInAsync(user, isPersistent : false); return(LocalRedirect(returnUrl)); } } foreach (var error in result.Errors) { ModelState.AddModelError(string.Empty, error.Description); } } // If we got this far, something failed, redisplay form return(Page()); }