public async Task ExecuteAsync(CancellationToken cancellationToken = default)
{
try
{
var users = await _userManager.Users.Select(x => x.UserName)
.ToListAsync(cancellationToken);
(await _employeesService.GetEmployeesPageAsync(0, int.MaxValue))
.Where(x => x.IsActive && !users.Contains(x.Sn.ToString()))
.ToList().ForEach(employee =>
{
var user = new IdentityUser
{
Role = IdentityUser.UserRole.Standard,
Email = employee.Email,
EmpId = employee.Sn,
UserName = employee.Sn.ToString()
};
const string password = "******"; //TODO
try
{
_userManager.CreateAsync(user, password).Wait(cancellationToken);
_logger.LogDebug($"User Added in startup:${user.Email} with empId={user.EmpId},role= {user.Role}");
}
catch (Exception error)
{
_logger.LogError($"Failed to create an user({user.Email}) in startup, error:{error.Message}");
}
});
}
catch (Exception error)
{
_logger.LogError($"Failed to create users in startup, error:{error.Message}");
}
}
private async Task <IdentityUser[]> FakeUsers(IEnumerable <EmployeeEntity> employees, string password = "******")
{
foreach (var employee in employees)
{
var user = new IdentityUser
{
Email = employee.Email,
EmpId = employee.Sn,
UserName = employee.Sn.ToString()
};
await _userManager.CreateAsync(user, password);
}
return(await _dbContext.IdentityUsers.ToArrayAsync());
}
public async Task CreateUserAsync(string creatorUserName,
UserRegistrationRequest userRegistrationRequest)
{
//check creator permissions
var creator = await _userManager.FindByNameAsync(creatorUserName);
if (creator == null)
{
throw new IllegalArgumentException(CreatorDontExistMsg);
}
//only manager or admin can create new user
if (creator.Role != IdentityUser.UserRole.Admin && creator.Role != IdentityUser.UserRole.Manager)
{
throw new InvalidCredentialException(CreatorDontHavePermission);
}
//only admin can create new admin
if (creator.Role != IdentityUser.UserRole.Admin &&
userRegistrationRequest.Role == IdentityUser.UserRole.Admin)
{
throw new InvalidCredentialException(CreatorDontHavePermissionAdminCanCreateAdmin);
}
//check if the user already exist
if (await _userManager.FindByNameAsync(userRegistrationRequest.Username) != null)
{
throw new IllegalArgumentException(UserAlreadyExist);
}
//check if register by email or by empSn
var emailValidator = new EmailValidator();
if ((await emailValidator.ValidateAsync(userRegistrationRequest.Username.Trim())).IsValid)
{
var email = userRegistrationRequest.Username.Trim();
//register by email - get employee's Sn
userRegistrationRequest.Username = (await _dalService.CreateUnitOfWork().Employees
.SingleOrDefaultAsync(x => x.IsActive && x.Email == email)).Sn.ToString();
}
//check if the user have matching employee
var emp = await _dalService.CreateUnitOfWork()
.Employees.SingleOrDefaultAsync(x => x.Sn.ToString() == userRegistrationRequest.Username);
if (emp == null)
{
throw new IllegalArgumentException(EmployeeNotExist);
}
var newUser = new IdentityUser
{
Role = userRegistrationRequest.Role,
UserName = userRegistrationRequest.Username,
EmpId = emp.Sn
};
var createdUserResult = await _userManager.CreateAsync(newUser, userRegistrationRequest.Password);
if (!createdUserResult.Succeeded)
{
throw new IllegalArgumentException(createdUserResult.Errors
.Select(x => x.Description).Aggregate((s1, s2) => $"{s1},{s2}"));
}
//user created successfully
}
private async Task <AuthenticationResult> GenerateAuthenticationResultForUser(IdentityUser user)
{
using var transaction = _dalService.CreateUnitOfWork();
var emp = await transaction.Employees.SingleOrDefaultAsync(x => x.Sn == user.EmpId);
if (emp == null || !emp.IsActive)
{
throw new InvalidStateException("This user is inactive");
}
//generate user's claims
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(AuthenticationResult.UserIdClaimTag, user.Id.ToString()),
new Claim(AuthenticationResult.UserRoleClaimTag, user.Role.ToString()),
new Claim(AuthenticationResult.EmployeeSnClaimTag, emp.Sn.ToString()),
};
if (emp.Email != null)
{
claims.Add(new Claim(JwtRegisteredClaimNames.Email, emp.Email));
}
//Generate token and refresh token:
//generate token
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Issuer = null, // Not required as no third-party is involved
Audience = null, // Not required as no third-party is involved
IssuedAt = DateTime.UtcNow,
NotBefore = DateTime.UtcNow,
Expires = DateTime.UtcNow.AddTicks(_jwtSettings.TokenLifetime.Ticks),
SigningCredentials = new SigningCredentials(_jwtSettings.PrivateSigningSecretKey,
SecurityAlgorithms.HmacSha256Signature)
};
var jwtTokenHandler = new JwtSecurityTokenHandler();
var jwtToken = jwtTokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var token = jwtTokenHandler.WriteToken(jwtToken);
//generate refresh token
var refreshToken = new RefreshToken
{
//Key = Guid.NewGuid().ToString(),//TODO AUTO GENERATE
JwtId = jwtToken.Id,
UserId = user.Id,
CreationDate = DateTime.UtcNow,
ExpiryDate = DateTime.UtcNow.AddDays(_jwtSettings.RefreshTokenLifetimeDays)
};
//save the refresh token and get the generated token's key
refreshToken = await transaction.RefreshTokens.AddAsync(refreshToken);
await transaction.CompleteAsync();
//generate success response
return(new AuthenticationResult
{
Token = token,
RefreshToken = refreshToken.Key,
});
}
