public IActionResult UpdateUser(UserRegistrationModel updatedUser) { var resetPassword = false; if (!string.IsNullOrEmpty(updatedUser.Password)) { resetPassword = true; //hash and store the password updatedUser.HashedPassword = _passwordHelper.Hash(updatedUser.Password); } else { //set dummy values so validation doesnt complain when we check for modelstate errors updatedUser.Password = "******"; updatedUser.HashedPassword = "******"; } //dummy values for metadata that doesnt matter since it's on what the user passed in updatedUser.CreatedBy = "bah"; updatedUser.CreatedOn = DateTime.Now; //validate input model ModelState.Clear(); TryValidateModel(updatedUser); if (!ModelState.IsValid) { //if invalid, return validation errors updatedUser.Password = ""; updatedUser.HashedPassword = ""; return(Json(new { error = true, html = this.RenderViewAsync("_editUserPartial", updatedUser).Result })); } // Look for the user var user = _dbContext.Users.SingleOrDefault(x => x.ID == updatedUser.ID); var test = _dbContext.Users.Where(x => x.IsActive).ToList(); var testcount = test.Count(x => x.IsAdmin); //make sure we arent revoking admin privs for the only active admin in the system! this also covers the scenario where we are inactivating the last user if (user.IsAdmin && _dbContext.Users.Where(x => x.IsActive && x.ID != user.ID).Count(x => x.IsAdmin) == 0) { //if invalid, return validation errors ModelState.AddModelError("IsAdmin", "Warning - this user is the last admin in the system! You must create another account with admin access before you can deactivate this account's admin status."); updatedUser.Password = ""; updatedUser.HashedPassword = ""; return(Json(new { error = true, html = this.RenderViewAsync("_editUserPartial", updatedUser).Result })); } //update metadata on the copy we're saving to the DB user.RefreshMetadata(user.UserName); //update the user's info user.UserName = updatedUser.UserName; user.FirstName = updatedUser.FirstName; user.LastName = updatedUser.LastName; user.IsAdmin = updatedUser.IsAdmin; user.IsActive = updatedUser.IsActive; if (resetPassword) { user.HashedPassword = updatedUser.HashedPassword;//already computed, so no need to do so again } //persist to database _dbContext.Users.Update(user); _dbContext.SaveChanges(); //refresh the page updatedUser.Password = ""; updatedUser.HashedPassword = ""; updatedUser.StatusMessage = "Save Successful!"; return(Json(new { error = false, html = this.RenderViewAsync("_editUserPartial", updatedUser).Result })); }
public async Task <IActionResult> RegisterNewUserAsync(UserRegistrationModel newUser) { var adminNewUserSetupMode = ViewBag.IsAdmin ?? false; //update metadata newUser.RefreshMetadata(newUser.UserName); //hash and store the password newUser.HashedPassword = _passwordHelper.Hash(newUser.Password); //mark the user as active by default newUser.IsActive = true; //validate input model ModelState.Clear(); TryValidateModel(newUser); if (!ModelState.IsValid) { //if invalid, return validation errors ModelState.AddModelError("", "Invalid input detected"); newUser.Password = ""; newUser.HashedPassword = ""; return(View("Register", newUser)); } //if another user with the same user name exists, add a validation message and return the validation message to the page if (_dbContext.Users.Any(x => x.UserName == newUser.UserName)) { ModelState.AddModelError("UserName", "User Name already exists - please pick a different user name."); newUser.Password = ""; newUser.HashedPassword = ""; return(View("Register", newUser)); } //if this is the only user in the system, make them an admin if (_dbContext.Users.Where(x => x.IsActive).Count() == 0) { newUser.IsAdmin = true; } else { newUser.IsAdmin = false; } //persist to database _dbContext.Users.Add(newUser); _dbContext.SaveChanges(); if (adminNewUserSetupMode) { //redirect back to user management screen return(RedirectToAction("ManageUsers", "Admin")); } else { //log in the user await LoginUserAsync(newUser.UserName, newUser.RememberMe); //redirect to the home page return(RedirectToAction("Index", "Inventory")); } }