Esempio n. 1
0
        public async Task <ActionResult <UserModel> > Initialize([FromBody] UserCreateRequestModel user)
        {
            var usersCount = await database.Count <UserModel>();

            if (usersCount > 0L)
            {
                return(BadRequest(new ErrorModel(400, "already initialized")));
            }

            if (!user.IsValidUsername())
            {
                return(BadRequest(new ErrorModel(400, "invalid username")));
            }

            if (!user.IsValidPassword())
            {
                return(BadRequest(new ErrorModel(400, "invalid new password")));
            }

            user.AfterCreate();
            user.LastLogin    = default;
            user.IsAdmin      = true;
            user.DisplayName  = user.DisplayName.IsNullOrEmpty() ? user.UserName : user.DisplayName;
            user.PasswordHash = hasher.Create(user.Password);

            await database.Put(user);

            var resUser = new UserModel(user);

            return(Created("user", resUser));
        }
Esempio n. 2
0
        public async Task <ActionResult <UserModel> > UpdateUser(
            [FromRoute] Guid?uid, [FromBody] UserCreateRequestModel newUser)
        {
            if (uid == null)
            {
                return(NotFound());
            }

            var user = await database.Get <UserModel>(uid.Value);

            // Update Username
            if (user.UserName != newUser.UserName && !newUser.UserName.IsNullOrEmpty())
            {
                if (await database.GetUserByUserName(user.UserName) != null)
                {
                    return(BadRequest(new ErrorModel(400, "username already taken")));
                }

                user.UserName = newUser.UserName;
            }

            // Update Displayname
            if (!newUser.DisplayName.IsNullOrEmpty())
            {
                user.DisplayName = newUser.DisplayName;
            }

            // Update Email Address
            if (newUser.EmailAddress != null && newUser.EmailAddress != user.EmailAddress)
            {
                user.EmailAddress = newUser.EmailAddress;
                if (user.EmailAddress.Length > 0)
                {
                    await SendMailConfirm(user);
                }
                else
                {
                    user.EmailConfirmStatus = EmailConfirmStatus.UNSET;
                }
            }

            // Update Username
            if (newUser.Description != null)
            {
                user.Description = newUser.Description;
            }

            // Update Admin Status
            if (newUser.IsAdmin != null)
            {
                if (!authClaims.User.IsAdmin.Equals(true))
                {
                    return(BadRequest(new ErrorModel(400, "you need to be admin to change the admin state of a user")));
                }

                user.IsAdmin = newUser.IsAdmin.Equals(true);
            }

            // Update Password
            if (!newUser.Password.IsNullOrEmpty())
            {
                if (!newUser.IsValidPassword())
                {
                    return(BadRequest(new ErrorModel(400, "invalid new password")));
                }

                if (newUser.OldPassword.IsNullOrEmpty())
                {
                    return(BadRequest(new ErrorModel(400, "old password is required")));
                }

                if (!hasher.Validate(newUser.OldPassword, user.PasswordHash))
                {
                    return(BadRequest(new ErrorModel(400, "invalid old password")));
                }

                user.PasswordHash = hasher.Create(newUser.Password);
            }

            await database.Update(user);

            return(Ok(user));
        }