public async Task<IHttpActionResult> Post(UserModel userModel)
{
if (userModel.Password != userModel.ConfirmPassword)
{
ModelState.AddModelError(string.Empty, "Password mismatch. Please try again.");
}
var principal = RequestContext.Principal as ClaimsPrincipal;
if (principal != null && !principal.IsInRole("Admin"))
{
ModelState.AddModelError(string.Empty, "No permissions. Only admins are able to create users");
}
User user = _authRepository.FindUserByUserName(userModel.Login);
if (user != null)
{
ModelState.AddModelError(string.Empty, "User with the same login already exist");
}
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
user = _mapper.MapUserModel(userModel);
IdentityResult result = await _authRepository.RegisterUser(user, userModel.Password);
IHttpActionResult errorResult = GetErrorResult(result);
if (errorResult != null)
{
return errorResult;
}
return Ok();
}
public async Task<IHttpActionResult> Put(UserModel userModel)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
var principal = RequestContext.Principal as ClaimsPrincipal;
if (principal != null && !principal.IsInRole("Admin"))
{
return BadRequest("No permissions. Only admins are able to update users");
}
try
{
var user = _authRepository.FindUser(userModel.Id);
user = _mapper.Map(userModel, user);
if (!userModel.Password.IsNullOrEmpty() &&
!userModel.ConfirmPassword.IsNullOrEmpty())
{
if (!String.Equals(userModel.Password, userModel.ConfirmPassword))
{
throw new Exception("Passwords mismatch, pleasy try again.");
}
_userService.ForceChangePassword(userModel.Id, userModel.Password);
user.ChangePasswordOnLogin = true;
}
var errorResult = GetErrorResult(_authRepository.UpdateUser(user));
if (errorResult != null)
{
return errorResult;
}
}
catch (Exception ex)
{
_logService.Log(LoggingHelper.CreateErrorLog(HttpContext.Current, ex));
return BadRequest(ex.Message);
}
return Ok();
}