public object Post(SignupUserRequest req) { req.AdditionalData = ""; req.Username = req.Username.ToLower (); // assert password is safe enough if (!req.Password.IsSafeAsPassword ()) throw new ValidationException () {ErrorMessage = "Password is unsafe"}; // assert username is not already taken using (var db = DbConfig.GetConnection ()) { var user = db.FirstOrDefault<DBUser> (u => u.Username == req.Username); if (user != null) throw new ConflictException () {ErrorMessage = "A user by that name already exists"}; } // assert email is not already registered using (var db = DbConfig.GetConnection ()) { var user = db.FirstOrDefault<DBUser> (u => u.EmailAddress == req.EmailAddress); if (user != null) throw new ConflictException () {ErrorMessage = "The emailaddress is already registered"}; } // assert all required fields are filled var db_user = new DBUser (); db_user.PopulateWith (req); db_user.IsActivated = false; db_user.IsVerified = false; db_user.VerifySecret = Guid.NewGuid ().ToString ().Replace("-", ""); // write user to db using (var db = DbConfig.GetConnection ()) { db.Insert<DBUser> (db_user); } return new HttpResult () { StatusCode = HttpStatusCode.OK }; }
// TODO see if we can directly use DBUser // update existing user public object Put(UserRequest updated_user) { var user = new DBUser (); // TODO make explicit mapping user.PopulateWith (updated_user); using (var conn = DbConfig.GetConnection ()) { var stored_user = conn.FirstOrDefault<DBUser>("Username = {0}", user.Username); if (stored_user == null) { // user did not exist, can't update return new HttpResult { Status = 404, StatusDescription = "User " + user.Username + " was not found," + " and can't be updated. Try using HTTP POST to create a new user" }; } if (user.Password == "") { // password was not sent so use the old password // TODO hashing user.Password = stored_user.Password; } conn.Update<DBUser> (user, u => u.Username == user.Username); } Logger.DebugFormat ("updating user information for user {0}", user.Username); // do not return the password over the wire user.Password = ""; return new HttpResult (user) { StatusCode = System.Net.HttpStatusCode.OK, StatusDescription = "Successfully updated user " + user.Username }; }
/// <summary> /// POST /admin/user /// /// creates a new user. /// /// returns HTTP Response => /// 201 Created /// Location: http://localhost/admin/user/{Username} /// </summary> public object Post(UserRequest user) { var new_user = new DBUser (); // TODO explicit mapping new_user.PopulateWith (user); // TODO move into RequestFilter if (string.IsNullOrEmpty (user.Username)) throw new InvalidRequestDtoException { ErrorMessage = "Username was empty" }; if (string.IsNullOrEmpty (user.Password)) throw new InvalidRequestDtoException { ErrorMessage = "Password was empty" }; // TODO move into RequestFilter if (! (user.Username.IsOnlySafeChars () && user.Password.IsOnlySafeChars () && user.EmailAddress.Replace ("@", "").IsOnlySafeChars ())) { throw new ValidationException { ErrorMessage = "found unsafe/unallowed characters" }; } // TODO move into RequestFilter // lowercase the username new_user.Username = new_user.Username.ToLower (); // TODO move into API new_user.CreateCryptoFields (user.Password); using (var conn = connFactory.OpenDbConnection ()) { var existing_user = conn.FirstOrDefault<DBUser> ("Username = {0}", new_user.Username); if (existing_user != null) throw new ConflictException (){ErrorMessage = "A user by that name already exists"}; conn.Insert<DBUser> (new_user); } return new HttpResult (new_user) { StatusCode = HttpStatusCode.Created, StatusDescription = "Sucessfully created user " + new_user.Username, Headers = { { HttpHeaders.Location, base.Request.AbsoluteUri.CombineWith (new_user.Username) } } }; }
public object Post(SignupUserRequest req) { if (!JsonConfig.Config.Global.AllowSignup) throw new Rainy.ErrorHandling.UnauthorizedException (); req.AdditionalData = ""; req.Username = req.Username.ToLower (); // assert password is safe enough //if (!req.Password.IsSafeAsPassword ()) // throw new ValidationException () {ErrorMessage = "Password is unsafe"}; // assert username is not already taken using (var db = connFactory.OpenDbConnection ()) { var user = db.FirstOrDefault<DBUser> (u => u.Username == req.Username); if (user != null) throw new ConflictException () {ErrorMessage = "A user by that name already exists"}; // assert email is not already registered user = db.FirstOrDefault<DBUser> (u => u.EmailAddress == req.EmailAddress); if (user != null) throw new ConflictException () {ErrorMessage = "The emailaddress is already registered"}; } // assert all required fields are filled var db_user = new DBUser (); db_user.PopulateWith (req); db_user.IsActivated = false; if (JsonConfig.Config.Global.RequireModeration == false) db_user.IsActivated = true; db_user.IsVerified = true; db_user.VerifySecret = Guid.NewGuid ().ToString ().Replace("-", ""); db_user.CreateCryptoFields (req.Password); db_user.Password = ""; // write user to db using (var db = connFactory.OpenDbConnection ()) { db.Insert<DBUser> (db_user); } return new HttpResult () { StatusCode = HttpStatusCode.OK }; }