public async Task <IActionResult> AddUser([FromBody] AddUserRequestDTO user) { // Return 400 Bad Request if AddUserRequestDTO validations fail if (!ModelState.IsValid) { return(BadRequest()); } try { // Return 400 Bad Request if user email is already present and active in the database var emailResult = context.Emails.Where(e => e.Address.ToLower() == user.Email.ToLower() && e.IsActive == true).Select(e => e); if (emailResult.Count() > 0) { return(BadRequest()); } // Return 400 Bad Request if username is already present and active in the database var usernameResult = context.Users.Where(u => u.Username.ToLower() == user.Username.ToLower()).Select(u => u); if (usernameResult.Count() > 0) { return(BadRequest()); } // Generate PBKDH2 hash of the plain password with a salt and store it in the Password table string salt = PasswordHelper.GenerateRandomSalt(16); string passwordHash = PasswordHelper.ComputePbkdf2Hash(user.Password, salt); Password pass = new Password { PasswordHash = passwordHash, Salt = salt }; context.Add(pass); // Add an entry to the Emails table string verificationCode = RandomStringHelper.GenerateRandomString(16); Email emailAddress = new Email { Address = user.Email, IsActive = false, VerificationCode = verificationCode }; context.Add(emailAddress); await context.SaveChangesAsync(); // Add the user to the Users table User newUser = new User { Username = user.Username, PasswordId = pass.Id, EmailId = emailAddress.Id, CompanyId = user.CompanyId, UserRoleId = (int)UserRoles.Member, UserStatusId = (int)UserStatuses.AccountVerificationPending }; context.Add(newUser); await context.SaveChangesAsync(); // Send account verification email EmailHelper.SendAccountVerficationEmail(emailAddress.Address, verificationCode); } catch (Exception e) { return(Ok(false)); } return(Ok(true)); }