public ActionResult Delete(Trainning entity)
{
var userId = User.Identity.Name;
try
{
// TODO: Add disable logic here
if (CheckDelete(entity))
{
dbContext.Trainnings.DeleteOne(m => m.Id == entity.Id);
#region Activities
var activity = new TrackingUser
{
UserId = userId,
Function = "Đào tạo",
Action = Constants.Action.Delete,
Value = entity.Name,
Content = entity.Name + Constants.Flag + entity.Type
};
dbContext.TrackingUsers.InsertOne(activity);
#endregion
return(Json(new { entity, result = true, message = "Xóa thành công." }));
}
else
{
return(Json(new { entity, result = false, message = entity.Name + " chỉnh sửa bởi người khác." }));
}
}
catch (Exception ex)
{
return(Json(new { entity, result = false, message = ex.Message }));
}
}
public async Task <IActionResult> Edit(int id, [Bind("UserId,UserName,Password,Nume,Prenume,Rol,IsEnable")] TrackingUser trackingUser)
{
if (id != trackingUser.UserId)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
_context.Update(trackingUser);
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!TrackingUserExists(trackingUser.UserId))
{
return(NotFound());
}
else
{
throw;
}
}
return(RedirectToAction(nameof(Index)));
}
return(View(trackingUser));
}
public ActionResult Create(Trainning entity)
{
var userId = User.Identity.Name;
try
{
if (CheckExist(entity))
{
dbContext.Trainnings.InsertOne(entity);
#region Activities
var activity = new TrackingUser
{
UserId = userId,
Function = "Đào tạo",
Action = Constants.Action.Create,
Value = entity.Alias,
Content = entity.Alias + Constants.Flag + entity.Type
};
dbContext.TrackingUsers.InsertOne(activity);
#endregion
return(Json(new { entity, result = true, message = "Tạo mới thành công." }));
}
else
{
return(Json(new { entity, result = false, message = entity.Name + " đã tồn tại. Đặt tên khác hoặc liên hệ IT hỗ trợ." }));
}
}
catch (Exception ex)
{
return(Json(new { entity, result = false, message = ex.Message }));
}
}
public async Task <IActionResult> Create([Bind("UserId,UserName,Password,Nume,Prenume,Rol,IsEnable")] TrackingUser trackingUser)
{
if (ModelState.IsValid)
{
_context.Add(trackingUser);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
return(View(trackingUser));
}
/// <summary>
/// Add a user to the database, providing at least an e-mail address. Name is mandatory.
/// </summary>
/// <param name="user"></param>
public void Add(TrackingUser user)
{
if (user == null || (string.IsNullOrWhiteSpace(user.Username) && string.IsNullOrWhiteSpace(user.Email)))
{
throw new ArgumentException("The user must contain a username or at least a valid e-mail address");
}
if (string.IsNullOrWhiteSpace(user.Username))
{
user.Username = user.Email;
}
_dataStore.Save(user);
}
/// <summary>
/// Add a user to the database, providing at least an e-mail address. Name is mandatory.
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <param name="salt"></param>
/// <param name="email"></param>
/// <param name="name"></param>
/// <returns></returns>
public TrackingUser Add(string username, byte[] password, byte[] salt, string email = null, string name = null)
{
if (string.IsNullOrWhiteSpace(username))
{
throw new ArgumentException("The user must contain at least a username, password and salt.");
}
var user = new TrackingUser(username, password, salt)
{
Email = email,
Name = name,
};
_dataStore.Save(user);
return(user);
}
public async Task <IActionResult> Register([FromBody] RegistrationDto user)
{
if (!ModelState.IsValid)
{
return(BadRequest(new AuthResult()
{
Success = false,
Errors = new List <string>()
{
"Invalid payload."
}
}));
}
var userExists = await _userManager.FindByEmailAsync(user.Email);
if (userExists is not null)
{
return(BadRequest(new AuthResult()
{
Success = false,
Errors = new List <string>()
{
"Email already exists."
}
}));
}
var newUser = new TrackingUser()
{
Email = user.Email, UserName = user.Name
};
var createResult = await _userManager.CreateAsync(newUser, user.Password);
if (createResult.Succeeded)
{
var jwtToken = await GenerateJwtTokenAsync(newUser, null, null);
return(Ok(jwtToken));
}
return(BadRequest(new AuthResult()
{
Success = false,
Errors = createResult.Errors.Select(x => x.Description).ToList()
}));
}
/// <summary>
/// Generates JWT token and creates a refresh token for it.
/// </summary>
/// <remarks>If you're creating a new token (ie. at login), leave <paramref name="oldRefreshToken"/> and <paramref name="oldJti"/> null. Otherwise you must to provide
/// the old token.</remarks>
/// <param name="oldRefreshToken">If null, new refresh token will be created. Provide the old token only if you're refreshing a token.</param>
/// <param name="oldJti">If null, new JTI will be created. Provide the old JTI only if you're refreshing a token.</param>
private async Task <AuthResult> GenerateJwtTokenAsync(TrackingUser user, string oldRefreshToken, string oldJti)
{
var jwtTokenHandler = new JwtSecurityTokenHandler();
var signingKey = Encoding.ASCII.GetBytes(_jwtConfig.SigningKey);
var signingCreds = new SigningCredentials(
new SymmetricSecurityKey(signingKey),
SecurityAlgorithms.HmacSha512Signature
);
var encryptionKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_jwtConfig.Secret));
var encryptionCreds = new EncryptingCredentials(
encryptionKey,
SecurityAlgorithms.Aes256KeyWrap,
SecurityAlgorithms.Aes256CbcHmacSha512
);
var tokenDescriptor = new SecurityTokenDescriptor {
Subject = new ClaimsIdentity(new[] {
public TrackingUser Add(string username, string password, string email = null, string name = null)
{
if (string.IsNullOrWhiteSpace(username))
{
throw new ArgumentException("The user must contain at least a username, password and salt.");
}
var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString());
var hashPassword = _passwordManager.HashPassword(password, salt);
var user = new TrackingUser(username, hashPassword, salt)
{
Email = email,
Name = name,
};
_dataStore.Save(user);
return(user);
}
public ActionResult Active(Trainning entity)
{
var userId = User.Identity.Name;
try
{
// TODO: Add disable logic here
if (CheckActive(entity))
{
var filter = Builders <Trainning> .Filter.Eq(d => d.Id, entity.Id);
var update = Builders <Trainning> .Update
.Set(c => c.Enable, true);
dbContext.Trainnings.UpdateOne(filter, update);
#region Activities
var activity = new TrackingUser
{
UserId = userId,
Function = "Đào tạo",
Action = Constants.Action.Active,
Value = entity.Name,
Content = entity.Name + Constants.Flag + entity.Type
};
dbContext.TrackingUsers.InsertOne(activity);
#endregion
return(Json(new { entity, result = true, message = entity.Name + " khôi phục thành công." }));
}
else
{
return(Json(new { entity, result = false, message = entity.Name + " đã tồn tại." }));
}
}
catch (Exception ex)
{
return(Json(new { entity, result = false, message = ex.Message }));
}
}
public ActionResult Edit(Trainning entity)
{
var userId = User.Identity.Name;
try
{
if (CheckUpdate(entity))
{
entity.Timestamp = DateTime.Now.ToString("yyyyMMddHHmmssfff");
dbContext.Trainnings.ReplaceOne(m => m.Id == entity.Id, entity);
#region Activities
var activity = new TrackingUser
{
UserId = userId,
Function = "Đào tạo",
Action = Constants.Action.Edit,
Value = entity.Name,
Content = entity.Name + Constants.Flag + entity.Type,
};
dbContext.TrackingUsers.InsertOne(activity);
#endregion
return(Json(new { entity, result = true, message = "Cập nhật thành công." }));
//return RedirectToAction("Index", "Trainning");
}
else
{
return(Json(new { entity, result = false, message = entity.Name + " đã thay đổi nội dung bởi 1 người khác. Tải lại trang hoặc thoát." }));
}
}
catch (Exception ex)
{
return(Json(new { entity, result = false, message = ex.Message }));
}
}
public void TestSaveLoadDelete()
{
const string connectionString = "mongodb://localhost";
var client = new MongoClient(connectionString);
var server = client.GetServer();
var database = server.GetDatabase("test");
var dataStore = new MongoDataStore(database);
var name1 = Guid.NewGuid().ToString();
var name2 = Guid.NewGuid().ToString();
var user = new TrackingUser {
Name = name1, Email = "*****@*****.**"
};
dataStore.Save(user);
var loadedUser = dataStore.Query <TrackingUser>().FirstOrDefault(x => x.Name == name1);
Assert.That(loadedUser != null && user.Name.Equals(loadedUser.Name));
user.Name = name2;
user.Email = "*****@*****.**";
dataStore.Save(user);
loadedUser = dataStore.Query <TrackingUser>().FirstOrDefault(x => x.Name == name1);
Assert.That(loadedUser == null);
loadedUser = dataStore.Query <TrackingUser>().FirstOrDefault(x => x.Name == name2);
Assert.That(loadedUser != null && user.Name.Equals(loadedUser.Name));
dataStore.Delete <TrackingUser>(loadedUser.Id);
loadedUser = dataStore.Query <TrackingUser>().FirstOrDefault(x => x.Name == name2);
Assert.That(loadedUser == null);
}
public UserModule(IDataStore dataStore, TrackingUsers trackingUsers, ErrorCodes errorCodes,
PasswordManager passwordManager)
: base("/user", dataStore, trackingUsers, errorCodes)
{
_trackingUsers = trackingUsers;
_passwordManager = passwordManager;
Get["/{page?}/{take?}"] = parameters =>
{
int page;
int take;
page = int.TryParse(parameters.Page, out page) ? page : 0;
take = int.TryParse(parameters.Take, out take) ? take : 10;
var currentUser = Context.CurrentUser as UserIdentity;
if (currentUser == null)
{
return(HttpStatusCode.Unauthorized);
}
this.RequiresClaims(new[] { "Admin" });
var users = _trackingUsers.Query().Skip(page * take).Take(take).ToList();
return(currentUser.Claims.All(x => x != "Admin")
? HttpStatusCode.Unauthorized
: Response.AsJson(users));
};
Get["/{userId}"] = parameters =>
{
var currentUser = Context.CurrentUser as UserIdentity;
if (currentUser == null || currentUser.AccessToken == null ||
string.IsNullOrWhiteSpace(currentUser.AccessToken.Token))
{
return(HttpStatusCode.Unauthorized);
}
string userId = parameters.UserId;
var accessToken = currentUser.AccessToken;
this.RequiresClaims(new[] { "Admin" });
var user = _trackingUsers.Get(userId);
if (currentUser.Claims.All(x => x != "Admin"))
{
if (user == null || user.AccessToken == null || user.AccessToken.Token != accessToken.Token)
{
return(HttpStatusCode.Unauthorized);
}
}
return(user == null
? (dynamic) new BasicResponseModel((int)HttpStatusCode.NotFound, "User not found!")
: Response.AsJson(user));
};
Get["/availability/{username}"] = parameters =>
{
string username = parameters.Username;
var user = _trackingUsers.Query().FirstOrDefault(x => x.Username == username);
var response = user == null
? new BasicResponseModel(0, "")
: new BasicResponseModel(0, "User already exists!");
return(Response.AsJson(response));
};
Get["/availability/email/{email}"] = parameters =>
{
string email = parameters.Email;
var user = _trackingUsers.Query().FirstOrDefault(x => x.Email == email);
var response = user == null
? new BasicResponseModel(0, "")
: new BasicResponseModel(0, "Email is already registered!");
return(Response.AsJson(response));
};
Post["/"] = _ =>
{
var model = this.Bind <UserModel>();
if (model == null)
{
return(ErrorResponse(HttpStatusCode.BadRequest,
"Unknown request. Please provide a username and password."));
}
var existingUser = _trackingUsers.Query().FirstOrDefault(x => x.Username == model.Username);
if (existingUser != null)
{
return(ErrorResponse(HttpStatusCode.Conflict, "Username already exists!"));
}
existingUser = _trackingUsers.Query().FirstOrDefault(x => x.Email == model.Email);
if (existingUser != null)
{
return(ErrorResponse(HttpStatusCode.Conflict, "E-mail is already registered!"));
}
var salt = Encoding.UTF8.GetBytes(Guid.NewGuid().ToString());
var hashPassword = _passwordManager.HashPassword(model.Password, salt);
var user = new TrackingUser(model.Username, hashPassword, salt)
{
Name = model.Name,
Email = model.Email,
};
_trackingUsers.Add(user);
return(Response.AsJson(new UserModel(user), HttpStatusCode.Created));
};
Delete["/{id}"] = parameters =>
{
string id = parameters.Id;
var currentUser = Context.CurrentUser as UserIdentity;
if (currentUser == null)
{
return(HttpStatusCode.Unauthorized);
}
var accessToken = currentUser.AccessToken;
this.RequiresClaims(new[] { "Admin" });
var user = _trackingUsers.Get(id);
if (currentUser.Claims.All(x => x != "Admin"))
{
if (user.AccessToken == null || user.AccessToken.Token != accessToken.Token)
{
return(HttpStatusCode.Unauthorized);
}
}
if (user == null)
{
return(HttpStatusCode.NotFound);
}
_trackingUsers.Delete(id);
return(HttpStatusCode.OK);
};
}
/// <summary>
/// Delete the provided entity from the database.
/// </summary>
/// <param name="user"></param>
public void Delete(TrackingUser user)
{
_dataStore.Delete(user);
}
/// <summary>
/// Update the database with the provided user entity.
/// </summary>
/// <param name="user"></param>
public void Update(TrackingUser user)
{
_dataStore.Save(user);
}
public UserModel(TrackingUser user)
{
Username = user.Username;
}
