public async Task <IActionResult> DeleteRole(uint id)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest());
            }
            Role r = await Db.Roles.FindAsync(id);

            Db.Remove(r);
            await Db.SaveChangesAsync();

            return(RedirectToAction("ViewRoles"));
        }
Exemple #2
0
        public async Task <IActionResult> Register(RegisterRequest req, [FromQuery] string redirect = "")
        {
            if (!ModelState.IsValid)
            {
                return(View());
            }
            try
            {
                ViewData["RedirectTo"] = new PathString(redirect);
            }
            catch (ArgumentException)
            {
                ViewData["RedirectTo"] = new PathString("");
            }
            var user = await Db.Users.SingleOrDefaultAsync(x => x.Username == req.Username && x.FullName == req.FullName);

            if (user != null)
            {
                ModelState.AddModelError("", "User already exists");
                return(View());
            }
            Invite inv = await Db.Invites
                         .SingleAsync(x => x.Uid == req.InviteID);

            User newUser = new User()
            {
                RoleId       = inv.RoleId, // Anonymous role
                Username     = req.Username,
                FullName     = req.FullName,
                PasswordSalt = AuthUtils.GetRandomData(64)
            };

            newUser.PasswordHash = AuthUtils.GetHashFor(req.Password, newUser.PasswordSalt);
            await Db.AddAsync(newUser);

            Db.Remove(inv);
            await Db.SaveChangesAsync();

            var userIdentity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);

            userIdentity.AddClaims(new Claim[] {
                new Claim(ClaimTypes.PrimarySid, newUser.Id.ToString()),
                new Claim(ClaimTypes.NameIdentifier, newUser.Username),
                new Claim(ClaimTypes.Name, newUser.FullName),
                new Claim(ClaimTypes.Role, newUser.RoleId.ToString())
            });
            var principal = new ClaimsPrincipal(userIdentity);
            await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);

            try
            {
                return(Redirect(new PathString(redirect)));
            }
            catch (ArgumentException)
            {
                return(RedirectToAction("News", "Issue"));
            }
        }
        public async Task RemoveAsync(string key)
        {
            using (var ctx = new PBugContext(dbOptions))
            {
                Session s = await ctx.Sessions.FindAsync(Convert.FromBase64String(key));

                if (s != null)
                {
                    ctx.Remove(s);
                    await ctx.SaveChangesAsync();
                }
            }
        }
Exemple #4
0
        public async Task <IActionResult> EditIssue([FromRoute] uint id, EditIssueRequest req)
        {
            if (!ModelState.IsValid)
            {
                return(View());
            }

            Issue i = await Db.Issues.FindAsync(id);

            if (!HttpContext.UserCan("issue.editissue.all") &&
                !(HttpContext.UserCan("issue.editissue.own") && ((int?)i.AuthorId ?? -1) == HttpContext.User.GetUserId()))
            {
                if (HttpContext.User.IsAnonymous())
                {
                    return(Challenge());
                }
                else
                {
                    return(Forbid());
                }
            }

            string[] filesremovedproc = JsonSerializer.Deserialize <string[]>(req.RemovedFiles);

            if (filesremovedproc.Length > 0 ||
                req.NewName != i.Name ||
                req.NewTags != i.Tags ||
                req.NewDescription != i.Description ||
                req.NewProjectID != i.ProjectId ||
                req.NewAssigneeID != i.AssigneeId ||
                req.NewStatus != i.Status ||
                HttpContext.Request.Form.Files.Count > 0)
            {
                await Db.IssueActivities.AddIssueActivity(HttpContext, id, new EditIssueActivity()
                {
                    OldName        = i.Name,
                    NewName        = req.NewName,
                    OldTags        = i.Tags,
                    NewTags        = req.NewTags ?? "",
                    OldDescription = i.Description,
                    NewDescription = req.NewDescription,
                    OldProjectId   = i.ProjectId,
                    NewProjectId   = req.NewProjectID,
                    OldAssigneeId  = i.AssigneeId,
                    NewAssigneeId  = req.NewAssigneeID == -1 ? null : new uint?((uint)req.NewAssigneeID),
                    OldStatus      = i.Status,
                    NewStatus      = req.NewStatus
                });

                i.Name        = req.NewName;
                i.Tags        = req.NewTags ?? "";
                i.Description = req.NewDescription;
                i.ProjectId   = req.NewProjectID;
                i.AssigneeId  = req.NewAssigneeID == -1 ? null : new uint?((uint)req.NewAssigneeID);
                i.Status      = req.NewStatus;

                foreach (string uid in filesremovedproc)
                {
                    if (Path.GetFileName(uid) != uid)
                    {
                        // Something's fishy...
                        return(Forbid());
                    }
                    Db.Remove(await Db.IssueFiles.FirstAsync(x => x.FileId == uid));
                    System.IO.File.Delete(Path.Combine("files", uid));
                }

                List <(IssueFile, IFormFile)> toProcess = new List <(IssueFile, IFormFile)>();

                foreach (IFormFile file in HttpContext.Request.Form.Files)
                {
                    toProcess.Add((
                                      (await Db.IssueFiles.AddAsync(new IssueFile()
                    {
                        Issue = i,
                        FileName = file.FileName,
                        FileId = Convert.ToBase64String(AuthUtils.GetRandomData(12))
                                 .Replace('/', '_')
                                 .Replace('+', '-')
                    })).Entity,
                                      file));
                }

                await Db.SaveChangesAsync();

                foreach ((IssueFile, IFormFile)pack in toProcess)
                {
                    using (FileStream fs = System.IO.File.OpenWrite(Path.Combine("files", pack.Item1.FileId)))
                        await pack.Item2.CopyToAsync(fs);
                }
            }

            return(RedirectToAction("ViewTalk", new { id = id }));
        }