public async Task <IActionResult> Register([FromBody] UserEditResource user)
{
if (!(await _authorizationService.AuthorizeAsync(this.User, Tuple.Create(user.Roles, new string[] { }), Authorization.Policies.AssignAllowedRolesPolicy)).Succeeded)
{
return(new ChallengeResult());
}
if (ModelState.IsValid)
{
if (user == null)
{
return(BadRequest($"{nameof(user)} cannot be null"));
}
ApplicationUser appUser = Mapper.Map <ApplicationUser>(user);
var result = await _accountManager.CreateUserAsync(appUser, user.Roles, user.NewPassword);
if (result.Item1)
{
UserResource userVM = await GetUserViewModelHelper(appUser.Id);
return(CreatedAtAction(GetUserByIdActionName, new { id = userVM.Id }, userVM));
}
AddErrors(result.Item2);
}
return(BadRequest(ModelState));
}
public async Task <IActionResult> UpdateUser(string id, [FromBody] UserEditResource user)
{
ApplicationUser appUser = await _accountManager.GetUserByIdAsync(id);
string[] currentRoles = appUser != null ? (await _accountManager.GetUserRolesAsync(appUser)).ToArray() : null;
var manageUsersPolicy = _authorizationService.AuthorizeAsync(this.User, id, AccountManagementOperations.Update);
var assignRolePolicy = _authorizationService.AuthorizeAsync(this.User, Tuple.Create(user.Roles, currentRoles), Authorization.Policies.AssignAllowedRolesPolicy);
if ((await Task.WhenAll(manageUsersPolicy, assignRolePolicy)).Any(r => !r.Succeeded))
{
return(new ChallengeResult());
}
if (ModelState.IsValid)
{
if (user == null)
{
return(BadRequest($"{nameof(user)} cannot be null"));
}
if (!string.IsNullOrWhiteSpace(user.Id) && id != user.Id)
{
return(BadRequest("Conflicting user id in parameter and model data"));
}
if (appUser == null)
{
return(NotFound(id));
}
if (Utilities.GetUserId(this.User) == id && string.IsNullOrWhiteSpace(user.CurrentPassword))
{
if (!string.IsNullOrWhiteSpace(user.NewPassword))
{
return(BadRequest("Current password is required when changing your own password"));
}
if (appUser.UserName != user.UserName)
{
return(BadRequest("Current password is required when changing your own username"));
}
}
bool isValid = true;
if (Utilities.GetUserId(this.User) == id && (appUser.UserName != user.UserName || !string.IsNullOrWhiteSpace(user.NewPassword)))
{
if (!await _accountManager.CheckPasswordAsync(appUser, user.CurrentPassword))
{
isValid = false;
AddErrors(new string[] { "The username/password couple is invalid." });
}
}
if (isValid)
{
Mapper.Map <UserResource, ApplicationUser>(user, appUser);
var result = await _accountManager.UpdateUserAsync(appUser, user.Roles);
if (result.Item1)
{
if (!string.IsNullOrWhiteSpace(user.NewPassword))
{
if (!string.IsNullOrWhiteSpace(user.CurrentPassword))
{
result = await _accountManager.UpdatePasswordAsync(appUser, user.CurrentPassword, user.NewPassword);
}
else
{
result = await _accountManager.ResetPasswordAsync(appUser, user.NewPassword);
}
}
if (result.Item1)
{
return(NoContent());
}
}
AddErrors(result.Item2);
}
}
return(BadRequest(ModelState));
}
public async Task <IActionResult> UpdateCurrentUser([FromBody] UserEditResource user)
{
return(await UpdateUser(Utilities.GetUserId(this.User), user));
}
