public async Task <IActionResult> CreateToken([FromBody] LoginModel loginModel) { logger.LogInformation(string.Format("Login user : {0}", loginModel.UserName)); if (ModelState.IsValid) { ApplicationUser user = null; //Sign in user id string signInUser = loginModel.UserName; if (RegexUtilities.IsValidEmail(signInUser)) { //First check if emailId exists user = await userManager.FindByEmailAsync(signInUser).ConfigureAwait(true); } else //Not emailId, then find by username. { user = await userManager.FindByNameAsync(signInUser).ConfigureAwait(true); } if (user == null) { return(Unauthorized()); } signInUser = user?.UserName; var loginResult = await signInManager.PasswordSignInAsync(signInUser, loginModel.Password, isPersistent : false, lockoutOnFailure : false).ConfigureAwait(true); if (!loginResult.Succeeded) { return(Unauthorized()); } Person person = personRepository.Find(null, p => p.Id == user.PersonId)?.Items.FirstOrDefault(); string authenticationToken = GetToken(user); VerifyUserEmailAsync(user); var agentId = (Guid?)null; if (person.IsAgent) { agentId = agentRepository.Find(null, p => p.Name == user.Name)?.Items?.FirstOrDefault()?.Id; } string startsWith = ""; int skip = 0; int take = 100; var personOrgs = membershipManager.Search(user.PersonId, startsWith, skip, take); // Issue #2791 We will disable the need for User Consent for this release. bool isUserConsentRequired = false; // VerifyUserAgreementConsentStatus(user.PersonId); var pendingAcessOrgs = membershipManager.PendingOrganizationAccess(user.PersonId); var newRefreshToken = GenerateRefreshToken(); var authenticatedUser = new { personId = user.PersonId, email = user.Email, userName = user.UserName, token = authenticationToken, refreshToken = newRefreshToken, user.ForcedPasswordChange, isUserConsentRequired, IsJoinOrgRequestPending = (pendingAcessOrgs?.Items?.Count > 0) ? true : false, myOrganizations = personOrgs?.Items, agent = agentId }; //Save refresh token await userManager.SetAuthenticationTokenAsync(user, userManager.Options.Tokens.AuthenticatorTokenProvider, "refresh", newRefreshToken).ConfigureAwait(false); try { AuditLog auditLog = new AuditLog(); auditLog.ChangedFromJson = null; auditLog.ChangedToJson = JsonConvert.SerializeObject(authenticatedUser); auditLog.CreatedBy = user.Email; auditLog.CreatedOn = DateTime.UtcNow; auditLog.Id = Guid.NewGuid(); auditLog.IsDeleted = false; auditLog.MethodName = "Login"; auditLog.ServiceName = this.ToString(); auditLog.Timestamp = new byte[1]; auditLog.ParametersJson = ""; auditLog.ExceptionJson = ""; auditLogRepository.Add(auditLog); //Log entry } catch (Exception ex) { ModelState.AddModelError("Audit Log", ex.Message); return(BadRequest()); } return(Ok(authenticatedUser)); } return(BadRequest(ModelState)); }
public async Task <IActionResult> InviteUser(string organizationId, [FromBody] InviteUserViewModel value) { OrganizationMember teamMember; value.OrganizationId = new Guid(organizationId); var user = new ApplicationUser(); //add person to organization only if you are admin or add it to access request table var requestingUser = repository.Find(null, a => a.PersonId == SecurityContext.PersonId && a.OrganizationId == Guid.Parse(organizationId))?.Items.FirstOrDefault(); var isRequestingUserAdministrator = requestingUser.IsAdministrator.GetValueOrDefault(false); //if the requesting user is NOT an administrator then the user cannot skip email verification //only administrators can allow that; however, this can be skipped for now //if (value.SkipEmailVerification && !isRequestingUserAdministrator) // value.SkipEmailVerification = false; try { bool IsEmailAllowed = _emailSender.IsEmailAllowed(); var organizationMember = repository.Find(null, a => a.PersonId == SecurityContext.PersonId && a.OrganizationId == Guid.Parse(organizationId))?.Items.FirstOrDefault(); if (organizationMember == null) { throw new UnauthorizedAccessException(); } //this is to check if the user is already in the system and where is part of the organization teamMember = _membershipManager.InviteUser(value, SecurityContext); if (teamMember == null) { user.UserName = value.Email; user.Email = value.Email; string passwordString = value.Password; if (IsEmailAllowed) { if (string.IsNullOrEmpty(passwordString)) { RandomPassword randomPass = new RandomPassword(); passwordString = randomPass.GenerateRandomPassword(); } } else { if (string.IsNullOrEmpty(passwordString)) { ModelState.AddModelError("Invite User", "Email is disabled. Must provide a password."); return(BadRequest(ModelState)); } } var loginResult = await _userManager.CreateAsync(user, passwordString).ConfigureAwait(false); if (!loginResult.Succeeded) { return(GetErrorResult(loginResult)); } else { //add person email var emailIds = new List <EmailVerification>(); var personEmail = new EmailVerification() { PersonId = Guid.Empty, Address = value.Email, IsVerified = false }; if (value.SkipEmailVerification) { personEmail.IsVerified = true; } emailIds.Add(personEmail); Person newPerson = new Person() { Company = value.Company, Department = value.Department, Name = value.Name, EmailVerifications = emailIds }; var person = _personRepository.Add(newPerson); if (!value.SkipEmailVerification) { if (IsEmailAllowed) { string code = await _userManager.GenerateEmailConfirmationTokenAsync(user).ConfigureAwait(false); EmailMessage emailMessage = new EmailMessage(); emailMessage.Body = SendConfirmationEmail(code, user.Id, passwordString, "en"); emailMessage.Subject = "Confirm your account at " + Constants.PRODUCT; await _emailSender.SendEmailAsync(emailMessage, null, null, "Outgoing").ConfigureAwait(false); } else { value.SkipEmailVerification = true; ModelState.AddModelError("Email", "Email is disabled. Verification email was not sent."); } } //update the user if (person != null) { var registeredUser = _userManager.FindByNameAsync(user.UserName).Result; registeredUser.PersonId = person.Id.GetValueOrDefault(); registeredUser.ForcedPasswordChange = true; await _userManager.UpdateAsync(registeredUser).ConfigureAwait(false); //add person to organization only if you are admin or add it to access request table if (isRequestingUserAdministrator) { OrganizationMember newOrgMember = new OrganizationMember() { PersonId = person.Id, OrganizationId = Guid.Parse(organizationId), IsAutoApprovedByEmailAddress = true, IsInvited = true }; await base.PostEntity(newOrgMember).ConfigureAwait(false); } else { //add it to access requests AccessRequest accessRequest = new AccessRequest() { OrganizationId = Guid.Parse(organizationId), PersonId = person.Id, IsAccessRequested = true, AccessRequestedOn = DateTime.UtcNow }; _accessRequestManager.AddAccessRequest(accessRequest); } } } } if (IsEmailAllowed) { return(Ok()); } else { return(Ok(ModelState)); } } catch (Exception ex) { return(ex.GetActionResult()); } }