public async Task ExecuteAsync(UpdateCurrentUserPasswordCommand command, IExecutionContext executionContext) { _permissionValidationService.EnforceIsSignedIn(executionContext.UserContext); var user = await GetUser(executionContext); EntityNotFoundException.ThrowIfNull(user, executionContext.UserContext.UserId); await ValidateMaxAuthenticationAttemptsNotExceededAsync(user, executionContext); await AuthenticateAsync(command, user); await ValidatePasswordAsync(command, user, executionContext); _passwordUpdateCommandHelper.UpdatePassword(command.NewPassword, user, executionContext); _userSecurityStampUpdateHelper.Update(user); using (var scope = _domainRepository.Transactions().CreateScope()) { await _dbContext.SaveChangesAsync(); await _domainRepository .WithContext(executionContext) .ExecuteCommandAsync(new InvalidateAuthorizedTaskBatchCommand(user.UserId, UserAccountRecoveryAuthorizedTaskType.Code)); await _passwordUpdateCommandHelper.SendPasswordChangedNotification(user); scope.QueueCompletionTask(() => OnTransactionComplete(user)); await scope.CompleteAsync(); } }
protected void CheckAdditionalPermissionHandlers <TCommandHandler>(TCommandHandler _commandHandler, IExecutionContext executionContext, IPermissionValidationService _permissionValidationService) { // Hardcoded checking of a few additional handlers, but could use DI here to make this more flexible. if (_commandHandler is ISignedInPermissionCheckHandler) { _permissionValidationService.EnforceIsSignedIn(executionContext.UserContext); } if (_commandHandler is ICofoundryUserPermissionCheckHandler) { _permissionValidationService.EnforceHasPermissionToUserArea(CofoundryAdminUserArea.Code, executionContext.UserContext); } }
public async Task ExecuteAsync(DeleteCurrentUserCommand command, IExecutionContext executionContext) { _permissionValidationService.EnforceIsSignedIn(executionContext.UserContext); var userId = executionContext.UserContext.UserId.Value; using (var scope = _domainRepository.Transactions().CreateScope()) { await _domainRepository .WithElevatedPermissions() .ExecuteCommandAsync(new DeleteUserCommand(userId)); await _domainRepository .ExecuteCommandAsync(new SignOutCurrentUserCommand()); await scope.CompleteAsync(); } }
public async Task ExecuteAsync(UpdateCurrentUserCommand command, IExecutionContext executionContext) { _permissionValidationService.EnforceIsSignedIn(executionContext.UserContext); var userId = executionContext.UserContext.UserId.Value; var user = await _dbContext .Users .FilterCanSignIn() .FilterById(userId) .SingleOrDefaultAsync(); EntityNotFoundException.ThrowIfNull(user, userId); var updateResult = await _userUpdateCommandHelper.UpdateEmailAndUsernameAsync(command.Email, command.Username, user, executionContext); UpdateName(command, user); user.FirstName = command.FirstName?.Trim(); user.LastName = command.LastName?.Trim(); if (updateResult.HasUpdate()) { _userSecurityStampUpdateHelper.Update(user); } using (var scope = _domainRepository.Transactions().CreateScope()) { await _dbContext.SaveChangesAsync(); // Here we could assume that reset requests only need invalidating if the contact email changes, but if the // user is updating their account details, then we could also assume that old requests are stale anyway. await _domainRepository .WithContext(executionContext) .ExecuteCommandAsync(new InvalidateAuthorizedTaskBatchCommand(userId, UserAccountRecoveryAuthorizedTaskType.Code)); scope.QueueCompletionTask(() => OnTransactionComplete(user, updateResult)); await scope.CompleteAsync(); } }
public async Task ExecuteAsync(AddCustomEntityDraftVersionCommand command, IExecutionContext executionContext) { var definitionCode = await QueryVersionAndGetDefinitionCode(command).FirstOrDefaultAsync(); EntityNotFoundException.ThrowIfNull(definitionCode, command.CustomEntityId); _permissionValidationService.EnforceIsSignedIn(executionContext.UserContext); _permissionValidationService.EnforceCustomEntityPermission <CustomEntityUpdatePermission>(definitionCode, executionContext.UserContext); var newVersionId = await _customEntityStoredProcedures.AddDraftAsync( command.CustomEntityId, command.CopyFromCustomEntityVersionId, executionContext.ExecutionDate, executionContext.UserContext.UserId.Value); command.OutputCustomEntityVersionId = newVersionId; await _transactionScopeFactory.QueueCompletionTaskAsync(_dbContext, () => OnTransactionComplete( command, definitionCode, newVersionId) ); }