/** * Verify email with details. */ private static async Task DoVerifyEmailWithDetails(AmazonDynamoDBClient dbClient, User user, Link link, VerifyEmailWithDetailsRequest verifyEmailWithDetailsRequest) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertValid(user); Debug.AssertValid(link); Debug.AssertValid(verifyEmailWithDetailsRequest); // Make changes user.EmailAddressVerified = DateTime.Now; user.GivenName = verifyEmailWithDetailsRequest.givenName; user.FamilyName = verifyEmailWithDetailsRequest.familyName; user.PasswordHash = Helper.Hash(verifyEmailWithDetailsRequest.password); user.DateOfBirth = (DateTime)APIHelper.DateFromAPIDateString(verifyEmailWithDetailsRequest.dateOfBirth); user.Address1 = verifyEmailWithDetailsRequest.address1; user.Address2 = verifyEmailWithDetailsRequest.address2; user.Address3 = verifyEmailWithDetailsRequest.address3; user.Address4 = verifyEmailWithDetailsRequest.address4; user.City = verifyEmailWithDetailsRequest.city; user.Region = verifyEmailWithDetailsRequest.region; user.Country = verifyEmailWithDetailsRequest.country; user.PostalCode = verifyEmailWithDetailsRequest.postalCode; user.AllowNonEssentialEmails = verifyEmailWithDetailsRequest.allowNonEssentialEmails; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // Revoke the link link.Revoked = true; //??++SAVE LINK }
/** * Find a user by email address. */ internal static async Task <User> GetOrCreateUserByEmailAddress(AmazonDynamoDBClient dbClient, string emailAddress) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertEmail(emailAddress); User retVal = await IdentityServiceDataLayer.FindUserByEmailAddress(dbClient, emailAddress); Debug.AssertValidOrNull(retVal); if (retVal == null) { Debug.Tested(); retVal = new User { ID = RandomHelper.Next(), EmailAddress = emailAddress }; await AddUserCreatingSyndicate(dbClient, retVal); //??++EMAIL THE PERSON? } else { Debug.Tested(); } return(retVal); }
/** * Check that the user is logged in and that they can perform the action on behalf of the requested user. * They either must be logged in as the requested user or be logged in as an administrator with the * specified permission. */ //??? internal static async Task<Tuple<string, string>> CheckLoggedInWithPermission(AmazonDynamoDBClient dbClient, // IDictionary<string, string> requestHeaders, // string adminPermission, // string requestedUserId) // { // Debug.Untested(); // Debug.AssertValid(dbClient); // Debug.AssertValid(requestHeaders); // Debug.AssertString(adminPermission); // Debug.AssertIDOrNull(requestedUserId); // string actualUserId = null; // APIHelper.CheckLoggedIn(requestHeaders, out string loggedInUserId); // if (requestedUserId == null) { // Debug.Tested(); // actualUserId = loggedInUserId; // } else if (IdentityServiceLogicLayer.UserHasPermission(loggedInUserId, IdentityServiceLogicLayer.PERMISSION_IS_ADMIN)) { // Debug.Tested(); // if (IdentityServiceLogicLayer.UserHasPermission(loggedInUserId, adminPermission)) { // Debug.Tested(); // actualUserId = requestedUserId; // User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, actualUserId); // Debug.AssertValidOrNull(user); // if (user == null) { // Debug.Tested(); // throw new Exception(IdentityServiceLogicLayer.ERROR_USER_NOT_FOUND); // } else { // Debug.Tested(); // } // } else { // Debug.Tested(); // throw new Exception(SharedLogicLayer.ERROR_NO_PERMISSION); // } // } else { // Debug.Tested(); // throw new Exception(SharedLogicLayer.ERROR_NOT_AN_ADMIN, new Exception(SharedLogicLayer.ERROR_NOT_AN_ADMIN)); // } // return new Tuple<string, string>(loggedInUserId, actualUserId); // } /** * Create a link of the specified type. */ internal static async Task <Link> CreateLink(AmazonDynamoDBClient dbClient, string type, string userId, string oneTimePassword = null) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertString(type); Debug.AssertID(userId); Debug.AssertStringOrNull(oneTimePassword); Link link = new Link() { ID = RandomHelper.Next().ToString(), Type = type, Expires = DateTime.Now.AddHours(1),//??++TAKE FROM SETTING? UserID = userId, Revoked = false, OneTimePassword = oneTimePassword }; //??--Links.Add(link.ID, link); await IdentityServiceDataLayer.AddLink(dbClient, link); return(link); }
/** * Set user name. */ public static async Task SetUserName(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserNameRequest setUserNameRequest) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertID(loggedInUserId); Debug.AssertValid(setUserNameRequest); Debug.AssertString(setUserNameRequest.givenName); Debug.AssertString(setUserNameRequest.familyName); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); // Make changes (if necessary) if ((user.GivenName != setUserNameRequest.givenName) || (user.FamilyName != setUserNameRequest.familyName) || (user.FullName != setUserNameRequest.fullName) || (user.PreferredName != setUserNameRequest.preferredName)) { user.GivenName = setUserNameRequest.givenName; user.FamilyName = setUserNameRequest.familyName; user.FullName = setUserNameRequest.fullName; user.PreferredName = setUserNameRequest.preferredName; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); } }
/** * Set user phone number. */ public static async Task SetUserPhoneNumber(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserPhoneNumberRequest setUserPhoneNumberRequest) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertID(loggedInUserId); Debug.AssertValid(setUserPhoneNumberRequest); Debug.AssertString(setUserPhoneNumberRequest.phoneNumber); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); // Make changes (if necessary) if (user.PhoneNumber != setUserPhoneNumberRequest.phoneNumber) { // Set the new phone number user.PhoneNumber = setUserPhoneNumberRequest.phoneNumber; // Mark it as not verified user.PhoneNumberVerified = null; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // Send the OTP via SMS string oneTimePassword = "******";//??++GENERATE OTP Link link = await IdentityServiceLogicLayer.CreateLink(dbClient, IdentityServiceLogicLayer.LINK_TYPE_VERIFY_PHONE_NUMBER, loggedInUserId, oneTimePassword); Debug.AssertValid(link); //??++SMS OTP LoggingHelper.LogMessage($"PHONE NUMBER VERIFICATION LINK ID: {link.ID}"); } }
/** * Set user permissions. */ internal static async Task SetUserPermissions(AmazonDynamoDBClient dbClient, string userId, JToken requestBody) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertID(userId); Debug.AssertValid(requestBody); Debug.AssertValid((JArray)requestBody["permissions"]); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, userId); Debug.AssertValidOrNull(user); if (user != null) { Debug.Untested(); Debug.AssertValid(user.Permissions); // Change the permissions //??--user.Permissions.RemoveAll(permission => (permission.Item1 == userId)); user.Permissions.Clear(); foreach (var permission in (JArray)requestBody["permissions"]) { Debug.AssertString((string)permission); user.Permissions.Add((string)permission);//??--new Tuple<string, string>(userId, (string)permission)); } // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); } else { Debug.Untested(); throw new Exception(IdentityServiceLogicLayer.ERROR_USER_NOT_FOUND); } }
/** * Set user preferences. */ public static async Task SetUserPreferences(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserPreferencesRequest setUserPreferencesRequest) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertID(loggedInUserId); Debug.AssertValid(setUserPreferencesRequest); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); // Make changes (if necessary) if ((user.PreferredLanguage != setUserPreferencesRequest.preferredLanguage) || (user.PreferredCurrency != setUserPreferencesRequest.preferredCurrency) || (user.PreferredTimeZone != setUserPreferencesRequest.preferredTimeZone)) { user.PreferredLanguage = setUserPreferencesRequest.preferredLanguage; user.PreferredCurrency = setUserPreferencesRequest.preferredCurrency; user.PreferredTimeZone = setUserPreferencesRequest.preferredTimeZone; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); } }
/** * Close account. */ public static async Task CloseAccount(AmazonDynamoDBClient dbClient, string loggedInUserId, CloseAccountRequest closeAccountRequest) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertID(loggedInUserId); Debug.AssertValid(closeAccountRequest); Debug.AssertString(closeAccountRequest.password); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); Debug.AssertNull(user.Closed); // Check the password if (user.PasswordHash == Helper.Hash(closeAccountRequest.password)) { // Make changes user.Closed = DateTime.Now; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // Actually log user out await IdentityServiceLogicLayer.InvalidateUserAccessTokens(dbClient, loggedInUserId); } else { Debug.Untested(); throw new Exception(IdentityServiceLogicLayer.ERROR_INCORRECT_PASSWORD); } }
/** * Set user password. */ public static async Task SetUserPassword(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserPasswordRequest setUserPasswordRequest) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertID(loggedInUserId); Debug.AssertValid(setUserPasswordRequest); Debug.AssertString(setUserPasswordRequest.oldPassword); Debug.AssertString(setUserPasswordRequest.newPassword); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); // Check password if (user.PasswordHash == Helper.Hash(setUserPasswordRequest.oldPassword)) { // Make changes (if necessary) string newPasswordHash = Helper.Hash(setUserPasswordRequest.newPassword); if (user.PasswordHash != newPasswordHash) { user.PasswordHash = newPasswordHash; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); } } else { throw new Exception(IdentityServiceLogicLayer.ERROR_INCORRECT_PASSWORD); } }
/** * Set user limits. */ public static async Task SetUserLimits(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserLimitsRequest setUserLimitsRequest) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertID(loggedInUserId); Debug.AssertValid(setUserLimitsRequest); if ((setUserLimitsRequest.maxDailySpendingAmount != null) || (setUserLimitsRequest.maxTimeLoggedIn != null) || (setUserLimitsRequest.excludeUntil != null)) { // At least one of the limits may be being changed Debug.Tested(); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); // Make changes SetUserMaxDailySpendingAmount(user, setUserLimitsRequest); SetUserMaxTimeLoggedIn(user, setUserLimitsRequest); SetUserExcludeUntil(user, setUserLimitsRequest); // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); } else { Debug.Tested(); } }
/** * Update system locked global setting. */ internal static async Task UpdateSystemLockedGlobalSetting(AmazonDynamoDBClient dbClient, string loggedInUserId, bool value, bool force = false) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertIDOrNull(loggedInUserId); // Setting 'system locked' flag. if (value) { // Setting to true (allowed) Debug.Tested(); User loggedInUser = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValidOrNull(loggedInUser); if (IdentityServiceLogicLayer.UserHasPermission(loggedInUser, IdentityServiceLogicLayer.PERMISSION_CAN_LOCK_SYSTEM)) { Debug.Tested(); //??--if (!IdentityGlobalSettings.ContainsKey(GLOBAL_SETTING_SYSTEM_LOCKED) || !(bool)IdentityGlobalSettings[GLOBAL_SETTING_SYSTEM_LOCKED]) bool systemLocked = await IdentityServiceLogicLayer.GetBoolIdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_SYSTEM_LOCKED, false); if (!systemLocked) { Debug.Tested(); //??--IdentityGlobalSettings[GLOBAL_SETTING_SYSTEM_LOCKED] = value; await IdentityServiceDataLayer.AddIdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_SYSTEM_LOCKED, value.ToString()); } else { Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_SYSTEM_ALREADY_LOCKED); } } else { Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_NO_PERMISSION); } } else if (force) { // Forcing the set to false. Debug.Tested(); //??--IdentityGlobalSettings[GLOBAL_SETTING_SYSTEM_LOCKED] = value; await IdentityServiceDataLayer.AddIdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_SYSTEM_LOCKED, value.ToString()); } else { // Setting to false (not allowed) Debug.Untested(); throw new Exception(SharedLogicLayer.ERROR_NO_PERMISSION); } }
/** * Find a user by email address. */ internal static async Task AddUserCreatingSyndicate(AmazonDynamoDBClient dbClient, User user) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertValid(user); Debug.AssertID(user.ID); await IdentityServiceDataLayer.AddUser(dbClient, user); //??++Check response? // Create the syndicate for the user. string name = NameHelper.GetDisplayName(user.GivenName, user.FamilyName); await SyndicateServiceLogicLayer.CreateSyndicate(dbClient, name, user.ID); }
/** * Verify phone number. */ private static async Task DoVerifyPhoneNumber(AmazonDynamoDBClient dbClient, User user, Link link) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertValid(user); Debug.AssertValid(link); // Make changes to the user user.PhoneNumberVerified = DateTime.Now; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // Revoke the link link.Revoked = true; //??++SAVE LINK }
/** * Find a user by email address or new email address. * //??++MAKE THIS MORE EFFICIENT! */ internal static async Task <User> FindUserByEmailAddressOrNewEmailAddress(AmazonDynamoDBClient dbClient, string emailAddress) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertEmail(emailAddress); User retVal = await IdentityServiceDataLayer.FindUserByEmailAddress(dbClient, emailAddress); Debug.AssertValidOrNull(retVal); if (retVal == null) { retVal = await IdentityServiceDataLayer.FindUserByNewEmailAddress(dbClient, emailAddress); Debug.AssertValidOrNull(retVal); } return(retVal); }
/** * Logout. */ public static async Task Logout(AmazonDynamoDBClient dbClient, string loggedInUserId) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertID(loggedInUserId); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); // Make changes user.LastLoggedOut = DateTime.Now; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // await IdentityServiceLogicLayer.InvalidateUserAccessTokens(dbClient, loggedInUserId); }
/** * Set user gender. */ public static async Task SetUserGender(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserGenderRequest setUserGenderRequest) { Debug.Tested(); Debug.AssertID(loggedInUserId); Debug.AssertValid(setUserGenderRequest); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); // Make changes (if necessary) if (user.Gender != setUserGenderRequest.gender) { user.Gender = setUserGenderRequest.gender; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); } }
/** * Find an access token. */ //??? internal static AccessToken FindAccessToken(string accessTokenId) { // Debug.Tested(); // Debug.AssertString(accessTokenId); // AccessToken retVal = null; // if (AccessTokens.ContainsKey(accessTokenId)) { // retVal = AccessTokens[accessTokenId]; // Debug.AssertValid(retVal); // } // return retVal; // } /** * Find a user's access token. * Returns null if an access token is not found for the user. */ internal static async Task <AccessToken> FindAccessTokenByUserID(AmazonDynamoDBClient dbClient, string userId) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertID(userId); AccessToken retVal = null; Dictionary <string, AttributeValue> key = new Dictionary <string, AttributeValue>(); key.Add(IdentityServiceDataLayer.FIELD_ACCESS_TOKENS_USER_ID, new AttributeValue(userId)); GetItemResponse getResponse = await dbClient.GetItemAsync(IdentityServiceDataLayer.DATASET_ACCESS_TOKENS_INDEX_USER_ID, key); Debug.AssertValid(getResponse); Debug.AssertValidOrNull(getResponse.Item); if (getResponse.Item != null) { // An access token with the specified ID exists. Debug.Untested(); retVal = IdentityServiceDataLayer.AccessTokenFromDBItem(getResponse.Item); Debug.AssertValid(retVal); } return(retVal); /*??--AccessToken retVal = null; * foreach (var item in AccessTokens) { * Debug.AssertValid(item); * Debug.AssertString(item.Key); * Debug.AssertValidOrNull(item.Value); * if (item.Value != null) { * Debug.Assert(item.Value.ID == item.Key); * Debug.AssertValidOrNull(item.Value.User); * if (item.Value.User != null) { * if (item.Value.User.ID == userId) { * retVal = item.Value; * break; * } * } * } * } * return retVal;*/ }
/** * Set user allow non-essential emails. */ public static async Task SetUserAllowNonEssentialEmails(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserAllowNonEssentialEmailsRequest setUserAllowNonEssentialEmailsRequest) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertID(loggedInUserId); Debug.AssertValid(setUserAllowNonEssentialEmailsRequest); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); // Make changes (if necessary) if (user.AllowNonEssentialEmails != setUserAllowNonEssentialEmailsRequest.allowNonEssentialEmails) { user.AllowNonEssentialEmails = setUserAllowNonEssentialEmailsRequest.allowNonEssentialEmails; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); } }
/** * Update global setting. */ internal static async Task UpdateIdentityGlobalSetting(AmazonDynamoDBClient dbClient, string loggedInUserId, string name, string value) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertIDOrNull(loggedInUserId); Debug.AssertString(name); if (name == IdentityServiceLogicLayer.GLOBAL_SETTING_SYSTEM_LOCKED) { // Setting 'system locked' flag. Debug.Tested(); await UpdateSystemLockedGlobalSetting(dbClient, loggedInUserId, bool.Parse(value), false); } else { // Not setting 'system locked' flag. Debug.Tested(); await IdentityServiceDataLayer.AddIdentityGlobalSetting(dbClient, name, value); //??--IdentityGlobalSettings[name] = value; } }
/** * Find a valid link with the user ID and type passed in. */ private static async Task <Link> FindValidLinkByUserID(AmazonDynamoDBClient dbClient, string userId, string type) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertID(userId); Debug.AssertString(type); Link retVal = null; Dictionary <string, AttributeValue> key = new Dictionary <string, AttributeValue>(); key.Add(IdentityServiceDataLayer.FIELD_LINKS_USER_ID, new AttributeValue(userId)); GetItemResponse getResponse = await dbClient.GetItemAsync(IdentityServiceDataLayer.DATASET_LINKS_INDEX_USER_ID, key); Debug.AssertValid(getResponse); Debug.AssertValidOrNull(getResponse.Item); if (getResponse.Item != null) { // A link with the specified ID exists. Debug.Untested(); retVal = IdentityServiceDataLayer.LinkFromDBItem(getResponse.Item); Debug.AssertValid(retVal); } //??-- foreach (var item in Links) // { // Debug.AssertValid(item); // Debug.AssertString(item.Key); // Debug.AssertValid(item.Value); // Debug.AssertString(item.Value.ID); // Debug.Assert(item.Value.ID == item.Key); // Debug.AssertID(item.Value.UserID); // if (item.Value.UserID == userId) { // if ((item.Value.Type == type) && (item.Value.Expires > DateTime.Now) && !item.Value.Revoked) { // retVal = item.Value; // break; // } // } // } return(retVal); }
/** * Set user address. */ public static async Task SetUserAddress(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserAddressRequest setUserAddressRequest) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertID(loggedInUserId); Debug.AssertValid(setUserAddressRequest); Debug.AssertString(setUserAddressRequest.address1); Debug.AssertString(setUserAddressRequest.country); Debug.AssertString(setUserAddressRequest.postalCode); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId); Debug.AssertValid(user); // Make changes (if necessary) if ((user.Address1 != setUserAddressRequest.address1) || (user.Address2 != setUserAddressRequest.address2) || (user.Address3 != setUserAddressRequest.address3) || (user.Address4 != setUserAddressRequest.address4) || (user.City != setUserAddressRequest.city) || (user.Region != setUserAddressRequest.region) || (user.Country != setUserAddressRequest.country) || (user.PostalCode != setUserAddressRequest.postalCode)) { user.Address1 = setUserAddressRequest.address1; user.Address2 = setUserAddressRequest.address2; user.Address3 = setUserAddressRequest.address3; user.Address4 = setUserAddressRequest.address4; user.City = setUserAddressRequest.city; user.Region = setUserAddressRequest.region; user.Country = setUserAddressRequest.country; user.PostalCode = setUserAddressRequest.postalCode; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); } }
/** * Resend email verification. */ public static async Task ResendEmailVerification(AmazonDynamoDBClient dbClient, ResendEmailVerificationRequest resendEmailVerificationRequest) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertValid(resendEmailVerificationRequest); Debug.AssertString(resendEmailVerificationRequest.emailAddress); // Find the user by email address User user = await IdentityServiceDataLayer.FindUserByEmailAddress(dbClient, resendEmailVerificationRequest.emailAddress); Debug.AssertValidOrNull(user); if (user != null) { // User exists Debug.AssertID(user.ID); if (user.EmailAddressVerified == null) { Debug.Tested(); await DoResendEmailVerification(dbClient, user); } else if (user.NewEmailAddress != null) { Debug.Tested(); await DoResendEmailVerification(dbClient, user); } else { Debug.Untested(); throw new Exception(IdentityServiceLogicLayer.ERROR_EMAIL_ALREADY_VERIFIED, new Exception(IdentityServiceLogicLayer.EMAIL_ALREADY_VERIFIED)); } } else { Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS, new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS)); } }
/** * Get global setting. */ internal static async Task <string> GetIdentityGlobalSetting(AmazonDynamoDBClient dbClient, string globalSettingName, string defaultValue = null) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertString(globalSettingName); Debug.AssertValidOrNull(defaultValue); //??--Debug.AssertValid(IdentityGlobalSettings); string retVal = defaultValue; var globalSettingDBItem = await IdentityServiceDataLayer.GetIdentityGlobalSettingDBItemByName(dbClient, globalSettingName); Debug.AssertValidOrNull(globalSettingDBItem); if (globalSettingDBItem != null) { // A global setting with the specified name exists. Debug.Untested(); retVal = IdentityServiceDataLayer.ValueFromDBItem(globalSettingDBItem); } //??-- if (IdentityGlobalSettings.ContainsKey(globalSettingName)) { // retVal = IdentityGlobalSettings[globalSettingName]; // Debug.AssertValidOrNull(retVal); // } return(retVal); }
/** * Creates an account. */ public static async Task <Tuple <User, bool> > CreateAccount(AmazonDynamoDBClient dbClient, CreateAccountRequest createAccountRequest) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertValid(createAccountRequest); //??--Debug.AssertValid(IdentityServiceLogicLayer.Users); // Is there an existing user? User user = await IdentityServiceLogicLayer.FindUserByEmailAddressOrNewEmailAddress(dbClient, createAccountRequest.emailAddress); //??--User user = IdentityServiceLogicLayer.Users.Find(u => ((u.EmailAddress == createAccountRequest.emailAddress) || (u.NewEmailAddress == createAccountRequest.emailAddress))); Debug.AssertValidOrNull(user); bool bReOpened = false; if (user == null) { // No user exists with the supplied email address. // Create a new user user = new User() { ID = RandomHelper.Next(), EmailAddress = createAccountRequest.emailAddress, PasswordHash = Helper.Hash(createAccountRequest.password) }; SetupUserFromCreateAccountRequest(user, createAccountRequest); // Add the new user to the data store await IdentityServiceLogicLayer.AddUserCreatingSyndicate(dbClient, user); // Create an email verification link Link link = await IdentityServiceLogicLayer.CreateLink(dbClient, IdentityServiceLogicLayer.LINK_TYPE_VERIFY_EMAIL_ADDRESS, user.ID); Debug.AssertValid(link); Debug.AssertString(link.ID); //??--IdentityServiceLogicLayer.VerifyEmailLinkId = link.ID; // Send email verification email Dictionary <string, string> replacementFields = new Dictionary <string, string>(); replacementFields["link"] = link.ID; EmailHelper.EmailTemplate(EmailHelper.EMAIL_TEMPLATE_CREATE_ACCOUNT, createAccountRequest.emailAddress, replacementFields); // Indicate that a new user was created. bReOpened = false; } else { // A user already exists with the supplied email address. if (user.Closed != null) { // Account is closed so possibly re-open. //??--if ((bool)GetIdentityGlobalSetting(GLOBAL_SETTING_USERS_CAN_REOPEN_ACCOUNT, true)) if (await IdentityServiceLogicLayer.GetBoolIdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_USERS_CAN_REOPEN_ACCOUNT, true)) { // Accounts allowed to be re-opened user.Closed = null; // Setup the user SetupUserFromCreateAccountRequest(user, createAccountRequest); // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // Send account re-opened email Dictionary <string, string> replacementFields = new Dictionary <string, string>(); EmailHelper.EmailTemplate(EmailHelper.EMAIL_TEMPLATE_ACCOUNT_REOPENED, createAccountRequest.emailAddress, replacementFields); // Indicate that an existing, closed, user was re-opened. bReOpened = true; } else { // Accounts cannot be re-opened so throw an error. throw new Exception(IdentityServiceLogicLayer.ERROR_USER_ACCOUNT_CLOSED); } } else { // Account is not closed so throw an error. throw new Exception(IdentityServiceLogicLayer.ERROR_EMAIL_IN_USE); } } return(new Tuple <User, bool>(user, bReOpened)); }
/** * Set user password after reset. */ public static async Task SetUserPasswordAfterReset(AmazonDynamoDBClient dbClient, SetUserPasswordAfterResetRequest setUserPasswordAfterResetRequest) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertValid(setUserPasswordAfterResetRequest); Debug.AssertString(setUserPasswordAfterResetRequest.resetPasswordLinkId); Debug.AssertEmail(setUserPasswordAfterResetRequest.emailAddress); Debug.AssertPassword(setUserPasswordAfterResetRequest.newPassword); // Find the valid link Link link = await IdentityServiceLogicLayer.FindValidLink(dbClient, setUserPasswordAfterResetRequest.resetPasswordLinkId, IdentityServiceLogicLayer.LINK_TYPE_RESET_PASSWORD); Debug.AssertValidOrNull(link); if (link != null) { // Valid link exists Debug.Tested(); Debug.AssertID(link.UserID); // Load the user User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, link.UserID, true); Debug.AssertValidOrNull(user); if (user != null) { Debug.Tested(); Debug.AssertEmail(user.EmailAddress); if (user.EmailAddress == setUserPasswordAfterResetRequest.emailAddress) { // Email address matches user's email address Debug.Tested(); // Make changes user.PasswordHash = Helper.Hash(setUserPasswordAfterResetRequest.newPassword); user.Locked = false; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // Revoke link link.Revoked = true; //??++SAVE LINK } else { Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS, new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS)); } } else { // User does not exist - may have been closed (and possibly subsequently deleted). Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_INVALID_LINK_USER, new Exception(SharedLogicLayer.ERROR_INVALID_LINK_USER)); } } else { Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_INVALID_LINK, new Exception(SharedLogicLayer.ERROR_INVALID_LINK)); } }
/** * Set user email. * If email is already in use then throw an exception. */ public static async Task SetUserEmail(AmazonDynamoDBClient dbClient, string userId, SetUserEmailRequest setUserEmailRequest) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertID(userId); Debug.AssertValid(setUserEmailRequest); Debug.AssertEmail(setUserEmailRequest.emailAddress); // Check that the specified email address is not already in use. User user = await IdentityServiceLogicLayer.FindUserByEmailAddressOrNewEmailAddress(dbClient, setUserEmailRequest.emailAddress); Debug.AssertValidOrNull(user); if (user != null) { Debug.Untested(); if (user.ID != userId) { Debug.Untested(); throw new Exception(IdentityServiceLogicLayer.ERROR_EMAIL_IN_USE); } } //??-- foreach (var user_ in Users) { // Debug.Tested(); // Debug.AssertValid(user_); // if (user_.Deleted == null) { // if (user_.ID != userId) { // Debug.Tested(); // if ((user_.EmailAddress == setUserEmailRequest.emailAddress) || // (user_.NewEmailAddress == setUserEmailRequest.emailAddress)) { // Debug.Tested(); // throw new Exception(ERROR_EMAIL_IN_USE); // } else { // Debug.Tested(); // } // } else { // Debug.Tested(); // } // } else { // Debug.Untested(); // } // } else { Debug.Untested(); // Load the user user = await IdentityServiceLogicLayer.FindUserByID(dbClient, userId, true); Debug.AssertValidOrNull(user); } if (user != null) { // User exists (not closed and not soft deleted) Debug.Tested(); Debug.AssertNull(user.Closed); Debug.AssertNull(user.Deleted); if (user.NewEmailAddress == null) { // The user's email address is not already being changed. Debug.Tested(); if (user.EmailAddress != setUserEmailRequest.emailAddress) { // The email address being changed to is different from the existing one. Debug.Tested(); user.NewEmailAddress = setUserEmailRequest.emailAddress; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // Send the validate link. Link link = await IdentityServiceLogicLayer.CreateLink(dbClient, IdentityServiceLogicLayer.LINK_TYPE_VERIFY_EMAIL_ADDRESS, user.ID); Debug.AssertValid(link); Debug.AssertString(link.ID); //??++SEND VERIFICATION EMAIL? //??--IdentityServiceLogicLayer.VerifyEmailLinkId = link.ID; LoggingHelper.LogMessage($"EMAIL VERIFICATION LINK ID: {link.ID}"); } else { // The email address being changed to is the same as the existing one. Debug.Tested(); } } else if (user.NewEmailAddress != setUserEmailRequest.emailAddress) { // The user's email address is already being changed but to a different address than the specified value. Debug.Tested(); throw new Exception(IdentityServiceLogicLayer.ERROR_EMAIL_ALREADY_BEING_CHANGED); } else { // The user's email address is already being changed to the specified value. Debug.Tested(); } } else { // User does not exist (or is closed or soft deleted) Debug.Tested(); throw new Exception(IdentityServiceLogicLayer.ERROR_USER_NOT_FOUND); } }
/** * Find a valid link with the ID and type passed in. */ internal static async Task <Link> FindValidLink(AmazonDynamoDBClient dbClient, string linkID, string type) { Debug.Untested(); Debug.AssertString(linkID); Debug.AssertString(type); //??--Debug.AssertValid(Links); Link retVal = null; var linkDBItem = await IdentityServiceDataLayer.GetLinkDBItemById(dbClient, linkID); Debug.AssertValidOrNull(linkDBItem); if (linkDBItem != null) { // A link with the specified ID exists. Debug.Untested(); Link link = IdentityServiceDataLayer.LinkFromDBItem(linkDBItem); Debug.AssertValid(link); if (link.Type == type) { // Correct type Debug.Untested(); if (link.Expires > DateTime.Now) { // Not expired Debug.Untested(); if (!link.Revoked) { // Not revoked Debug.Untested(); retVal = link; } else { // Revoked Debug.Untested(); } } else { // Expired Debug.Untested(); } } else { // Wrong type Debug.Untested(); } } else { // Link not found Debug.Untested(); } //??-- if (Links.ContainsKey(linkID)) { // Debug.Tested(); // retVal = Links[linkID]; // Debug.AssertValid(retVal); // if (retVal.Type != type) { // Debug.Tested(); // retVal = null; // } else if (retVal.Expires <= DateTime.Now) { // Debug.Tested(); // retVal = null; // } else if (retVal.Revoked) { // Debug.Tested(); // retVal = null; // } else { // Debug.Tested(); // } // } else { // Debug.Tested(); // } return(retVal); }
/** * Get the ID of the logged in user from the access token. * If the access token has expired then treat it as not existing and return zero (i.e. invalid ID). */ internal static async Task <string> UserIDFromAccessToken(AmazonDynamoDBClient dbClient, string accessTokenID) { Debug.Untested(); Debug.AssertValidOrNull(accessTokenID); string retVal = Helper.INVALID_ID; if (!string.IsNullOrEmpty(accessTokenID)) { Debug.Untested(); var accessTokenDBItem = await IdentityServiceDataLayer.GetAccessTokenDBItemById(dbClient, accessTokenID); Debug.AssertValidOrNull(accessTokenDBItem); if (accessTokenDBItem != null) { // An access token with the specified ID exists. Debug.Untested(); AccessToken accessToken = IdentityServiceDataLayer.AccessTokenFromDBItem(accessTokenDBItem); Debug.AssertValid(accessToken); if (accessToken.Expires > DateTime.Now) { // The access token has not expired. Debug.Untested(); Debug.AssertID(accessToken.UserID); retVal = accessToken.UserID; } else { // The access token has expired. Debug.Untested(); } } else { // Access token not found. Debug.Tested(); } } else { // Invalid (empty or null) access token. Debug.Untested(); } //??-- if (AccessTokens.ContainsKey(accessTokenID)) { // Debug.Tested(); // AccessToken accessToken = AccessTokens[accessTokenID]; // Debug.AssertValid(accessToken); // Debug.AssertValidOrNull(accessToken.User); // if (accessToken.Expires > DateTime.Now) { // // The access token has not expired. // Debug.Tested(); // if (accessToken.User != null) { // // Access token associated with a user. // Debug.Tested(); // Debug.AssertID(accessToken.User.ID); // retVal = accessToken.User.ID; // } else { // // Access token not associated with a user. // Debug.Untested(); // } // } // else // { // // The access token has expired. // Debug.Untested(); // } // } else { // // Access token not found. // Debug.Tested(); // } // } else { // // Invalid (empty or null) access token. // Debug.Untested(); // } return(retVal); }
/** * Login. * Returns an access token if successful, along with the access token's expiry time. */ public static async Task <Tuple <string, DateTime> > Login(AmazonDynamoDBClient dbClient, LoginRequest loginRequest) { Debug.Tested(); Debug.AssertValid(dbClient); Debug.AssertValid(loginRequest); Debug.AssertEmail(loginRequest.emailAddress); Debug.AssertString(loginRequest.password); // Find user with email and password hash //??--User user = IdentityServiceLogicLayer.Users.Find(u => (u.EmailAddress == loginRequest.emailAddress)); User user = await IdentityServiceDataLayer.FindUserByEmailAddress(dbClient, loginRequest.emailAddress); Debug.AssertValidOrNull(user); if (user != null) { // User found with specified email address Debug.Tested(); Debug.AssertID(user.ID); if (user.Closed != null) { Debug.Tested(); throw new Exception(IdentityServiceLogicLayer.ERROR_USER_ACCOUNT_CLOSED); } else if (user.Blocked) { Debug.Tested(); throw new Exception(IdentityServiceLogicLayer.ERROR_USER_BLOCKED); } else if (user.Locked) { Debug.Tested(); throw new Exception(IdentityServiceLogicLayer.ERROR_USER_LOCKED); } else { // User is not closed, blocked or locked. Debug.Tested(); if (user.PasswordHash == Helper.Hash(loginRequest.password)) { // Correct password - log the user in. Debug.Tested(); // Invalidate any existing access tokens await IdentityServiceLogicLayer.InvalidateUserAccessTokens(dbClient, user.ID); // Set the last login time to now user.LastLoggedIn = DateTime.Now; // Mark failed login attempts as zero user.FailedLoginAttempts = 0; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); // Create a new access token //??--Int64 accessTokenLifetime = (Int64)GetIdentityGlobalSetting(GLOBAL_SETTING_ACCESS_TOKEN_LIFETIME, DEFAULT_ACCESS_TOKEN_LIFETIME); Int64 accessTokenLifetime = await IdentityServiceLogicLayer.GetInt64IdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_ACCESS_TOKEN_LIFETIME, IdentityServiceLogicLayer.DEFAULT_ACCESS_TOKEN_LIFETIME); AccessToken accessToken = new AccessToken() { ID = RandomHelper.Next().ToString(), UserID = user.ID, Expires = DateTime.Now.AddSeconds(accessTokenLifetime) }; // Setup the access token max expiry time //??--Int64 maxUserLoginTime = (Int64)GetIdentityGlobalSetting(GLOBAL_SETTING_MAX_USER_LOGIN_TIME, DEFAULT_MAX_USER_LOGIN_TIME); Int64 maxUserLoginTime = await IdentityServiceLogicLayer.GetInt64IdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_MAX_USER_LOGIN_TIME, IdentityServiceLogicLayer.DEFAULT_MAX_USER_LOGIN_TIME); if ((user.MaxTimeLoggedIn == null) || (user.MaxTimeLoggedIn == 0)) { Debug.Tested(); if (maxUserLoginTime != 0) { Debug.Tested(); accessToken.MaxExpiry = DateTime.Now.AddMinutes((UInt64)maxUserLoginTime); } else { Debug.Tested(); } } else { Debug.Tested(); if (maxUserLoginTime != 0) { Debug.Untested(); UInt64 maxUserLoginTime_ = Math.Min((UInt64)maxUserLoginTime, (UInt64)user.MaxTimeLoggedIn); accessToken.MaxExpiry = DateTime.Now.AddMinutes(maxUserLoginTime_); } else { Debug.Tested(); accessToken.MaxExpiry = DateTime.Now.AddMinutes((UInt64)user.MaxTimeLoggedIn); } } // Ensure the max expiry has not been exceeded if ((accessToken.MaxExpiry != null) && (accessToken.Expires > accessToken.MaxExpiry)) { Debug.Untested(); accessToken.Expires = (DateTime)accessToken.MaxExpiry; } else { Debug.Tested(); } // Add the access token //??--AccessTokens.Add(accessToken.ID, accessToken); await IdentityServiceDataLayer.AddAccessToken(dbClient, accessToken); // Return the access token ID and expiry date/time //??--expiryTime = accessToken.Expires; return(new Tuple <string, DateTime>(accessToken.ID, (DateTime)accessToken.Expires)); } else { // Incorrect password Debug.Tested(); //??--Int16 maxLoginAttempts = (Int16)GetIdentityGlobalSetting(GLOBAL_SETTING_LOCK_ON_FAILED_LOGIN_ATTEMPTS, DEFAULT_MAX_LOGIN_ATTEMPTS); Int64 maxLoginAttempts = await IdentityServiceLogicLayer.GetInt64IdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_LOCK_ON_FAILED_LOGIN_ATTEMPTS, IdentityServiceLogicLayer.DEFAULT_MAX_LOGIN_ATTEMPTS); if (++user.FailedLoginAttempts == maxLoginAttempts) { // Too many password attempts - user locked. Debug.Tested(); user.Locked = true; // Save the user await IdentityServiceDataLayer.SaveUser(dbClient, user); throw new Exception(IdentityServiceLogicLayer.ERROR_USER_LOCKED); } else { Debug.Tested(); throw new Exception(IdentityServiceLogicLayer.ERROR_INCORRECT_PASSWORD); } } } } else { Debug.Tested(); throw new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS); } }
/** * Setup the test users. */ //??? internal static void SetupTestUsers() { // Debug.Tested(); // int userNumber = 1; // string userId = userNumber.ToString(); // // Add a super admin (with ID 1) // AddUserCreatingSyndicate(new User() { // ID = userId, // EmailAddress = "*****@*****.**", // PasswordHash = Helper.Hash("Passw0rd"), // GivenName = "Stuart", // FamilyName = "Prestedge" // }); // Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_SUPER_ADMIN)); // Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN)); // Permissions.Add(new Tuple<string, string>(userId, PERMISSION_CAN_LOCK_SYSTEM)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_LOCK_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UNLOCK_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_PUBLISH_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_FREEZE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_GAME_CLOSE_DATE)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_GAME_DONATED_TO_CHARITY)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_DRAW)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_DRAW)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_DATE)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_AMOUNT)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_AUTO_DRAW)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_WINNING_NUMBER)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CLEAR_DRAW_WINNING_NUMBER)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_DRAW)); // userId = (++userNumber).ToString(); // // Add an admin (all permissions, with ID 2) // AddUserCreatingSyndicate(new User() { // ID = userId, // EmailAddress = "*****@*****.**", // PasswordHash = Helper.Hash("Passw0rd"), // GivenName = "BDD", // FamilyName = "Admin" // }); // Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN)); // Permissions.Add(new Tuple<string, string>(userId, PERMISSION_CAN_LOCK_SYSTEM)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_LOCK_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UNLOCK_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_PUBLISH_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_FREEZE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_GAME_CLOSE_DATE)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_GAME_DONATED_TO_CHARITY)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_DRAW)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_DRAW)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_DATE)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_AMOUNT)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_AUTO_DRAW)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_WINNING_NUMBER)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CLEAR_DRAW_WINNING_NUMBER)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_DRAW)); // Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_BUY_TICKETS)); // Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_OFFER_TICKET)); // Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_REVOKE_TICKET)); // Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_ACCEPT_TICKET)); // Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_REJECT_TICKET)); // Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_RESERVE_TICKET)); // Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_GET_TICKET_AUDITS)); // userId = (++userNumber).ToString(); // // Add an admin (no permissions, with ID 3) // AddUserCreatingSyndicate(new User() { // ID = userId, // EmailAddress = "*****@*****.**", // PasswordHash = Helper.Hash("Passw0rd"), // GivenName = "BDD", // FamilyName = "Admin (no permissions)" // }); // Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN)); // userId = (++userNumber).ToString(); // // Add a user (with ID 4) // AddUserCreatingSyndicate(new User() { // ID = userId, // EmailAddress = "*****@*****.**", // PasswordHash = Helper.Hash("Passw0rd"), // GivenName = "BDD", // FamilyName = "User" // }); // userId = (++userNumber).ToString(); // // Add a second user (with ID 5) // AddUserCreatingSyndicate(new User() { // ID = userId, // EmailAddress = "*****@*****.**", // PasswordHash = Helper.Hash("Passw0rd"), // GivenName = "BDD", // FamilyName = "User 2" // }); // userId = (++userNumber).ToString(); // // Add a editor user (with ID 6) // AddUserCreatingSyndicate(new User() { // ID = userId, // EmailAddress = "*****@*****.**", // PasswordHash = Helper.Hash("Passw0rd"), // GivenName = "BDD", // FamilyName = "User 6" // }); // Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_LOCK_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_DRAW)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_DRAW)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_DRAW)); // userId = (++userNumber).ToString(); // // Add a publisher user (with ID 7) // AddUserCreatingSyndicate(new User() { // ID = userId, // EmailAddress = "*****@*****.**", // PasswordHash = Helper.Hash("Passw0rd"), // GivenName = "BDD", // FamilyName = "User 2" // }); // Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_PUBLISH_GAME)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UNLOCK_GAME)); // userId = (++userNumber).ToString(); // // Add a freezer user (with ID 7) // AddUserCreatingSyndicate(new User() { // ID = userId, // EmailAddress = "*****@*****.**", // PasswordHash = Helper.Hash("Passw0rd"), // GivenName = "BDD", // FamilyName = "User 2" // }); // Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN)); // Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_FREEZE_GAME)); // userId = (++userNumber).ToString(); // } /** * Find a user by ID. */ internal static async Task <User> FindUserByID(AmazonDynamoDBClient dbClient, string userId, bool ignoreClosed = false) { Debug.Untested(); Debug.AssertValid(dbClient); Debug.AssertID(userId); User retVal = null; var userDBItem = await IdentityServiceDataLayer.GetUserDBItemById(dbClient, userId); Debug.AssertValidOrNull(userDBItem); if (userDBItem != null) { // A user with the specified ID exists. Debug.Untested(); if (IdentityServiceDataLayer.GetUserDBItemDeleted(userDBItem) == null) { // The user is not deleted if (!ignoreClosed || (IdentityServiceDataLayer.GetUserDBItemClosed(userDBItem) == null)) { // Not ignoring closed or the user is not closed retVal = IdentityServiceDataLayer.UserFromDBItem(userDBItem); Debug.AssertValid(retVal); } else { // The user is closed and we are ignoring closed users. Debug.Untested(); } } else { // The user is deleted Debug.Untested(); } } else { // A user with the specified ID does not exist. Debug.Untested(); } //??-- foreach (User user in Users) { // Debug.Tested(); // Debug.AssertValid(user); // if (user.Deleted == null) { // // The user record is not deleted // Debug.Tested(); // if (user.ID == userId) { // // Found user with specified ID. // Debug.Tested(); // if (user.Closed == null) { // // The user account is not closed so return it. // Debug.Tested(); // retVal = user; // } else if (!ignoreClosed) { // // The user account is closed but, because we are not ignoring closed accounts, return it. // Debug.Untested(); // retVal = user; // } else { // // Ignore the closed user account (i.e. return null). // Debug.Tested(); // } // break; // } else { // // User is not the one with the specified ID. // Debug.Tested(); // } // } else { // // The user record has been soft deleted so ignore it. // Debug.Untested(); // } // } return(retVal); }