public IActionResult UpdateUser(UserRegistrationModel updatedUser)
{
var resetPassword = false;
if (!string.IsNullOrEmpty(updatedUser.Password))
{
resetPassword = true;
//hash and store the password
updatedUser.HashedPassword = _passwordHelper.Hash(updatedUser.Password);
}
else
{
//set dummy values so validation doesnt complain when we check for modelstate errors
updatedUser.Password = "******";
updatedUser.HashedPassword = "******";
}
//dummy values for metadata that doesnt matter since it's on what the user passed in
updatedUser.CreatedBy = "bah";
updatedUser.CreatedOn = DateTime.Now;
//validate input model
ModelState.Clear();
TryValidateModel(updatedUser);
if (!ModelState.IsValid)
{
//if invalid, return validation errors
updatedUser.Password = "";
updatedUser.HashedPassword = "";
return(Json(new { error = true, html = this.RenderViewAsync("_editUserPartial", updatedUser).Result }));
}
// Look for the user
var user = _dbContext.Users.SingleOrDefault(x => x.ID == updatedUser.ID);
var test = _dbContext.Users.Where(x => x.IsActive).ToList();
var testcount = test.Count(x => x.IsAdmin);
//make sure we arent revoking admin privs for the only active admin in the system! this also covers the scenario where we are inactivating the last user
if (user.IsAdmin && _dbContext.Users.Where(x => x.IsActive && x.ID != user.ID).Count(x => x.IsAdmin) == 0)
{
//if invalid, return validation errors
ModelState.AddModelError("IsAdmin", "Warning - this user is the last admin in the system! You must create another account with admin access before you can deactivate this account's admin status.");
updatedUser.Password = "";
updatedUser.HashedPassword = "";
return(Json(new { error = true, html = this.RenderViewAsync("_editUserPartial", updatedUser).Result }));
}
//update metadata on the copy we're saving to the DB
user.RefreshMetadata(user.UserName);
//update the user's info
user.UserName = updatedUser.UserName;
user.FirstName = updatedUser.FirstName;
user.LastName = updatedUser.LastName;
user.IsAdmin = updatedUser.IsAdmin;
user.IsActive = updatedUser.IsActive;
if (resetPassword)
{
user.HashedPassword = updatedUser.HashedPassword;//already computed, so no need to do so again
}
//persist to database
_dbContext.Users.Update(user);
_dbContext.SaveChanges();
//refresh the page
updatedUser.Password = "";
updatedUser.HashedPassword = "";
updatedUser.StatusMessage = "Save Successful!";
return(Json(new { error = false, html = this.RenderViewAsync("_editUserPartial", updatedUser).Result }));
}
public async Task <IActionResult> RegisterNewUserAsync(UserRegistrationModel newUser)
{
var adminNewUserSetupMode = ViewBag.IsAdmin ?? false;
//update metadata
newUser.RefreshMetadata(newUser.UserName);
//hash and store the password
newUser.HashedPassword = _passwordHelper.Hash(newUser.Password);
//mark the user as active by default
newUser.IsActive = true;
//validate input model
ModelState.Clear();
TryValidateModel(newUser);
if (!ModelState.IsValid)
{
//if invalid, return validation errors
ModelState.AddModelError("", "Invalid input detected");
newUser.Password = "";
newUser.HashedPassword = "";
return(View("Register", newUser));
}
//if another user with the same user name exists, add a validation message and return the validation message to the page
if (_dbContext.Users.Any(x => x.UserName == newUser.UserName))
{
ModelState.AddModelError("UserName", "User Name already exists - please pick a different user name.");
newUser.Password = "";
newUser.HashedPassword = "";
return(View("Register", newUser));
}
//if this is the only user in the system, make them an admin
if (_dbContext.Users.Where(x => x.IsActive).Count() == 0)
{
newUser.IsAdmin = true;
}
else
{
newUser.IsAdmin = false;
}
//persist to database
_dbContext.Users.Add(newUser);
_dbContext.SaveChanges();
if (adminNewUserSetupMode)
{
//redirect back to user management screen
return(RedirectToAction("ManageUsers", "Admin"));
}
else
{
//log in the user
await LoginUserAsync(newUser.UserName, newUser.RememberMe);
//redirect to the home page
return(RedirectToAction("Index", "Inventory"));
}
}
