public async Task <IActionResult> SetupAsync([FromServices] User user, [FromBody] SetupBindings bindings, CancellationToken cancellationToken = default(CancellationToken)) { if (_userManager.Users.Any()) { return(Ok(ApiModel.AsError <string>("setup", "setup only available when no users in DB"))); } user.UserName = bindings.UserName; user.Roles = new string[] { RoleStore.ADMIN }; if (bindings.Patch != null) { var patched = _mapper.Map <JsonPatchDocument <User> >(bindings.Patch); patched.ApplyTo(user); } var result = await _userManager.CreateAsync(user, bindings.Password); // TODO: do we have to log ? return(Ok(ApiModel.FromIdentityResult <UserDto>(result.Succeeded ? _mapper.Map <UserDto>(user) : null, result))); }
// [ValidateAntiForgeryToken] public async Task <IActionResult> ChangePassword([FromBody] ChangePasswordBindings bindings) { var username = HttpContext.User.Identity.Name; if (string.IsNullOrEmpty(username)) { return(Ok(ApiModel.AsError <AccountDto>(null, "no user claims in request, did you forget to set the auth header ?"))); } var user = await _userManager.FindByNameAsync(username); if (user == null) { return(Ok(ApiModel.AsError <AccountDto>(null, $"impossible to find a user with the username '{username}'"))); } var result = await _userManager.ChangePasswordAsync(user, bindings.currentPassword, bindings.newPassword); var userDto = _mapper.Map <AccountDto>(user); return(Ok(ApiModel.FromIdentityResult <AccountDto>(userDto, result))); }
// [ValidateAntiForgeryToken] public async Task <IActionResult> ResetPassword( [FromQuery] string id, [FromQuery] string code, [FromQuery] string password ) { // TODO: validate model here or with a filter ? var user = await _userManager.FindByIdAsync(id); if (user == null) { _logger.LogWarning("Invalid reset password attempt."); // Don't reveal that the user does not exist or is not confirmed return(Ok(ApiModel.AsError <UserDto>(null))); } var result = await _userManager.ResetPasswordAsync(user, code, password); return(Ok(ApiModel.FromIdentityResult <UserDto>(result.Succeeded ? _mapper.Map <UserDto>(user) : null, result))); }