public AppUserDTO SaveUser(AppUserDTO dto)
{
if (ERSAIDB.Users.Any(u => u.UserName == dto.UserName && u.Id != dto.ID))
{
throw new Exception("UserName has to be unique");
}
var user = ERSAIDB.Users.Find(dto.ID) ?? ERSAIDB.Users.Add(new AppUser());
user.FromDTO(dto);
var results = new List <ValidationResult>();
var context = new ValidationContext(user);
if (!Validator.TryValidateObject(user, context, results, true))
{
throw new Exception(string.Join(", ", results.Select(er => er.ErrorMessage)));
}
user.Id = user.Id ?? Guid.NewGuid().ToString();
if (dto.NewPassword != null)
{
user.PasswordHash = App.ASPIdentityPasswordHasher.HashPassword(dto.NewPassword);
user.SecurityStamp = Guid.NewGuid().ToString();
}
ERSAIDB.SaveChanges();
ERSAIDB.Entry(user).Reload();
dto.FromEF(user);
return(dto);
}
public async Task <ActionResult> ChangePassword(ChangePasswordViewModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
if (User.IsInRole(AppRole.PersonalAccountRole))
{
if (AppUser.PersonalAccountUser.CheckPassword(model.OldPassword) != true)
{
ModelState.AddModelError("", "Wrong current password");
return(View(model));
}
var result = AppUser.PersonalAccountUser.SetNewPassword(model.NewPassword);
ERSAIDB.SaveChanges();
return(RedirectToAction("Index", new { Message = ManageMessageId.ChangePasswordSuccess }));
}
else
{
var result = await UserManager.ChangePasswordAsync(User.Identity.GetUserId(), model.OldPassword, model.NewPassword);
if (result.Succeeded)
{
var user = await UserManager.FindByIdAsync(User.Identity.GetUserId());
if (user != null)
{
await SignInManager.SignInAsync(user, isPersistent : false, rememberBrowser : false);
}
return(RedirectToAction("Index", new { Message = ManageMessageId.ChangePasswordSuccess }));
}
AddErrors(result);
return(View(model));
}
}
public void DeleteUser(string UserID)
{
var user = ERSAIDB.Users.Find(UserID);
if (user == null)
{
throw new Exception("Wrong UserID");
}
ERSAIDB.Users.Remove(user);
ERSAIDB.SaveChanges();
}
public async Task <ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var user = ERSAIDB.Users.FirstOrDefault(u => u.UserName == model.UserName);
if (user != null)
{
var result = await SignInManager.PasswordSignInAsync(user.UserName, model.Password, model.RememberMe, false);
switch (result)
{
case SignInStatus.Success:
{
if (user.Roles.Any(ur => ur.Role.Name == AppRole.UsersManagerRole))
{
return(Redirect("/UserManagement"));
}
return(RedirectToLocal(returnUrl == "/" ? $"/{Areas.AreaNames.HumanResources}/Employees" : returnUrl ?? $"/{Areas.AreaNames.HumanResources}/Employees"));
}
case SignInStatus.LockedOut:
return(View("Lockout"));
case SignInStatus.RequiresVerification:
return(RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }));
default:
{
if (user.PersonalAccountUser == null)
{
ModelState.AddModelError("", "Incorrect password");
return(View(model));
}
break;
}
}
}
#region PersonalInfoAuthorization
var PaySlipUser = user?.PersonalAccountUser ?? ERSAIDB.PersonalAccountUsers.Find(model.UserName);
if (PaySlipUser == null)
{
ModelState.AddModelError("", "No user with specified username");
return(View(model));
}
if (!PaySlipUser.CheckPassword(model.Password))
{
ModelState.AddModelError("", "Incorrect password");
return(View(model));
}
//PaySlipUser = db.PayslipUsers.Find("6800033");
PaySlipUser.AppUser = PaySlipUser.AppUser ?? new AppUser()
{
Id = Guid.NewGuid().ToString(),
SecurityStamp = Guid.NewGuid().ToString(),
UserName = PaySlipUser.Badge
};
ERSAIDB.VisitorsCouter_Data.Add(new DataModels.ERSAI.VisitorsCouter_Data()
{
BadgeNumLogin = model.UserName,
Visit_date = DateTime.Now
});
ERSAIDB.SaveChanges();
PaySlipUser.AppUser.ForPersonalCabinet = true;
await SignInManager.SignInAsync(PaySlipUser.AppUser, model.RememberMe, false);
return(RedirectToLocal(returnUrl == "/" ? $"/{Areas.AreaNames.PersonalAccount}" : returnUrl ?? $"/{Areas.AreaNames.PersonalAccount}"));
#endregion
}
public async Task <ActionResult> GetPassword(GetPasswordViewModel model)
{
if (ModelState.IsValid)
{
var employee = ERSAIDB.Employees.FirstOrDefault(e => e.BadgeNumber == model.BadgeNumber);
if (employee == null)
{
ModelState.AddModelError("", "No employee with specified badge number");
return(View(model));
}
if (employee.BirthDate?.Date != model.BirthDate?.Date)
{
ModelState.AddModelError("", "Wrong date of birth");
return(View(model));
}
var payslipUser = ERSAIDB.PersonalAccountUsers.FirstOrDefault(u => u.Badge == employee.BadgeNumber);
payslipUser = payslipUser ?? ERSAIDB.PersonalAccountUsers.Add(new DataModels.ERSAI.PersonalAccountUser()
{
Badge = employee.BadgeNumber,
ModifiedDate = DateTime.Now
});
/*payslipUser.AppUser = payslipUser.AppUser ?? new AppUser()
* {
* SecurityStamp = Guid.NewGuid().ToString(),
* UserName = employee.BadgeNumber
* };*/
var newPassword = payslipUser.SetNewPassword();
ERSAIDB.SaveChanges();
bool mailSent = false, SMSSent = false;
if (App.SMTPClient != null)
{
try
{
App.SMTPClient.TrySendEmail(new IntegrationClients.SMTP.EmailMessage()
{
Body = $"Your new password is {newPassword}",
Header = IntegrationClients.SMTP.MessageHeader.GetDefault(employee.FullName),
Footer = IntegrationClients.SMTP.MessageFooter.GetDefault(),
Subject = "Your new password",
To = payslipUser.ERSAIAccount?.Mail
});
mailSent = true;
}
catch
{
mailSent = false;
}
}
if (App.SMSClient != null)
{
try
{
var response = await App.SMSClient.SendSMS(new IntegrationClients.Infobip.SMSMessage()
{
To = new[] { payslipUser.MobPhone?.Primary_MobilePhone },
Text = $"Your new payslip password is:{Environment.NewLine}{newPassword}"
});
SMSSent = true;
}
catch
{
SMSSent = false;
}
}
LoginPageMessage message;
if (SMSSent || mailSent)
{
message = new LoginPageMessage()
{
CssClass = "positive",
Content = $"Your new password was sent to {(mailSent ? (payslipUser.ERSAIAccount?.Mail + (SMSSent ? " and " : string.Empty)) : string.Empty)}{(SMSSent ? payslipUser.MobPhone?.Primary_MobilePhone : "")}"
}
}
;
else
{
message = new LoginPageMessage()
{
CssClass = "error",
Content = "We couldn't send your new password to you due to contact information absense. Please, contact your HR"
}
};
return(RedirectToAction("Login", message));
}
// If we got this far, something failed, redisplay form
return(View(model));
}
