private async Task <List <SecurityContractDefaultConfigurationUser> > RetrieveDefaultConfigUsers()
{
var contractUserList = new List <SecurityContractDefaultConfigurationUser>();
List <UserModel> users = await userRepository.GetListAsync();
foreach (var user in users.OrderBy(o => o.SysPeriod.LowerBound))
{
logger.Debug($"Retrieving default configuration contract definition for User [{user.UserName}].");
var contractUser = new SecurityContractDefaultConfigurationUser()
{
Uuid = new Guid(user.Id),
Username = user.UserName,
Name = user.FirstName,
Surname = user.Surname,
Email = user.Email,
HashedPassword = user.PasswordHash,
IsDeleted = user.IsDeleted,
DeletedTime = user.DeletedTime,
LdapAuthenticationMode = user.LdapAuthenticationMode?.Name,
Avatar = user.Avatar == null ? null : Convert.ToBase64String(user.Avatar),
Roles = new List <string>()
};
foreach (var role in user.UserRoles.OrderBy(o => o.Role.SysPeriod.LowerBound))
{
contractUser.Roles.Add(role.Role.Name);
}
contractUserList.Add(contractUser);
}
return(contractUserList);
}
private async Task ApplyRolesToDefaultUser(SecurityContractDefaultConfigurationUser defaultUser, UserModel defaultUserToApply, Guid updatedById)
{
if (defaultUser.Roles != null && defaultUser.Roles.Count > 0)
{
foreach (var roleToApply in defaultUser.Roles)
{
logger.Debug($"Attempting to add role '{roleToApply}' to user '{defaultUser.Username}'");
// Ensure the role actually exists first. If it does not, ignore the role assignment.
var existingRole = await roleRepository.GetByNameAsync(roleToApply);
if (existingRole == null)
{
logger.Warn($"Role '{roleToApply}' does not exists within the database. NOT applying it to user '{defaultUser.Username}'.");
break;
}
logger.Debug($"Role '{roleToApply}' does exist within the database. Assigning it to user '{defaultUser.Username}'.");
defaultUserToApply.UserRoles.Add(new UserRoleModel
{
User = defaultUserToApply,
Role = existingRole,
ChangedBy = updatedById
});
}
}
}
private async Task ApplyLdapAuthModeToDefaultUser(SecurityContractDefaultConfigurationUser defaultUser, UserModel defaultUserToApply)
{
if (!string.IsNullOrWhiteSpace(defaultUser.LdapAuthenticationMode))
{
logger.Debug($"Attempting to add Ldap Auth mode '{defaultUser.LdapAuthenticationMode}' to user '{defaultUser.Username}'");
// Ensure the Ldap Auth mode actually exists first. If it does not, ignore the Ldap Auth mode assignment.
var existingLdapAuthMode = await ldapAuthenticationModeRepository.GetByNameAsync(defaultUser.LdapAuthenticationMode);
if (existingLdapAuthMode == null)
{
logger.Warn($"Ldap Auth mode '{defaultUser.LdapAuthenticationMode}' does not exists within the database. NOT applying it to user '{defaultUser.Username}'.");
return;
}
logger.Debug($"Ldap Auth mode '{defaultUser.LdapAuthenticationMode}' does exist within the database. Assigning it to user '{defaultUser.Username}'.");
defaultUserToApply.LdapAuthenticationMode = existingLdapAuthMode;
defaultUserToApply.LdapAuthenticationModeId = existingLdapAuthMode.Id;
}
}
private async Task ApplyIndividualDefaultUser(SecurityContractDefaultConfigurationUser defaultUser, Guid updatedById)
{
logger.Debug($"Operating on default user '{defaultUser.Username}'.");
var defaultUserToApply = new UserModel();
bool newUser = false;
// Get the user with all it's associated relations, as we are going to be tweaking some of them, especially any assigned roles.
var existingUser = await userRepository.GetByUsernameAsync(defaultUser.Username, true);
if (existingUser != null)
{
logger.Debug($"Default user: '******' already exist. Updating it.");
defaultUserToApply = existingUser;
}
else
{
logger.Debug($"Default user: '******' does not exist. Creating it.");
newUser = true;
// We can also bind the user's UUID here, but only if one is supplied. We should not bind it on any user updates, as UUIDs associated with users cannot be changed!
// Recall: The user ID within the dotnet Identity table is purposely a string. Convert the GUID representation accordingly.
if (defaultUser.Uuid != Guid.Empty)
{
defaultUserToApply.Id = defaultUser.Uuid.ToString();
}
}
// Map the base components.
defaultUserToApply.Email = defaultUser.Email.Trim();
defaultUserToApply.NormalizedEmail = defaultUserToApply.Email.ToUpper();
defaultUserToApply.EmailConfirmed = true;
defaultUserToApply.PhoneNumber = defaultUser.PhoneNumber;
defaultUserToApply.PhoneNumberConfirmed = (defaultUserToApply.PhoneNumber != null);
defaultUserToApply.UserName = defaultUser.Username.Trim();
defaultUserToApply.NormalizedUserName = defaultUserToApply.UserName.ToUpper();
defaultUserToApply.FirstName = defaultUser.Name;
defaultUserToApply.Surname = defaultUser.Surname;
defaultUserToApply.IsDeleted = defaultUser.IsDeleted;
defaultUserToApply.DeletedTime = defaultUser.DeletedTime;
defaultUserToApply.ChangedBy = updatedById;
if (!string.IsNullOrEmpty(defaultUser.Avatar))
{
defaultUserToApply.Avatar = Convert.FromBase64String(defaultUser.Avatar);
}
// Overwrite any potentially assigned roles, as the declarative representation in the defaultUser is the authoratative version and must overwite any existing state.
defaultUserToApply.UserRoles = new List <UserRoleModel>();
await ApplyRolesToDefaultUser(defaultUser, defaultUserToApply, updatedById);
await ApplyLdapAuthModeToDefaultUser(defaultUser, defaultUserToApply);
if (newUser)
{
logger.Debug($"Persisting new user '{defaultUser.Username}' into the database.");
if (string.IsNullOrWhiteSpace(defaultUser.HashedPassword))
{
await userRepository.CreateAsync(defaultUserToApply, defaultUser.Password, isPlainTextPassword : true);
}
else
{
await userRepository.CreateAsync(defaultUserToApply, defaultUser.HashedPassword, isPlainTextPassword : false);
}
}
else
{
logger.Debug($"Updating existing user '{defaultUser.Username}' into the database.");
await userRepository.UpdateAsync(defaultUserToApply);
}
}
