public async Task <ActionResult <CreatedApiKey> > CreateApiKey(Guid id, ApiKeyDto dto, [FromServices] IApiKeyGenerator apiKeyGenerator, [FromServices] IMeansValueHasher hasher)
{
var apiKey = apiKeyGenerator.Generate();
var meansResult = await Publisher.SendRequest <ICreateAuthenticationMeans, IIdentifierResult>(
new CreateAuthenticationMeans(
Guid.NewGuid(), dto.Label, MeansMethod.ApiKey, hasher.Hash(apiKey), DateTimeOffset.UtcNow, null
));
if (!meansResult.Successful || !meansResult.Id.HasValue)
{
throw meansResult.ToException();
}
await Publisher.SendRequest <ICreateAssignmentToUser, IIdentifierResult>(
new CreateAssignmentToUser(Guid.NewGuid(), meansResult.Id.Value, DateTimeOffset.UtcNow, null, id, false)
);
return(new CreatedApiKey(meansResult.Id.Value, apiKey));
}
public async Task <ActionResult <CreatedApiKey> > CreateApiKey(Guid id, ApiKeyDto dto, [FromServices] IApiKeyGenerator apiKeyGenerator, [FromServices] IMeansValueHasher hasher)
{
await _authLoader.AssertResourceAccessAsync(User, id, IsOwnerPolicy.Instance);
var apiKey = apiKeyGenerator.Generate();
var meansResult = await Publisher.SendRequest <ICreateAuthenticationMeans, IIdentifierResult>(
new CreateAuthenticationMeans(
Guid.NewGuid(), dto.Label, MeansMethod.ApiKey, hasher.Hash(apiKey), DateTimeOffset.UtcNow, null
));
if (!meansResult.Successful || !meansResult.Id.HasValue)
{
throw meansResult.ToException();
}
await Publisher.SendRequest <ICreateAssignmentToPointOfSale, IIdentifierResult>(
new CreateAssignmentToPointOfSale(Guid.NewGuid(), meansResult.Id.Value, DateTimeOffset.UtcNow, null, id)
);
return(new CreatedApiKey(meansResult.Id.Value, apiKey));
}
public async Task <ActionResult> SetPassword(Guid id, SetPasswordDto pwDto, [FromServices] IMeansValueHasher pwHasher)
{
var userId = id;
if ((await _usersService.GetUser(userId)) is null)
{
throw new BaristaException("user_not_found", $"Could not find user with ID '{userId}'");
}
var passwordPage = await _identityService.BrowseMeansAssignedToUser(userId, new BrowseAssignedMeans { IsValid = true, Method = MeansMethod.Password, ResultsPerPage = 1 });
if (passwordPage.TotalResults == 1)
{
var means = passwordPage.Items.Single();
return(await SendAndHandleOperationCommand(new UpdateAuthenticationMeansValue(means.Id, pwHasher.Hash(pwDto.NewPassword))));
}
else if (passwordPage.TotalResults > 1)
{
_logger.LogWarning("The user {userId} has more than one password authentication means assigned. They will be purged before the new password is set.", userId);
int deletedPasswordMeans;
var query = new BrowseAssignedMeans {
IsValid = true, Method = MeansMethod.Password
};
do
{
deletedPasswordMeans = 0;
var passwordMeansPage = await _identityService.BrowseMeansAssignedToUser(userId, query);
foreach (var passwordMeans in passwordMeansPage.Items)
{
await Publisher.SendRequest(new DeleteAuthenticationMeans(passwordMeans.Id));
_logger.LogInformation("Purged one of multiple passwords assigned to user {userId} with means ID {meansId}", userId, passwordMeans.Id);
deletedPasswordMeans++;
}
} while (deletedPasswordMeans > 0);
}
var meansCreation = await Publisher.SendRequest <ICreateAuthenticationMeans, IIdentifierResult>(
new CreateAuthenticationMeans(Guid.NewGuid(), null, MeansMethod.Password, pwHasher.Hash(pwDto.NewPassword), DateTimeOffset.UtcNow, null)
);
if (!meansCreation.Successful)
{
throw meansCreation.ToException();
}
var meansAssignment = await Publisher.SendRequest <ICreateAssignmentToUser, IIdentifierResult>(
new CreateAssignmentToUser(Guid.NewGuid(), meansCreation.Id.Value, DateTimeOffset.UtcNow, null, userId, false)
);
if (!meansAssignment.Successful)
{
throw meansAssignment.ToException();
}
return(Ok());
}
public async Task <ActionResult> ChangePassword(ChangePasswordDto newPwDto, [FromServices] IUserPasswordAuthenticator userPwAuthenticator, [FromServices] IMeansValueHasher pwHasher)
{
var userId = User.GetUserId();
var user = await _usersService.GetUser(userId);
if (user is null)
{
return(NotFound());
}
var authResult = await userPwAuthenticator.AuthenticateAsync(user.EmailAddress, newPwDto.OldPassword);
if (authResult is null)
{
return(BadRequest(new ErrorDto("invalid_old_password", "The old password does not match. Please try again.")));
}
if (newPwDto.NewPassword != newPwDto.NewPasswordAgain)
{
return(BadRequest(new ErrorDto("invalid_new_passwords", "The new passwords do not match. Please try again.")));
}
return(await SendAndHandleOperationCommand(new UpdateAuthenticationMeansValue(authResult.MeansId, pwHasher.Hash(newPwDto.NewPassword))));
}