// Remove a new user according to:
// UserName
// Note: This operation cannot be recovered.
//
public async Task <IHttpActionResult> RemoveUser(iS3LoginUser loginUser)
{
if (loginUser == null)
{
return(BadRequest("Argument Null"));
}
var user = await dbContext.Users.FirstOrDefaultAsync(c => c.UserName == loginUser.UserName);
if (user == null)
{
return(BadRequest("User does not exists"));
}
var userName = RequestContext.Principal.Identity.GetUserName();
if (string.Compare(loginUser.UserName, userName, true) == 0)
{
return(BadRequest("Cannot remove self"));
}
dbContext.Users.Remove(user);
await dbContext.SaveChangesAsync();
string success = string.Format("User {0} removed successfully.", loginUser.UserName);
return(Ok(success));
}
// Change password of current user, the following three passwords should be provided.
// OldPassword, Password, ConfirmPassword
// Note: This operation cannot be recovered.
//
public async Task <IHttpActionResult> ChangePassword(iS3LoginUser loginUser)
{
if (loginUser == null)
{
return(BadRequest("Argument Null"));
}
if (loginUser.OldPassword == null || loginUser.OldPassword.Length == 0)
{
return(BadRequest("Old password could not be empty"));
}
if (loginUser.Password != loginUser.ConfirmPassword)
{
return(BadRequest("Password not consistent"));
}
var userName = RequestContext.Principal.Identity.GetUserName();
var user = await dbContext.Users.FirstAsync(c => c.UserName == userName);
var userID = user.Id;
var manager = Request.GetOwinContext().GetUserManager <iS3UserManager>();
var result = await manager.ChangePasswordAsync(userID, loginUser.OldPassword, loginUser.Password);
if (!result.Succeeded)
{
return(BadRequest(result.Errors.FirstOrDefault()));
}
await dbContext.SaveChangesAsync();
return(Ok("Password changed"));
}
//[Authorize(Roles = "Admin")]
// Add a new user according to:
// UserName, Password, Role
//
public async Task <IHttpActionResult> AddUser(iS3LoginUser loginUser)
{
if (loginUser == null)
{
return(BadRequest("Argument Null"));
}
if (loginUser.Password != loginUser.ConfirmPassword)
{
return(BadRequest("Password not consistent"));
}
string password = loginUser.Password;
// Erase the password for safety.
loginUser.Password = null;
loginUser.ConfirmPassword = null;
var userExists = await dbContext.Users.AnyAsync(c => c.UserName == loginUser.UserName);
if (userExists)
{
//var exist = await dbContext.Users.FirstAsync(c => c.UserName == user.UserName);
return(BadRequest("User already exists"));
}
var manager = new iS3UserManager(new UserStore <iS3IdentityUser>(dbContext));
var user = new iS3IdentityUser(loginUser.UserName);
var result = await manager.CreateAsync(user, password);
if (!result.Succeeded)
{
return(BadRequest(result.Errors.FirstOrDefault()));
}
await manager.AddClaimAsync(user.Id,
new Claim(ClaimTypes.Name, loginUser.UserName));
await manager.AddClaimAsync(user.Id,
new Claim(ClaimTypes.Role, loginUser.Role));
// add a claim to Identity.Claims
// Claim.Type = iS3ClaimTypes.AuthorizedProjects,
// Claim.Value = user.AuthorizedProjects
//
//await manager.AddClaimAsync(user.Id,
// new Claim(iS3ClaimTypes.AuthorizedProjects, loginUser.AuthorizedProjects));
await dbContext.SaveChangesAsync();
string success = string.Format("User {0} created successfully.", loginUser.UserName);
return(Ok(success));
}
