/**
* Verify email with details.
*/
private static async Task DoVerifyEmailWithDetails(AmazonDynamoDBClient dbClient, User user, Link link, VerifyEmailWithDetailsRequest verifyEmailWithDetailsRequest)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertValid(user);
Debug.AssertValid(link);
Debug.AssertValid(verifyEmailWithDetailsRequest);
// Make changes
user.EmailAddressVerified = DateTime.Now;
user.GivenName = verifyEmailWithDetailsRequest.givenName;
user.FamilyName = verifyEmailWithDetailsRequest.familyName;
user.PasswordHash = Helper.Hash(verifyEmailWithDetailsRequest.password);
user.DateOfBirth = (DateTime)APIHelper.DateFromAPIDateString(verifyEmailWithDetailsRequest.dateOfBirth);
user.Address1 = verifyEmailWithDetailsRequest.address1;
user.Address2 = verifyEmailWithDetailsRequest.address2;
user.Address3 = verifyEmailWithDetailsRequest.address3;
user.Address4 = verifyEmailWithDetailsRequest.address4;
user.City = verifyEmailWithDetailsRequest.city;
user.Region = verifyEmailWithDetailsRequest.region;
user.Country = verifyEmailWithDetailsRequest.country;
user.PostalCode = verifyEmailWithDetailsRequest.postalCode;
user.AllowNonEssentialEmails = verifyEmailWithDetailsRequest.allowNonEssentialEmails;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
// Revoke the link
link.Revoked = true;
//??++SAVE LINK
}
/**
* Find a user by email address.
*/
internal static async Task <User> GetOrCreateUserByEmailAddress(AmazonDynamoDBClient dbClient, string emailAddress)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertEmail(emailAddress);
User retVal = await IdentityServiceDataLayer.FindUserByEmailAddress(dbClient, emailAddress);
Debug.AssertValidOrNull(retVal);
if (retVal == null)
{
Debug.Tested();
retVal = new User {
ID = RandomHelper.Next(),
EmailAddress = emailAddress
};
await AddUserCreatingSyndicate(dbClient, retVal);
//??++EMAIL THE PERSON?
}
else
{
Debug.Tested();
}
return(retVal);
}
/**
* Check that the user is logged in and that they can perform the action on behalf of the requested user.
* They either must be logged in as the requested user or be logged in as an administrator with the
* specified permission.
*/
//??? internal static async Task<Tuple<string, string>> CheckLoggedInWithPermission(AmazonDynamoDBClient dbClient,
// IDictionary<string, string> requestHeaders,
// string adminPermission,
// string requestedUserId)
// {
// Debug.Untested();
// Debug.AssertValid(dbClient);
// Debug.AssertValid(requestHeaders);
// Debug.AssertString(adminPermission);
// Debug.AssertIDOrNull(requestedUserId);
// string actualUserId = null;
// APIHelper.CheckLoggedIn(requestHeaders, out string loggedInUserId);
// if (requestedUserId == null) {
// Debug.Tested();
// actualUserId = loggedInUserId;
// } else if (IdentityServiceLogicLayer.UserHasPermission(loggedInUserId, IdentityServiceLogicLayer.PERMISSION_IS_ADMIN)) {
// Debug.Tested();
// if (IdentityServiceLogicLayer.UserHasPermission(loggedInUserId, adminPermission)) {
// Debug.Tested();
// actualUserId = requestedUserId;
// User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, actualUserId);
// Debug.AssertValidOrNull(user);
// if (user == null) {
// Debug.Tested();
// throw new Exception(IdentityServiceLogicLayer.ERROR_USER_NOT_FOUND);
// } else {
// Debug.Tested();
// }
// } else {
// Debug.Tested();
// throw new Exception(SharedLogicLayer.ERROR_NO_PERMISSION);
// }
// } else {
// Debug.Tested();
// throw new Exception(SharedLogicLayer.ERROR_NOT_AN_ADMIN, new Exception(SharedLogicLayer.ERROR_NOT_AN_ADMIN));
// }
// return new Tuple<string, string>(loggedInUserId, actualUserId);
// }
/**
* Create a link of the specified type.
*/
internal static async Task <Link> CreateLink(AmazonDynamoDBClient dbClient,
string type,
string userId,
string oneTimePassword = null)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertString(type);
Debug.AssertID(userId);
Debug.AssertStringOrNull(oneTimePassword);
Link link = new Link()
{
ID = RandomHelper.Next().ToString(),
Type = type,
Expires = DateTime.Now.AddHours(1),//??++TAKE FROM SETTING?
UserID = userId,
Revoked = false,
OneTimePassword = oneTimePassword
};
//??--Links.Add(link.ID, link);
await IdentityServiceDataLayer.AddLink(dbClient, link);
return(link);
}
/**
* Set user name.
*/
public static async Task SetUserName(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserNameRequest setUserNameRequest)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertID(loggedInUserId);
Debug.AssertValid(setUserNameRequest);
Debug.AssertString(setUserNameRequest.givenName);
Debug.AssertString(setUserNameRequest.familyName);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
// Make changes (if necessary)
if ((user.GivenName != setUserNameRequest.givenName) ||
(user.FamilyName != setUserNameRequest.familyName) ||
(user.FullName != setUserNameRequest.fullName) ||
(user.PreferredName != setUserNameRequest.preferredName))
{
user.GivenName = setUserNameRequest.givenName;
user.FamilyName = setUserNameRequest.familyName;
user.FullName = setUserNameRequest.fullName;
user.PreferredName = setUserNameRequest.preferredName;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
}
}
/**
* Set user phone number.
*/
public static async Task SetUserPhoneNumber(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserPhoneNumberRequest setUserPhoneNumberRequest)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertID(loggedInUserId);
Debug.AssertValid(setUserPhoneNumberRequest);
Debug.AssertString(setUserPhoneNumberRequest.phoneNumber);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
// Make changes (if necessary)
if (user.PhoneNumber != setUserPhoneNumberRequest.phoneNumber)
{
// Set the new phone number
user.PhoneNumber = setUserPhoneNumberRequest.phoneNumber;
// Mark it as not verified
user.PhoneNumberVerified = null;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
// Send the OTP via SMS
string oneTimePassword = "******";//??++GENERATE OTP
Link link = await IdentityServiceLogicLayer.CreateLink(dbClient, IdentityServiceLogicLayer.LINK_TYPE_VERIFY_PHONE_NUMBER, loggedInUserId, oneTimePassword);
Debug.AssertValid(link);
//??++SMS OTP
LoggingHelper.LogMessage($"PHONE NUMBER VERIFICATION LINK ID: {link.ID}");
}
}
/**
* Set user permissions.
*/
internal static async Task SetUserPermissions(AmazonDynamoDBClient dbClient, string userId, JToken requestBody)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertID(userId);
Debug.AssertValid(requestBody);
Debug.AssertValid((JArray)requestBody["permissions"]);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, userId);
Debug.AssertValidOrNull(user);
if (user != null)
{
Debug.Untested();
Debug.AssertValid(user.Permissions);
// Change the permissions
//??--user.Permissions.RemoveAll(permission => (permission.Item1 == userId));
user.Permissions.Clear();
foreach (var permission in (JArray)requestBody["permissions"])
{
Debug.AssertString((string)permission);
user.Permissions.Add((string)permission);//??--new Tuple<string, string>(userId, (string)permission));
}
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
}
else
{
Debug.Untested();
throw new Exception(IdentityServiceLogicLayer.ERROR_USER_NOT_FOUND);
}
}
/**
* Set user preferences.
*/
public static async Task SetUserPreferences(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserPreferencesRequest setUserPreferencesRequest)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertID(loggedInUserId);
Debug.AssertValid(setUserPreferencesRequest);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
// Make changes (if necessary)
if ((user.PreferredLanguage != setUserPreferencesRequest.preferredLanguage) ||
(user.PreferredCurrency != setUserPreferencesRequest.preferredCurrency) ||
(user.PreferredTimeZone != setUserPreferencesRequest.preferredTimeZone))
{
user.PreferredLanguage = setUserPreferencesRequest.preferredLanguage;
user.PreferredCurrency = setUserPreferencesRequest.preferredCurrency;
user.PreferredTimeZone = setUserPreferencesRequest.preferredTimeZone;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
}
}
/**
* Close account.
*/
public static async Task CloseAccount(AmazonDynamoDBClient dbClient, string loggedInUserId, CloseAccountRequest closeAccountRequest)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertID(loggedInUserId);
Debug.AssertValid(closeAccountRequest);
Debug.AssertString(closeAccountRequest.password);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
Debug.AssertNull(user.Closed);
// Check the password
if (user.PasswordHash == Helper.Hash(closeAccountRequest.password))
{
// Make changes
user.Closed = DateTime.Now;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
// Actually log user out
await IdentityServiceLogicLayer.InvalidateUserAccessTokens(dbClient, loggedInUserId);
}
else
{
Debug.Untested();
throw new Exception(IdentityServiceLogicLayer.ERROR_INCORRECT_PASSWORD);
}
}
/**
* Set user password.
*/
public static async Task SetUserPassword(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserPasswordRequest setUserPasswordRequest)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertID(loggedInUserId);
Debug.AssertValid(setUserPasswordRequest);
Debug.AssertString(setUserPasswordRequest.oldPassword);
Debug.AssertString(setUserPasswordRequest.newPassword);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
// Check password
if (user.PasswordHash == Helper.Hash(setUserPasswordRequest.oldPassword))
{
// Make changes (if necessary)
string newPasswordHash = Helper.Hash(setUserPasswordRequest.newPassword);
if (user.PasswordHash != newPasswordHash)
{
user.PasswordHash = newPasswordHash;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
}
}
else
{
throw new Exception(IdentityServiceLogicLayer.ERROR_INCORRECT_PASSWORD);
}
}
/**
* Set user limits.
*/
public static async Task SetUserLimits(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserLimitsRequest setUserLimitsRequest)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertID(loggedInUserId);
Debug.AssertValid(setUserLimitsRequest);
if ((setUserLimitsRequest.maxDailySpendingAmount != null) ||
(setUserLimitsRequest.maxTimeLoggedIn != null) ||
(setUserLimitsRequest.excludeUntil != null))
{
// At least one of the limits may be being changed
Debug.Tested();
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
// Make changes
SetUserMaxDailySpendingAmount(user, setUserLimitsRequest);
SetUserMaxTimeLoggedIn(user, setUserLimitsRequest);
SetUserExcludeUntil(user, setUserLimitsRequest);
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
}
else
{
Debug.Tested();
}
}
/**
* Update system locked global setting.
*/
internal static async Task UpdateSystemLockedGlobalSetting(AmazonDynamoDBClient dbClient,
string loggedInUserId,
bool value,
bool force = false)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertIDOrNull(loggedInUserId);
// Setting 'system locked' flag.
if (value)
{
// Setting to true (allowed)
Debug.Tested();
User loggedInUser = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValidOrNull(loggedInUser);
if (IdentityServiceLogicLayer.UserHasPermission(loggedInUser, IdentityServiceLogicLayer.PERMISSION_CAN_LOCK_SYSTEM))
{
Debug.Tested();
//??--if (!IdentityGlobalSettings.ContainsKey(GLOBAL_SETTING_SYSTEM_LOCKED) || !(bool)IdentityGlobalSettings[GLOBAL_SETTING_SYSTEM_LOCKED])
bool systemLocked = await IdentityServiceLogicLayer.GetBoolIdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_SYSTEM_LOCKED, false);
if (!systemLocked)
{
Debug.Tested();
//??--IdentityGlobalSettings[GLOBAL_SETTING_SYSTEM_LOCKED] = value;
await IdentityServiceDataLayer.AddIdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_SYSTEM_LOCKED, value.ToString());
}
else
{
Debug.Tested();
throw new Exception(SharedLogicLayer.ERROR_SYSTEM_ALREADY_LOCKED);
}
}
else
{
Debug.Tested();
throw new Exception(SharedLogicLayer.ERROR_NO_PERMISSION);
}
}
else if (force)
{
// Forcing the set to false.
Debug.Tested();
//??--IdentityGlobalSettings[GLOBAL_SETTING_SYSTEM_LOCKED] = value;
await IdentityServiceDataLayer.AddIdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_SYSTEM_LOCKED, value.ToString());
}
else
{
// Setting to false (not allowed)
Debug.Untested();
throw new Exception(SharedLogicLayer.ERROR_NO_PERMISSION);
}
}
/**
* Find a user by email address.
*/
internal static async Task AddUserCreatingSyndicate(AmazonDynamoDBClient dbClient, User user)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertValid(user);
Debug.AssertID(user.ID);
await IdentityServiceDataLayer.AddUser(dbClient, user);
//??++Check response?
// Create the syndicate for the user.
string name = NameHelper.GetDisplayName(user.GivenName, user.FamilyName);
await SyndicateServiceLogicLayer.CreateSyndicate(dbClient, name, user.ID);
}
/**
* Verify phone number.
*/
private static async Task DoVerifyPhoneNumber(AmazonDynamoDBClient dbClient, User user, Link link)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertValid(user);
Debug.AssertValid(link);
// Make changes to the user
user.PhoneNumberVerified = DateTime.Now;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
// Revoke the link
link.Revoked = true;
//??++SAVE LINK
}
/**
* Find a user by email address or new email address.
* //??++MAKE THIS MORE EFFICIENT!
*/
internal static async Task <User> FindUserByEmailAddressOrNewEmailAddress(AmazonDynamoDBClient dbClient, string emailAddress)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertEmail(emailAddress);
User retVal = await IdentityServiceDataLayer.FindUserByEmailAddress(dbClient, emailAddress);
Debug.AssertValidOrNull(retVal);
if (retVal == null)
{
retVal = await IdentityServiceDataLayer.FindUserByNewEmailAddress(dbClient, emailAddress);
Debug.AssertValidOrNull(retVal);
}
return(retVal);
}
/**
* Logout.
*/
public static async Task Logout(AmazonDynamoDBClient dbClient, string loggedInUserId)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertID(loggedInUserId);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
// Make changes
user.LastLoggedOut = DateTime.Now;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
//
await IdentityServiceLogicLayer.InvalidateUserAccessTokens(dbClient, loggedInUserId);
}
/**
* Set user gender.
*/
public static async Task SetUserGender(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserGenderRequest setUserGenderRequest)
{
Debug.Tested();
Debug.AssertID(loggedInUserId);
Debug.AssertValid(setUserGenderRequest);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
// Make changes (if necessary)
if (user.Gender != setUserGenderRequest.gender)
{
user.Gender = setUserGenderRequest.gender;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
}
}
/**
* Find an access token.
*/
//??? internal static AccessToken FindAccessToken(string accessTokenId) {
// Debug.Tested();
// Debug.AssertString(accessTokenId);
// AccessToken retVal = null;
// if (AccessTokens.ContainsKey(accessTokenId)) {
// retVal = AccessTokens[accessTokenId];
// Debug.AssertValid(retVal);
// }
// return retVal;
// }
/**
* Find a user's access token.
* Returns null if an access token is not found for the user.
*/
internal static async Task <AccessToken> FindAccessTokenByUserID(AmazonDynamoDBClient dbClient, string userId)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertID(userId);
AccessToken retVal = null;
Dictionary <string, AttributeValue> key = new Dictionary <string, AttributeValue>();
key.Add(IdentityServiceDataLayer.FIELD_ACCESS_TOKENS_USER_ID, new AttributeValue(userId));
GetItemResponse getResponse = await dbClient.GetItemAsync(IdentityServiceDataLayer.DATASET_ACCESS_TOKENS_INDEX_USER_ID, key);
Debug.AssertValid(getResponse);
Debug.AssertValidOrNull(getResponse.Item);
if (getResponse.Item != null)
{
// An access token with the specified ID exists.
Debug.Untested();
retVal = IdentityServiceDataLayer.AccessTokenFromDBItem(getResponse.Item);
Debug.AssertValid(retVal);
}
return(retVal);
/*??--AccessToken retVal = null;
* foreach (var item in AccessTokens) {
* Debug.AssertValid(item);
* Debug.AssertString(item.Key);
* Debug.AssertValidOrNull(item.Value);
* if (item.Value != null) {
* Debug.Assert(item.Value.ID == item.Key);
* Debug.AssertValidOrNull(item.Value.User);
* if (item.Value.User != null) {
* if (item.Value.User.ID == userId) {
* retVal = item.Value;
* break;
* }
* }
* }
* }
* return retVal;*/
}
/**
* Set user allow non-essential emails.
*/
public static async Task SetUserAllowNonEssentialEmails(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserAllowNonEssentialEmailsRequest setUserAllowNonEssentialEmailsRequest)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertID(loggedInUserId);
Debug.AssertValid(setUserAllowNonEssentialEmailsRequest);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
// Make changes (if necessary)
if (user.AllowNonEssentialEmails != setUserAllowNonEssentialEmailsRequest.allowNonEssentialEmails)
{
user.AllowNonEssentialEmails = setUserAllowNonEssentialEmailsRequest.allowNonEssentialEmails;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
}
}
/**
* Update global setting.
*/
internal static async Task UpdateIdentityGlobalSetting(AmazonDynamoDBClient dbClient, string loggedInUserId, string name, string value)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertIDOrNull(loggedInUserId);
Debug.AssertString(name);
if (name == IdentityServiceLogicLayer.GLOBAL_SETTING_SYSTEM_LOCKED)
{
// Setting 'system locked' flag.
Debug.Tested();
await UpdateSystemLockedGlobalSetting(dbClient, loggedInUserId, bool.Parse(value), false);
}
else
{
// Not setting 'system locked' flag.
Debug.Tested();
await IdentityServiceDataLayer.AddIdentityGlobalSetting(dbClient, name, value);
//??--IdentityGlobalSettings[name] = value;
}
}
/**
* Find a valid link with the user ID and type passed in.
*/
private static async Task <Link> FindValidLinkByUserID(AmazonDynamoDBClient dbClient, string userId, string type)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertID(userId);
Debug.AssertString(type);
Link retVal = null;
Dictionary <string, AttributeValue> key = new Dictionary <string, AttributeValue>();
key.Add(IdentityServiceDataLayer.FIELD_LINKS_USER_ID, new AttributeValue(userId));
GetItemResponse getResponse = await dbClient.GetItemAsync(IdentityServiceDataLayer.DATASET_LINKS_INDEX_USER_ID, key);
Debug.AssertValid(getResponse);
Debug.AssertValidOrNull(getResponse.Item);
if (getResponse.Item != null)
{
// A link with the specified ID exists.
Debug.Untested();
retVal = IdentityServiceDataLayer.LinkFromDBItem(getResponse.Item);
Debug.AssertValid(retVal);
}
//??-- foreach (var item in Links)
// {
// Debug.AssertValid(item);
// Debug.AssertString(item.Key);
// Debug.AssertValid(item.Value);
// Debug.AssertString(item.Value.ID);
// Debug.Assert(item.Value.ID == item.Key);
// Debug.AssertID(item.Value.UserID);
// if (item.Value.UserID == userId) {
// if ((item.Value.Type == type) && (item.Value.Expires > DateTime.Now) && !item.Value.Revoked) {
// retVal = item.Value;
// break;
// }
// }
// }
return(retVal);
}
/**
* Set user address.
*/
public static async Task SetUserAddress(AmazonDynamoDBClient dbClient, string loggedInUserId, SetUserAddressRequest setUserAddressRequest)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertID(loggedInUserId);
Debug.AssertValid(setUserAddressRequest);
Debug.AssertString(setUserAddressRequest.address1);
Debug.AssertString(setUserAddressRequest.country);
Debug.AssertString(setUserAddressRequest.postalCode);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, loggedInUserId);
Debug.AssertValid(user);
// Make changes (if necessary)
if ((user.Address1 != setUserAddressRequest.address1) ||
(user.Address2 != setUserAddressRequest.address2) ||
(user.Address3 != setUserAddressRequest.address3) ||
(user.Address4 != setUserAddressRequest.address4) ||
(user.City != setUserAddressRequest.city) ||
(user.Region != setUserAddressRequest.region) ||
(user.Country != setUserAddressRequest.country) ||
(user.PostalCode != setUserAddressRequest.postalCode))
{
user.Address1 = setUserAddressRequest.address1;
user.Address2 = setUserAddressRequest.address2;
user.Address3 = setUserAddressRequest.address3;
user.Address4 = setUserAddressRequest.address4;
user.City = setUserAddressRequest.city;
user.Region = setUserAddressRequest.region;
user.Country = setUserAddressRequest.country;
user.PostalCode = setUserAddressRequest.postalCode;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
}
}
/**
* Resend email verification.
*/
public static async Task ResendEmailVerification(AmazonDynamoDBClient dbClient, ResendEmailVerificationRequest resendEmailVerificationRequest)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertValid(resendEmailVerificationRequest);
Debug.AssertString(resendEmailVerificationRequest.emailAddress);
// Find the user by email address
User user = await IdentityServiceDataLayer.FindUserByEmailAddress(dbClient, resendEmailVerificationRequest.emailAddress);
Debug.AssertValidOrNull(user);
if (user != null)
{
// User exists
Debug.AssertID(user.ID);
if (user.EmailAddressVerified == null)
{
Debug.Tested();
await DoResendEmailVerification(dbClient, user);
}
else if (user.NewEmailAddress != null)
{
Debug.Tested();
await DoResendEmailVerification(dbClient, user);
}
else
{
Debug.Untested();
throw new Exception(IdentityServiceLogicLayer.ERROR_EMAIL_ALREADY_VERIFIED, new Exception(IdentityServiceLogicLayer.EMAIL_ALREADY_VERIFIED));
}
}
else
{
Debug.Tested();
throw new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS, new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS));
}
}
/**
* Get global setting.
*/
internal static async Task <string> GetIdentityGlobalSetting(AmazonDynamoDBClient dbClient, string globalSettingName, string defaultValue = null)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertString(globalSettingName);
Debug.AssertValidOrNull(defaultValue);
//??--Debug.AssertValid(IdentityGlobalSettings);
string retVal = defaultValue;
var globalSettingDBItem = await IdentityServiceDataLayer.GetIdentityGlobalSettingDBItemByName(dbClient, globalSettingName);
Debug.AssertValidOrNull(globalSettingDBItem);
if (globalSettingDBItem != null)
{
// A global setting with the specified name exists.
Debug.Untested();
retVal = IdentityServiceDataLayer.ValueFromDBItem(globalSettingDBItem);
}
//??-- if (IdentityGlobalSettings.ContainsKey(globalSettingName)) {
// retVal = IdentityGlobalSettings[globalSettingName];
// Debug.AssertValidOrNull(retVal);
// }
return(retVal);
}
/**
* Creates an account.
*/
public static async Task <Tuple <User, bool> > CreateAccount(AmazonDynamoDBClient dbClient, CreateAccountRequest createAccountRequest)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertValid(createAccountRequest);
//??--Debug.AssertValid(IdentityServiceLogicLayer.Users);
// Is there an existing user?
User user = await IdentityServiceLogicLayer.FindUserByEmailAddressOrNewEmailAddress(dbClient, createAccountRequest.emailAddress);
//??--User user = IdentityServiceLogicLayer.Users.Find(u => ((u.EmailAddress == createAccountRequest.emailAddress) || (u.NewEmailAddress == createAccountRequest.emailAddress)));
Debug.AssertValidOrNull(user);
bool bReOpened = false;
if (user == null)
{
// No user exists with the supplied email address.
// Create a new user
user = new User()
{
ID = RandomHelper.Next(),
EmailAddress = createAccountRequest.emailAddress,
PasswordHash = Helper.Hash(createAccountRequest.password)
};
SetupUserFromCreateAccountRequest(user, createAccountRequest);
// Add the new user to the data store
await IdentityServiceLogicLayer.AddUserCreatingSyndicate(dbClient, user);
// Create an email verification link
Link link = await IdentityServiceLogicLayer.CreateLink(dbClient, IdentityServiceLogicLayer.LINK_TYPE_VERIFY_EMAIL_ADDRESS, user.ID);
Debug.AssertValid(link);
Debug.AssertString(link.ID);
//??--IdentityServiceLogicLayer.VerifyEmailLinkId = link.ID;
// Send email verification email
Dictionary <string, string> replacementFields = new Dictionary <string, string>();
replacementFields["link"] = link.ID;
EmailHelper.EmailTemplate(EmailHelper.EMAIL_TEMPLATE_CREATE_ACCOUNT, createAccountRequest.emailAddress, replacementFields);
// Indicate that a new user was created.
bReOpened = false;
}
else
{
// A user already exists with the supplied email address.
if (user.Closed != null)
{
// Account is closed so possibly re-open.
//??--if ((bool)GetIdentityGlobalSetting(GLOBAL_SETTING_USERS_CAN_REOPEN_ACCOUNT, true))
if (await IdentityServiceLogicLayer.GetBoolIdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_USERS_CAN_REOPEN_ACCOUNT, true))
{
// Accounts allowed to be re-opened
user.Closed = null;
// Setup the user
SetupUserFromCreateAccountRequest(user, createAccountRequest);
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
// Send account re-opened email
Dictionary <string, string> replacementFields = new Dictionary <string, string>();
EmailHelper.EmailTemplate(EmailHelper.EMAIL_TEMPLATE_ACCOUNT_REOPENED, createAccountRequest.emailAddress, replacementFields);
// Indicate that an existing, closed, user was re-opened.
bReOpened = true;
}
else
{
// Accounts cannot be re-opened so throw an error.
throw new Exception(IdentityServiceLogicLayer.ERROR_USER_ACCOUNT_CLOSED);
}
}
else
{
// Account is not closed so throw an error.
throw new Exception(IdentityServiceLogicLayer.ERROR_EMAIL_IN_USE);
}
}
return(new Tuple <User, bool>(user, bReOpened));
}
/**
* Set user password after reset.
*/
public static async Task SetUserPasswordAfterReset(AmazonDynamoDBClient dbClient, SetUserPasswordAfterResetRequest setUserPasswordAfterResetRequest)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertValid(setUserPasswordAfterResetRequest);
Debug.AssertString(setUserPasswordAfterResetRequest.resetPasswordLinkId);
Debug.AssertEmail(setUserPasswordAfterResetRequest.emailAddress);
Debug.AssertPassword(setUserPasswordAfterResetRequest.newPassword);
// Find the valid link
Link link = await IdentityServiceLogicLayer.FindValidLink(dbClient, setUserPasswordAfterResetRequest.resetPasswordLinkId, IdentityServiceLogicLayer.LINK_TYPE_RESET_PASSWORD);
Debug.AssertValidOrNull(link);
if (link != null)
{
// Valid link exists
Debug.Tested();
Debug.AssertID(link.UserID);
// Load the user
User user = await IdentityServiceLogicLayer.FindUserByID(dbClient, link.UserID, true);
Debug.AssertValidOrNull(user);
if (user != null)
{
Debug.Tested();
Debug.AssertEmail(user.EmailAddress);
if (user.EmailAddress == setUserPasswordAfterResetRequest.emailAddress)
{
// Email address matches user's email address
Debug.Tested();
// Make changes
user.PasswordHash = Helper.Hash(setUserPasswordAfterResetRequest.newPassword);
user.Locked = false;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
// Revoke link
link.Revoked = true;
//??++SAVE LINK
}
else
{
Debug.Tested();
throw new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS, new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS));
}
}
else
{
// User does not exist - may have been closed (and possibly subsequently deleted).
Debug.Tested();
throw new Exception(SharedLogicLayer.ERROR_INVALID_LINK_USER, new Exception(SharedLogicLayer.ERROR_INVALID_LINK_USER));
}
}
else
{
Debug.Tested();
throw new Exception(SharedLogicLayer.ERROR_INVALID_LINK, new Exception(SharedLogicLayer.ERROR_INVALID_LINK));
}
}
/**
* Set user email.
* If email is already in use then throw an exception.
*/
public static async Task SetUserEmail(AmazonDynamoDBClient dbClient, string userId, SetUserEmailRequest setUserEmailRequest)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertID(userId);
Debug.AssertValid(setUserEmailRequest);
Debug.AssertEmail(setUserEmailRequest.emailAddress);
// Check that the specified email address is not already in use.
User user = await IdentityServiceLogicLayer.FindUserByEmailAddressOrNewEmailAddress(dbClient, setUserEmailRequest.emailAddress);
Debug.AssertValidOrNull(user);
if (user != null)
{
Debug.Untested();
if (user.ID != userId)
{
Debug.Untested();
throw new Exception(IdentityServiceLogicLayer.ERROR_EMAIL_IN_USE);
}
}
//??-- foreach (var user_ in Users) {
// Debug.Tested();
// Debug.AssertValid(user_);
// if (user_.Deleted == null) {
// if (user_.ID != userId) {
// Debug.Tested();
// if ((user_.EmailAddress == setUserEmailRequest.emailAddress) ||
// (user_.NewEmailAddress == setUserEmailRequest.emailAddress)) {
// Debug.Tested();
// throw new Exception(ERROR_EMAIL_IN_USE);
// } else {
// Debug.Tested();
// }
// } else {
// Debug.Tested();
// }
// } else {
// Debug.Untested();
// }
// }
else
{
Debug.Untested();
// Load the user
user = await IdentityServiceLogicLayer.FindUserByID(dbClient, userId, true);
Debug.AssertValidOrNull(user);
}
if (user != null)
{
// User exists (not closed and not soft deleted)
Debug.Tested();
Debug.AssertNull(user.Closed);
Debug.AssertNull(user.Deleted);
if (user.NewEmailAddress == null)
{
// The user's email address is not already being changed.
Debug.Tested();
if (user.EmailAddress != setUserEmailRequest.emailAddress)
{
// The email address being changed to is different from the existing one.
Debug.Tested();
user.NewEmailAddress = setUserEmailRequest.emailAddress;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
// Send the validate link.
Link link = await IdentityServiceLogicLayer.CreateLink(dbClient, IdentityServiceLogicLayer.LINK_TYPE_VERIFY_EMAIL_ADDRESS, user.ID);
Debug.AssertValid(link);
Debug.AssertString(link.ID);
//??++SEND VERIFICATION EMAIL?
//??--IdentityServiceLogicLayer.VerifyEmailLinkId = link.ID;
LoggingHelper.LogMessage($"EMAIL VERIFICATION LINK ID: {link.ID}");
}
else
{
// The email address being changed to is the same as the existing one.
Debug.Tested();
}
}
else if (user.NewEmailAddress != setUserEmailRequest.emailAddress)
{
// The user's email address is already being changed but to a different address than the specified value.
Debug.Tested();
throw new Exception(IdentityServiceLogicLayer.ERROR_EMAIL_ALREADY_BEING_CHANGED);
}
else
{
// The user's email address is already being changed to the specified value.
Debug.Tested();
}
}
else
{
// User does not exist (or is closed or soft deleted)
Debug.Tested();
throw new Exception(IdentityServiceLogicLayer.ERROR_USER_NOT_FOUND);
}
}
/**
* Find a valid link with the ID and type passed in.
*/
internal static async Task <Link> FindValidLink(AmazonDynamoDBClient dbClient, string linkID, string type)
{
Debug.Untested();
Debug.AssertString(linkID);
Debug.AssertString(type);
//??--Debug.AssertValid(Links);
Link retVal = null;
var linkDBItem = await IdentityServiceDataLayer.GetLinkDBItemById(dbClient, linkID);
Debug.AssertValidOrNull(linkDBItem);
if (linkDBItem != null)
{
// A link with the specified ID exists.
Debug.Untested();
Link link = IdentityServiceDataLayer.LinkFromDBItem(linkDBItem);
Debug.AssertValid(link);
if (link.Type == type)
{
// Correct type
Debug.Untested();
if (link.Expires > DateTime.Now)
{
// Not expired
Debug.Untested();
if (!link.Revoked)
{
// Not revoked
Debug.Untested();
retVal = link;
}
else
{
// Revoked
Debug.Untested();
}
}
else
{
// Expired
Debug.Untested();
}
}
else
{
// Wrong type
Debug.Untested();
}
}
else
{
// Link not found
Debug.Untested();
}
//??-- if (Links.ContainsKey(linkID)) {
// Debug.Tested();
// retVal = Links[linkID];
// Debug.AssertValid(retVal);
// if (retVal.Type != type) {
// Debug.Tested();
// retVal = null;
// } else if (retVal.Expires <= DateTime.Now) {
// Debug.Tested();
// retVal = null;
// } else if (retVal.Revoked) {
// Debug.Tested();
// retVal = null;
// } else {
// Debug.Tested();
// }
// } else {
// Debug.Tested();
// }
return(retVal);
}
/**
* Get the ID of the logged in user from the access token.
* If the access token has expired then treat it as not existing and return zero (i.e. invalid ID).
*/
internal static async Task <string> UserIDFromAccessToken(AmazonDynamoDBClient dbClient, string accessTokenID)
{
Debug.Untested();
Debug.AssertValidOrNull(accessTokenID);
string retVal = Helper.INVALID_ID;
if (!string.IsNullOrEmpty(accessTokenID))
{
Debug.Untested();
var accessTokenDBItem = await IdentityServiceDataLayer.GetAccessTokenDBItemById(dbClient, accessTokenID);
Debug.AssertValidOrNull(accessTokenDBItem);
if (accessTokenDBItem != null)
{
// An access token with the specified ID exists.
Debug.Untested();
AccessToken accessToken = IdentityServiceDataLayer.AccessTokenFromDBItem(accessTokenDBItem);
Debug.AssertValid(accessToken);
if (accessToken.Expires > DateTime.Now)
{
// The access token has not expired.
Debug.Untested();
Debug.AssertID(accessToken.UserID);
retVal = accessToken.UserID;
}
else
{
// The access token has expired.
Debug.Untested();
}
}
else
{
// Access token not found.
Debug.Tested();
}
}
else
{
// Invalid (empty or null) access token.
Debug.Untested();
}
//??-- if (AccessTokens.ContainsKey(accessTokenID)) {
// Debug.Tested();
// AccessToken accessToken = AccessTokens[accessTokenID];
// Debug.AssertValid(accessToken);
// Debug.AssertValidOrNull(accessToken.User);
// if (accessToken.Expires > DateTime.Now) {
// // The access token has not expired.
// Debug.Tested();
// if (accessToken.User != null) {
// // Access token associated with a user.
// Debug.Tested();
// Debug.AssertID(accessToken.User.ID);
// retVal = accessToken.User.ID;
// } else {
// // Access token not associated with a user.
// Debug.Untested();
// }
// }
// else
// {
// // The access token has expired.
// Debug.Untested();
// }
// } else {
// // Access token not found.
// Debug.Tested();
// }
// } else {
// // Invalid (empty or null) access token.
// Debug.Untested();
// }
return(retVal);
}
/**
* Login.
* Returns an access token if successful, along with the access token's expiry time.
*/
public static async Task <Tuple <string, DateTime> > Login(AmazonDynamoDBClient dbClient, LoginRequest loginRequest)
{
Debug.Tested();
Debug.AssertValid(dbClient);
Debug.AssertValid(loginRequest);
Debug.AssertEmail(loginRequest.emailAddress);
Debug.AssertString(loginRequest.password);
// Find user with email and password hash
//??--User user = IdentityServiceLogicLayer.Users.Find(u => (u.EmailAddress == loginRequest.emailAddress));
User user = await IdentityServiceDataLayer.FindUserByEmailAddress(dbClient, loginRequest.emailAddress);
Debug.AssertValidOrNull(user);
if (user != null)
{
// User found with specified email address
Debug.Tested();
Debug.AssertID(user.ID);
if (user.Closed != null)
{
Debug.Tested();
throw new Exception(IdentityServiceLogicLayer.ERROR_USER_ACCOUNT_CLOSED);
}
else if (user.Blocked)
{
Debug.Tested();
throw new Exception(IdentityServiceLogicLayer.ERROR_USER_BLOCKED);
}
else if (user.Locked)
{
Debug.Tested();
throw new Exception(IdentityServiceLogicLayer.ERROR_USER_LOCKED);
}
else
{
// User is not closed, blocked or locked.
Debug.Tested();
if (user.PasswordHash == Helper.Hash(loginRequest.password))
{
// Correct password - log the user in.
Debug.Tested();
// Invalidate any existing access tokens
await IdentityServiceLogicLayer.InvalidateUserAccessTokens(dbClient, user.ID);
// Set the last login time to now
user.LastLoggedIn = DateTime.Now;
// Mark failed login attempts as zero
user.FailedLoginAttempts = 0;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
// Create a new access token
//??--Int64 accessTokenLifetime = (Int64)GetIdentityGlobalSetting(GLOBAL_SETTING_ACCESS_TOKEN_LIFETIME, DEFAULT_ACCESS_TOKEN_LIFETIME);
Int64 accessTokenLifetime = await IdentityServiceLogicLayer.GetInt64IdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_ACCESS_TOKEN_LIFETIME, IdentityServiceLogicLayer.DEFAULT_ACCESS_TOKEN_LIFETIME);
AccessToken accessToken = new AccessToken()
{
ID = RandomHelper.Next().ToString(),
UserID = user.ID,
Expires = DateTime.Now.AddSeconds(accessTokenLifetime)
};
// Setup the access token max expiry time
//??--Int64 maxUserLoginTime = (Int64)GetIdentityGlobalSetting(GLOBAL_SETTING_MAX_USER_LOGIN_TIME, DEFAULT_MAX_USER_LOGIN_TIME);
Int64 maxUserLoginTime = await IdentityServiceLogicLayer.GetInt64IdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_MAX_USER_LOGIN_TIME, IdentityServiceLogicLayer.DEFAULT_MAX_USER_LOGIN_TIME);
if ((user.MaxTimeLoggedIn == null) || (user.MaxTimeLoggedIn == 0))
{
Debug.Tested();
if (maxUserLoginTime != 0)
{
Debug.Tested();
accessToken.MaxExpiry = DateTime.Now.AddMinutes((UInt64)maxUserLoginTime);
}
else
{
Debug.Tested();
}
}
else
{
Debug.Tested();
if (maxUserLoginTime != 0)
{
Debug.Untested();
UInt64 maxUserLoginTime_ = Math.Min((UInt64)maxUserLoginTime, (UInt64)user.MaxTimeLoggedIn);
accessToken.MaxExpiry = DateTime.Now.AddMinutes(maxUserLoginTime_);
}
else
{
Debug.Tested();
accessToken.MaxExpiry = DateTime.Now.AddMinutes((UInt64)user.MaxTimeLoggedIn);
}
}
// Ensure the max expiry has not been exceeded
if ((accessToken.MaxExpiry != null) && (accessToken.Expires > accessToken.MaxExpiry))
{
Debug.Untested();
accessToken.Expires = (DateTime)accessToken.MaxExpiry;
}
else
{
Debug.Tested();
}
// Add the access token
//??--AccessTokens.Add(accessToken.ID, accessToken);
await IdentityServiceDataLayer.AddAccessToken(dbClient, accessToken);
// Return the access token ID and expiry date/time
//??--expiryTime = accessToken.Expires;
return(new Tuple <string, DateTime>(accessToken.ID, (DateTime)accessToken.Expires));
}
else
{
// Incorrect password
Debug.Tested();
//??--Int16 maxLoginAttempts = (Int16)GetIdentityGlobalSetting(GLOBAL_SETTING_LOCK_ON_FAILED_LOGIN_ATTEMPTS, DEFAULT_MAX_LOGIN_ATTEMPTS);
Int64 maxLoginAttempts = await IdentityServiceLogicLayer.GetInt64IdentityGlobalSetting(dbClient, IdentityServiceLogicLayer.GLOBAL_SETTING_LOCK_ON_FAILED_LOGIN_ATTEMPTS, IdentityServiceLogicLayer.DEFAULT_MAX_LOGIN_ATTEMPTS);
if (++user.FailedLoginAttempts == maxLoginAttempts)
{
// Too many password attempts - user locked.
Debug.Tested();
user.Locked = true;
// Save the user
await IdentityServiceDataLayer.SaveUser(dbClient, user);
throw new Exception(IdentityServiceLogicLayer.ERROR_USER_LOCKED);
}
else
{
Debug.Tested();
throw new Exception(IdentityServiceLogicLayer.ERROR_INCORRECT_PASSWORD);
}
}
}
}
else
{
Debug.Tested();
throw new Exception(SharedLogicLayer.ERROR_UNRECOGNIZED_EMAIL_ADDRESS);
}
}
/**
* Setup the test users.
*/
//??? internal static void SetupTestUsers() {
// Debug.Tested();
// int userNumber = 1;
// string userId = userNumber.ToString();
// // Add a super admin (with ID 1)
// AddUserCreatingSyndicate(new User() {
// ID = userId,
// EmailAddress = "*****@*****.**",
// PasswordHash = Helper.Hash("Passw0rd"),
// GivenName = "Stuart",
// FamilyName = "Prestedge"
// });
// Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_SUPER_ADMIN));
// Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN));
// Permissions.Add(new Tuple<string, string>(userId, PERMISSION_CAN_LOCK_SYSTEM));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_LOCK_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UNLOCK_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_PUBLISH_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_FREEZE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_GAME_CLOSE_DATE));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_GAME_DONATED_TO_CHARITY));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_DRAW));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_DRAW));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_DATE));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_AMOUNT));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_AUTO_DRAW));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_WINNING_NUMBER));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CLEAR_DRAW_WINNING_NUMBER));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_DRAW));
// userId = (++userNumber).ToString();
// // Add an admin (all permissions, with ID 2)
// AddUserCreatingSyndicate(new User() {
// ID = userId,
// EmailAddress = "*****@*****.**",
// PasswordHash = Helper.Hash("Passw0rd"),
// GivenName = "BDD",
// FamilyName = "Admin"
// });
// Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN));
// Permissions.Add(new Tuple<string, string>(userId, PERMISSION_CAN_LOCK_SYSTEM));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_LOCK_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UNLOCK_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_PUBLISH_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_FREEZE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_GAME_CLOSE_DATE));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_GAME_DONATED_TO_CHARITY));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_DRAW));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_DRAW));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_DATE));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_AMOUNT));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_AUTO_DRAW));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_SET_DRAW_WINNING_NUMBER));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CLEAR_DRAW_WINNING_NUMBER));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_DRAW));
// Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_BUY_TICKETS));
// Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_OFFER_TICKET));
// Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_REVOKE_TICKET));
// Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_ACCEPT_TICKET));
// Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_REJECT_TICKET));
// Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_RESERVE_TICKET));
// Permissions.Add(new Tuple<string, string>(userId, TicketingServiceLogicLayer.PERMISSION_CAN_GET_TICKET_AUDITS));
// userId = (++userNumber).ToString();
// // Add an admin (no permissions, with ID 3)
// AddUserCreatingSyndicate(new User() {
// ID = userId,
// EmailAddress = "*****@*****.**",
// PasswordHash = Helper.Hash("Passw0rd"),
// GivenName = "BDD",
// FamilyName = "Admin (no permissions)"
// });
// Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN));
// userId = (++userNumber).ToString();
// // Add a user (with ID 4)
// AddUserCreatingSyndicate(new User() {
// ID = userId,
// EmailAddress = "*****@*****.**",
// PasswordHash = Helper.Hash("Passw0rd"),
// GivenName = "BDD",
// FamilyName = "User"
// });
// userId = (++userNumber).ToString();
// // Add a second user (with ID 5)
// AddUserCreatingSyndicate(new User() {
// ID = userId,
// EmailAddress = "*****@*****.**",
// PasswordHash = Helper.Hash("Passw0rd"),
// GivenName = "BDD",
// FamilyName = "User 2"
// });
// userId = (++userNumber).ToString();
// // Add a editor user (with ID 6)
// AddUserCreatingSyndicate(new User() {
// ID = userId,
// EmailAddress = "*****@*****.**",
// PasswordHash = Helper.Hash("Passw0rd"),
// GivenName = "BDD",
// FamilyName = "User 6"
// });
// Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_LOCK_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_CREATE_DRAW));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UPDATE_DRAW));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_DELETE_DRAW));
// userId = (++userNumber).ToString();
// // Add a publisher user (with ID 7)
// AddUserCreatingSyndicate(new User() {
// ID = userId,
// EmailAddress = "*****@*****.**",
// PasswordHash = Helper.Hash("Passw0rd"),
// GivenName = "BDD",
// FamilyName = "User 2"
// });
// Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_PUBLISH_GAME));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_UNLOCK_GAME));
// userId = (++userNumber).ToString();
// // Add a freezer user (with ID 7)
// AddUserCreatingSyndicate(new User() {
// ID = userId,
// EmailAddress = "*****@*****.**",
// PasswordHash = Helper.Hash("Passw0rd"),
// GivenName = "BDD",
// FamilyName = "User 2"
// });
// Permissions.Add(new Tuple<string, string>(userId, PERMISSION_IS_ADMIN));
// Permissions.Add(new Tuple<string, string>(userId, GameServiceLogicLayer.PERMISSION_CAN_FREEZE_GAME));
// userId = (++userNumber).ToString();
// }
/**
* Find a user by ID.
*/
internal static async Task <User> FindUserByID(AmazonDynamoDBClient dbClient, string userId, bool ignoreClosed = false)
{
Debug.Untested();
Debug.AssertValid(dbClient);
Debug.AssertID(userId);
User retVal = null;
var userDBItem = await IdentityServiceDataLayer.GetUserDBItemById(dbClient, userId);
Debug.AssertValidOrNull(userDBItem);
if (userDBItem != null)
{
// A user with the specified ID exists.
Debug.Untested();
if (IdentityServiceDataLayer.GetUserDBItemDeleted(userDBItem) == null)
{
// The user is not deleted
if (!ignoreClosed || (IdentityServiceDataLayer.GetUserDBItemClosed(userDBItem) == null))
{
// Not ignoring closed or the user is not closed
retVal = IdentityServiceDataLayer.UserFromDBItem(userDBItem);
Debug.AssertValid(retVal);
}
else
{
// The user is closed and we are ignoring closed users.
Debug.Untested();
}
}
else
{
// The user is deleted
Debug.Untested();
}
}
else
{
// A user with the specified ID does not exist.
Debug.Untested();
}
//??-- foreach (User user in Users) {
// Debug.Tested();
// Debug.AssertValid(user);
// if (user.Deleted == null) {
// // The user record is not deleted
// Debug.Tested();
// if (user.ID == userId) {
// // Found user with specified ID.
// Debug.Tested();
// if (user.Closed == null) {
// // The user account is not closed so return it.
// Debug.Tested();
// retVal = user;
// } else if (!ignoreClosed) {
// // The user account is closed but, because we are not ignoring closed accounts, return it.
// Debug.Untested();
// retVal = user;
// } else {
// // Ignore the closed user account (i.e. return null).
// Debug.Tested();
// }
// break;
// } else {
// // User is not the one with the specified ID.
// Debug.Tested();
// }
// } else {
// // The user record has been soft deleted so ignore it.
// Debug.Untested();
// }
// }
return(retVal);
}
