public async Task <IActionResult> Register([FromBody] UserEditResource user) { if (!(await _authorizationService.AuthorizeAsync(this.User, Tuple.Create(user.Roles, new string[] { }), Authorization.Policies.AssignAllowedRolesPolicy)).Succeeded) { return(new ChallengeResult()); } if (ModelState.IsValid) { if (user == null) { return(BadRequest($"{nameof(user)} cannot be null")); } ApplicationUser appUser = Mapper.Map <ApplicationUser>(user); var result = await _accountManager.CreateUserAsync(appUser, user.Roles, user.NewPassword); if (result.Item1) { UserResource userVM = await GetUserViewModelHelper(appUser.Id); return(CreatedAtAction(GetUserByIdActionName, new { id = userVM.Id }, userVM)); } AddErrors(result.Item2); } return(BadRequest(ModelState)); }
public async Task <IActionResult> UpdateUser(string id, [FromBody] UserEditResource user) { ApplicationUser appUser = await _accountManager.GetUserByIdAsync(id); string[] currentRoles = appUser != null ? (await _accountManager.GetUserRolesAsync(appUser)).ToArray() : null; var manageUsersPolicy = _authorizationService.AuthorizeAsync(this.User, id, AccountManagementOperations.Update); var assignRolePolicy = _authorizationService.AuthorizeAsync(this.User, Tuple.Create(user.Roles, currentRoles), Authorization.Policies.AssignAllowedRolesPolicy); if ((await Task.WhenAll(manageUsersPolicy, assignRolePolicy)).Any(r => !r.Succeeded)) { return(new ChallengeResult()); } if (ModelState.IsValid) { if (user == null) { return(BadRequest($"{nameof(user)} cannot be null")); } if (!string.IsNullOrWhiteSpace(user.Id) && id != user.Id) { return(BadRequest("Conflicting user id in parameter and model data")); } if (appUser == null) { return(NotFound(id)); } if (Utilities.GetUserId(this.User) == id && string.IsNullOrWhiteSpace(user.CurrentPassword)) { if (!string.IsNullOrWhiteSpace(user.NewPassword)) { return(BadRequest("Current password is required when changing your own password")); } if (appUser.UserName != user.UserName) { return(BadRequest("Current password is required when changing your own username")); } } bool isValid = true; if (Utilities.GetUserId(this.User) == id && (appUser.UserName != user.UserName || !string.IsNullOrWhiteSpace(user.NewPassword))) { if (!await _accountManager.CheckPasswordAsync(appUser, user.CurrentPassword)) { isValid = false; AddErrors(new string[] { "The username/password couple is invalid." }); } } if (isValid) { Mapper.Map <UserResource, ApplicationUser>(user, appUser); var result = await _accountManager.UpdateUserAsync(appUser, user.Roles); if (result.Item1) { if (!string.IsNullOrWhiteSpace(user.NewPassword)) { if (!string.IsNullOrWhiteSpace(user.CurrentPassword)) { result = await _accountManager.UpdatePasswordAsync(appUser, user.CurrentPassword, user.NewPassword); } else { result = await _accountManager.ResetPasswordAsync(appUser, user.NewPassword); } } if (result.Item1) { return(NoContent()); } } AddErrors(result.Item2); } } return(BadRequest(ModelState)); }
public async Task <IActionResult> UpdateCurrentUser([FromBody] UserEditResource user) { return(await UpdateUser(Utilities.GetUserId(this.User), user)); }