Exemple #1
0
        public async Task ExecuteAsync(UpdateUserCommand command, IExecutionContext executionContext)
        {
            // Get User
            var user = await _dbContext
                       .Users
                       .FilterCanLogIn()
                       .FilterById(command.UserId)
                       .SingleOrDefaultAsync();

            EntityNotFoundException.ThrowIfNull(user, command.UserId);

            // Validate
            var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);

            ValidatePermissions(userArea, executionContext);
            ValidateCommand(command, userArea);
            await ValidateIsUnique(command, userArea);

            // Role
            if (command.RoleId != user.RoleId)
            {
                user.Role = await _userCommandPermissionsHelper.GetAndValidateNewRoleAsync(command.RoleId, user.UserAreaCode, executionContext);
            }

            // Map
            Map(command, user, userArea);

            // Save
            await _dbContext.SaveChangesAsync();
        }
Exemple #2
0
        private void ValidateUserArea(string userAreaCode)
        {
            var userArea = _userAreaRepository.GetByCode(userAreaCode);

            if (!userArea.AllowPasswordLogin)
            {
                throw new InvalidOperationException("Cannot reset the password because the " + userArea.Name + " user area does not allow password logins.");
            }
        }
Exemple #3
0
        public void Execute(AddUserCommand command, IExecutionContext executionContext)
        {
            var userArea   = _userAreaRepository.GetByCode(command.UserAreaCode);
            var dbUserArea = QueryUserArea(userArea).SingleOrDefault();

            dbUserArea = AddUserAreaIfNotExists(userArea, dbUserArea);

            ValidateCommand(command, userArea);
            var isUnique = _queryExecutor.Execute(GetUniqueQuery(command, userArea), executionContext);

            ValidateIsUnique(isUnique, userArea);

            var newRole = _userCommandPermissionsHelper.GetAndValidateNewRole(command.RoleId, command.UserAreaCode, executionContext);

            var user = MapAndAddUser(command, executionContext, newRole, userArea, dbUserArea);

            _dbContext.SaveChanges();

            command.OutputUserId = user.UserId;
        }
        public void ValidatePermissions(User user, IExecutionContext executionContext)
        {
            var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);

            if (userArea is CofoundryAdminUserArea)
            {
                _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext);
            }
            else
            {
                _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext);
            }
        }
Exemple #5
0
        public UserContext Map(User dbUser)
        {
            if (dbUser == null)
            {
                return(null);
            }

            var cx = _mapper.Map <UserContext>(dbUser);

            cx.UserArea = _userAreaRepository.GetByCode(dbUser.UserAreaCode);

            return(cx);
        }
        public async Task ExecuteAsync(EnsureUserAreaExistsCommand command, IExecutionContext executionContext)
        {
            var userArea = _userAreaRepository.GetByCode(command.UserAreaCode);

            EntityNotFoundException.ThrowIfNull(userArea, command.UserAreaCode);

            var dbUserArea = await _dbContext
                             .UserAreas
                             .SingleOrDefaultAsync(a => a.UserAreaCode == userArea.UserAreaCode);

            if (dbUserArea == null)
            {
                dbUserArea = new UserArea();
                dbUserArea.UserAreaCode = userArea.UserAreaCode;
                dbUserArea.Name         = userArea.Name;

                _dbContext.UserAreas.Add(dbUserArea);
            }
        }
        private PasswordResetRequestAuthenticationResult ValidatePasswordRequest(UserPasswordResetRequest request, ValidatePasswordResetRequestQuery query, IExecutionContext executionContext)
        {
            if (request == null || request.Token != query.Token)
            {
                throw new InvalidOperationException("Invalid password request - Id: " + query.UserPasswordResetRequestId + " Token: " + request.Token);
            }

            if (request.User.UserAreaCode != query.UserAreaCode)
            {
                throw new InvalidOperationException("Request received through an invalid route");
            }

            if (request.User.IsDeleted || request.User.IsSystemAccount)
            {
                throw new InvalidOperationException("User not permitted to change password");
            }

            var userArea = _userAreaRepository.GetByCode(request.User.UserAreaCode);

            if (!userArea.AllowPasswordLogin)
            {
                throw new InvalidOperationException("Cannot update the password to account in a user area that does not allow password logins.");
            }

            var result = new PasswordResetRequestAuthenticationResult();

            result.IsValid = true;

            if (request.IsComplete)
            {
                result.IsValid = false;
                result.ValidationErrorMessage = "The password recovery request is no longer valid.";
            }

            if (!IsPasswordRecoveryDateValid(request.CreateDate, executionContext))
            {
                result.IsValid = false;
                result.ValidationErrorMessage = "The password recovery request has expired.";
            }

            return(result);
        }
Exemple #8
0
        private void UpdatePassword(UpdateCurrentUserUserPasswordCommand command, IExecutionContext executionContext, User user)
        {
            EntityNotFoundException.ThrowIfNull(user, executionContext.UserContext.UserId);
            var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);

            if (!userArea.AllowPasswordLogin)
            {
                throw new InvalidOperationException("Cannot update the password to account in a user area that does not allow password logins.");
            }

            if (!_userAuthenticationHelper.IsPasswordCorrect(user, command.OldPassword))
            {
                throw new PropertyValidationException("Incorrect password", "OldPassword");
            }

            user.RequirePasswordChange  = false;
            user.LastPasswordChangeDate = executionContext.ExecutionDate;

            var hashResult = _passwordCryptographyService.CreateHash(command.NewPassword);

            user.Password = hashResult.Hash;
            user.PasswordEncryptionVersion = (int)hashResult.EncryptionVersion;
        }
Exemple #9
0
        public bool IsPasswordCorrect(User user, string password)
        {
            if (user == null)
            {
                return(false);
            }

            var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);

            if (!userArea.AllowPasswordLogin)
            {
                throw new InvalidOperationException("This user is not permitted to log in with a password.");
            }

            if (String.IsNullOrWhiteSpace(user.Password) || !user.PasswordEncryptionVersion.HasValue)
            {
                throw new InvalidOperationException("Cannot authenticate via password because the specified account does not have a password set.");
            }

            bool result = _cryptographyService.Verify(password, user.Password, (PasswordEncryptionVersion)user.PasswordEncryptionVersion.Value);

            return(result);
        }
Exemple #10
0
        private async Task UpdateEmail(UpdateCurrentUserAccountCommand command, int userId, User user)
        {
            var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);

            if (userArea.UseEmailAsUsername && user.Username != command.Email)
            {
                var uniqueQuery = new IsUsernameUniqueQuery()
                {
                    Username     = command.Email,
                    UserId       = userId,
                    UserAreaCode = CofoundryAdminUserArea.AreaCode
                };

                if (!await _queryExecutor.ExecuteAsync(uniqueQuery))
                {
                    throw new PropertyValidationException("This email is already registered", "Email");
                }

                user.Username = command.Email;
            }

            user.Email = command.Email;
        }