public EditUserRoleModule() { // add an after hook to send the user to access denied if they are NOT admin After += context => { if (context.Response.StatusCode == HttpStatusCode.Forbidden) { context.Response = Response.AsRedirect("/denied"); } }; this.RequiresAnyClaim(new[] { "admin" }); // show the edit user form Get["/EditUserRole/{Guid}"] = parameters => { this.RequiresAuthentication(); // get the user row to be edit and send it to the View var userRow = UserDatabase.GetUserByGuid(parameters.Guid); // get the users role guid and put into the model var urGuid = UserDatabase.GetRoleGuidForUser(parameters.Guid); userRow.RoleGuid = urGuid.RoleGuid; return(View["Views/User/EditUserRole", userRow]); }; Post["/EditUserRole/{Guid}"] = parameters => { var model = new Users(); this.BindTo(model); var email = (string)Request.Form.Email; string r = null; try { // create an instance of the RolesInsert and fill the data var ur = new UserRolesInsert { RoleGuid = model.RoleGuid, UserGuid = model.Guid }; // open db and clear out old role and add new var db = Database.Open(); db.UserRoles.DeleteByUserGuid(model.Guid); db.UserRoles.Insert(ur); r = "<strong>Success:</strong> " + "user: <em>" + email + "</em> role was updated. <a href=\"/users \"> return to users</a> "; } catch (Exception e) { r = "<strong>Error:</strong> " + " guid: something went wrong and the update failed!: " + e + " <a href=\"/users \"> return to users</a> "; } return(Response.AsText(r)); }; }
public AddUserModule() { // add an after hook to send the user to access denied if they are NOT admin After += context => { if (context.Response.StatusCode == HttpStatusCode.Forbidden) { context.Response = this.Response.AsRedirect("/denied"); } }; this.RequiresAnyClaim(new[] { "admin" }); // show the add user form Get["/adduser"] = _ => { this.RequiresAuthentication(); return(View["Views/User/AddUser"]); }; // receive the posted add form data Post["/adduser"] = parameters => { // create an instance of the expected model and bind it to this (the posted form) var model = new Users(); this.BindTo(model); var db = Database.Open(); // open db with Simple.Data // check if username/email already exists int uCount = Database.Open().Users.GetCount(db.Users.Email == Request.Form.Email); if (uCount > 0) { return(Response.AsJson("<strong>Error:</strong> The email already exists and cannot be used!")); } // get the pwd because it is not going in the table and therefore NOT in the model var pwd = (string)Request.Form.Password; // create the BCrypt hash + salt // use default, increase WORK FACTOR to make more secure. Note that this will slow down user create a great deal and // you will want to put some kind of AJAX processing gif on the page var theSalt = BCrypt.Net.BCrypt.GenerateSalt(); var theHash = BCrypt.Net.BCrypt.HashPassword(pwd, theSalt); // nb: pwd is NOT saved in the DB, only the hash model.Guid = Guid.NewGuid(); model.CreatedDate = DateTime.Now; model.LastUpdated = DateTime.Now; model.LastUpdatedBy = Context.CurrentUser.UserName; model.Hash = theHash; db.Users.Insert(model); // Create a UserRole row and insert that var UserRoles = new UserRolesInsert(); UserRoles.RoleGuid = model.RoleGuid; UserRoles.UserGuid = model.Guid; db.UserRoles.Insert(UserRoles); return(Response.AsJson("<strong>Success:</strong> user <em>" + model.Email + "</em> was added.")); }; }