public User SignupUser([FromBody] UserSignup signup) { // signup request contains password, so mark it confidential, so the request body will NOT be logged // to prevent passwords appearing in logs this.WebContext.Flags |= WebCallFlags.Confidential; //Validate OpContext.ThrowIfNull(signup, ClientFaultCodes.InvalidValue, "UserSignup", "UserSignup object may not be null."); OpContext.ValidateNotEmpty(signup.UserName, "UserName", "UserName may not be empty."); OpContext.ValidateNotEmpty(signup.Password, "Password", "Password may not be empty."); OpContext.ThrowValidation(); var session = OpenSession(); // check if user name is already taken var existingUser = session.EntitySet <IUser>().Where(u => u.UserName == signup.UserName).WithOptions(QueryOptions.ForceIgnoreCase).FirstOrDefault(); OpContext.ThrowIf(existingUser != null, ClientFaultCodes.InvalidValue, "UserName", "User name {0} is already in use. Please choose other name.", signup.UserName); // create login and user var loginMgr = OpContext.App.GetService <ILoginManagementService>(); var user = session.NewUser(signup.UserName, UserType.Customer, signup.UserName); var login = loginMgr.NewLogin(session, signup.UserName, signup.Password, loginId: user.Id, userId: user.Id); //Login.Id is the same as userID session.SaveChanges(); // Let's create custom app event; we test here that this appEvent gets to AppEventLog // log entries in web app are accumulated in buffered log attached to web call, and later // dumped to WebCallLog.OperationLog column as text. Except - errors and app events, they are // passed to global log as well. OpContext.WriteAppEvent("Customer", "Signup", $"Customer {signup.UserName} signed up."); return(user.ToModel()); }
public User SignupUser(UserSignup signup) { //Validate Context.ThrowIfNull(signup, ClientFaultCodes.InvalidValue, "UserSignup", "UserSignup object may not be null."); Context.ValidateNotEmpty(signup.UserName, "UserName", "UserName may not be empty."); Context.ValidateNotEmpty(signup.Password, "Password", "Password may not be empty."); Context.ThrowValidation(); var session = OpenSession(); // check if user name is already taken var existingUser = session.EntitySet<IUser>().Where(u => u.UserName == signup.UserName).WithOptions(QueryOptions.ForceIgnoreCase).FirstOrDefault(); Context.ThrowIf(existingUser != null, ClientFaultCodes.InvalidValue, "UserName", "User name {0} is already in use. Please choose other name.", signup.UserName); // create login and user var loginMgr = Context.App.GetService<ILoginManagementService>(); var user = session.NewUser(signup.UserName, UserType.Customer, signup.UserName); var login = loginMgr.NewLogin(session, signup.UserName, signup.Password, loginId: user.Id, userId: user.Id); //Login.Id is the same as userID session.SaveChanges(); return user.ToModel(); }
public User SignupUser(UserSignup signup) { //Validate Context.ThrowIfNull(signup, ClientFaultCodes.InvalidValue, "UserSignup", "UserSignup object may not be null."); Context.ValidateNotEmpty(signup.UserName, "UserName", "UserName may not be empty."); Context.ValidateNotEmpty(signup.Password, "Password", "Password may not be empty."); Context.ThrowValidation(); var session = OpenSession(); // check if user name is already taken var existingUser = session.EntitySet <IUser>().Where(u => u.UserName == signup.UserName).WithOptions(QueryOptions.ForceIgnoreCase).FirstOrDefault(); Context.ThrowIf(existingUser != null, ClientFaultCodes.InvalidValue, "UserName", "User name {0} is already in use. Please choose other name.", signup.UserName); // create login and user var loginMgr = Context.App.GetService <ILoginManagementService>(); var user = session.NewUser(signup.UserName, UserType.Customer, signup.UserName); var login = loginMgr.NewLogin(session, signup.UserName, signup.Password, loginId: user.Id, userId: user.Id); //Login.Id is the same as userID session.SaveChanges(); return(user.ToModel()); }
public void TestSignup() { var client = SetupHelper.Client; //bad signup attempts var badSignup = new UserSignup() { UserName = "******", Password = "******", DisplayName = "Anonymous" }; //should get 'username is already used' var faultExc = TestUtil.ExpectClientFault(() => client.ExecutePost<UserSignup, User>(badSignup, "api/signup")); Assert.IsTrue(faultExc.Faults[0].Message.Contains("already in use"), "Expected 'username already in use' error"); badSignup.UserName = "******"; //fixed user name, now should get weak password faultExc = TestUtil.ExpectClientFault(() => client.ExecutePost<UserSignup, User>(badSignup, "api/signup")); Assert.IsTrue(faultExc.Faults[0].Message.Contains("strength criteria"), "Expected 'weak password' error"); // good signup var spikeSignup = new UserSignup() { UserName = "******", Password = "******", DisplayName = "SpikeTheDog" }; var spike = client.ExecutePost<UserSignup, User>(spikeSignup, "api/signup"); Assert.IsNotNull(spike, "Expected Spike user object."); //try to login LoginAs(spikeSignup.UserName, spikeSignup.Password); Logout(); }