public IActionResult SaveUser(UserModel userModel)
{
var user = userModel.Id > 0 ? _userService.FirstOrDefault(x => x.Id == userModel.Id) : new User();
if (user == null)
{
return(NotFound());
}
user.Active = userModel.Active;
user.CompanyName = userModel.CompanyName;
user.Email = userModel.Email;
user.FirstName = userModel.FirstName;
user.LastName = userModel.LastName;
user.IsTaxExempt = userModel.IsTaxExempt;
user.DateOfBirth = userModel.DateOfBirth;
user.MobileNumber = userModel.MobileNumber;
user.NewslettersEnabled = userModel.NewslettersEnabled;
user.Remarks = userModel.Remarks;
user.RequirePasswordChange = userModel.RequirePasswordChange;
user.Name = $"{user.FirstName} {user.LastName}";
user.IsAffiliate = userModel.IsAffiliate;
user.AffiliateActive = userModel.AffiliateActive;
var firstActivation = user.Active && user.FirstActivationDate == null;
if (firstActivation)
{
user.FirstActivationDate = DateTime.UtcNow;
}
if (user.AffiliateFirstActivationDate == null && userModel.AffiliateActive)
{
user.AffiliateFirstActivationDate = DateTime.UtcNow;
}
if (user.Id == 0)
{
user.Guid = Guid.NewGuid();
user.CreatedOn = DateTime.UtcNow;
user.UpdatedOn = DateTime.UtcNow;
user.Password = userModel.Password;
_userRegistrationService.Register(user, ApplicationConfig.DefaultPasswordFormat);
}
else
{
_userService.Update(user);
//update password if so
if (!userModel.Password.IsNullEmptyOrWhiteSpace())
{
_userRegistrationService.UpdatePassword(user.Id, userModel.Password, ApplicationConfig.DefaultPasswordFormat);
}
}
//get the role ids
var roleIds = userModel.Roles?.Select(x => x.Id).ToArray() ?? null;
_roleService.SetUserRoles(user.Id, roleIds, true);
if (firstActivation)
{
RaiseEvent(NamedEvent.UserActivated, user);
}
return(R.Success.With("id", user.Id).Result);
}
public IActionResult ChangePassword(PasswordChangeModel changeModel)
{
var userCode = _userCodeService.GetUserCode(changeModel.Code, UserCodeType.PasswordReset);
if (!IsCodeValid(userCode))
{
return(R.Fail.With("expired", true).Result);
}
//check if current password needs to be checked
if (ApplicationEngine.CurrentUser.IsRegistered())
{
//we do
if (!ShouldSignIn(ApplicationEngine.CurrentUser, changeModel.CurrentPassword))
{
return(R.Fail.With("error", T("The current password is invalid")).Result);
}
}
//update the password
//first preserve the old password
_previousPasswordService.Insert(new PreviousPassword()
{
UserId = userCode.UserId,
Password = userCode.User.Password,
PasswordSalt = userCode.User.PasswordSalt,
PasswordFormat = userCode.User.PasswordFormat,
CreatedOn = DateTime.UtcNow
});
//reset the password now
_userRegistrationService.UpdatePassword(userCode.UserId, changeModel.Password,
_securitySettings.DefaultPasswordStorageFormat);
//delete the user code now
_userCodeService.Delete(x => x.UserId == userCode.UserId && x.CodeType == UserCodeType.PasswordReset);
RaiseEvent(NamedEvent.PasswordReset, userCode.User);
return(R.Success.Result);
}