public async Task <ActionResult> UpdateUserEasyPassword(
[FromRoute, Required] Guid userId,
[FromBody, Required] UpdateUserEasyPassword request)
{
if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
{
return(StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the easy password."));
}
var user = _userManager.GetUserById(userId);
if (user == null)
{
return(NotFound("User not found"));
}
if (request.ResetPassword)
{
await _userManager.ResetEasyPassword(user).ConfigureAwait(false);
}
else
{
await _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword).ConfigureAwait(false);
}
return(NoContent());
}
public async Task <ActionResult> UpdateUser(
[FromRoute, Required] Guid userId,
[FromBody] UserDto updateUser)
{
if (updateUser == null)
{
return(BadRequest());
}
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false))
{
return(Forbid("User update not allowed."));
}
var user = _userManager.GetUserById(userId);
if (string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
{
await _userManager.UpdateUserAsync(user).ConfigureAwait(false);
_userManager.UpdateConfiguration(user.Id, updateUser.Configuration);
}
else
{
await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
_userManager.UpdateConfiguration(updateUser.Id, updateUser.Configuration);
}
return(NoContent());
}
public ActionResult UpdateUserEasyPassword(
[FromRoute, Required] Guid userId,
[FromBody] UpdateUserEasyPassword request)
{
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
{
return(Forbid("User is not allowed to update the easy password."));
}
var user = _userManager.GetUserById(userId);
if (user == null)
{
return(NotFound("User not found"));
}
if (request.ResetPassword)
{
_userManager.ResetEasyPassword(user);
}
else
{
_userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword);
}
return(NoContent());
}
public async Task <ActionResult> UpdateUserConfiguration(
[FromRoute, Required] Guid userId,
[FromBody, Required] UserConfiguration userConfig)
{
if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false).ConfigureAwait(false))
{
return(StatusCode(StatusCodes.Status403Forbidden, "User configuration update not allowed"));
}
await _userManager.UpdateConfigurationAsync(userId, userConfig).ConfigureAwait(false);
return(NoContent());
}
public ActionResult UpdateUserConfiguration(
[FromRoute, Required] Guid userId,
[FromBody] UserConfiguration userConfig)
{
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false))
{
return(Forbid("User configuration update not allowed"));
}
_userManager.UpdateConfiguration(userId, userConfig);
return(NoContent());
}
public async Task<ActionResult> UpdateUserPassword(
[FromRoute, Required] Guid userId,
[FromBody, Required] UpdateUserPassword request)
{
if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
{
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
}
var user = _userManager.GetUserById(userId);
if (user == null)
{
return NotFound("User not found");
}
if (request.ResetPassword)
{
await _userManager.ResetPassword(user).ConfigureAwait(false);
}
else
{
if (!HttpContext.User.IsInRole(UserRoles.Administrator))
{
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.GetNormalizedRemoteIp().ToString(),
false).ConfigureAwait(false);
if (success == null)
{
return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
}
}
await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
var currentToken = (await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).Token;
await _sessionManager.RevokeUserTokens(user.Id, currentToken).ConfigureAwait(false);
}
return NoContent();
}
public async Task <ActionResult> UpdateUserPassword(
[FromRoute, Required] Guid userId,
[FromBody] UpdateUserPassword request)
{
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
{
return(Forbid("User is not allowed to update the password."));
}
var user = _userManager.GetUserById(userId);
if (user == null)
{
return(NotFound("User not found"));
}
if (request.ResetPassword)
{
await _userManager.ResetPassword(user).ConfigureAwait(false);
}
else
{
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.GetNormalizedRemoteIp(),
false).ConfigureAwait(false);
if (success == null)
{
return(Forbid("Invalid user or password entered."));
}
await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
_sessionManager.RevokeUserTokens(user.Id, currentToken);
}
return(NoContent());
}
public async Task <ActionResult> UpdateUser(
[FromRoute, Required] Guid userId,
[FromBody, Required] UserDto updateUser)
{
if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false).ConfigureAwait(false))
{
return(StatusCode(StatusCodes.Status403Forbidden, "User update not allowed."));
}
var user = _userManager.GetUserById(userId);
if (!string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
{
await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
}
await _userManager.UpdateConfigurationAsync(user.Id, updateUser.Configuration).ConfigureAwait(false);
return(NoContent());
}
