public async Task <IActionResult> DeleteRole(uint id)
{
if (!ModelState.IsValid)
{
return(BadRequest());
}
Role r = await Db.Roles.FindAsync(id);
Db.Remove(r);
await Db.SaveChangesAsync();
return(RedirectToAction("ViewRoles"));
}
public async Task <IActionResult> Register(RegisterRequest req, [FromQuery] string redirect = "")
{
if (!ModelState.IsValid)
{
return(View());
}
try
{
ViewData["RedirectTo"] = new PathString(redirect);
}
catch (ArgumentException)
{
ViewData["RedirectTo"] = new PathString("");
}
var user = await Db.Users.SingleOrDefaultAsync(x => x.Username == req.Username && x.FullName == req.FullName);
if (user != null)
{
ModelState.AddModelError("", "User already exists");
return(View());
}
Invite inv = await Db.Invites
.SingleAsync(x => x.Uid == req.InviteID);
User newUser = new User()
{
RoleId = inv.RoleId, // Anonymous role
Username = req.Username,
FullName = req.FullName,
PasswordSalt = AuthUtils.GetRandomData(64)
};
newUser.PasswordHash = AuthUtils.GetHashFor(req.Password, newUser.PasswordSalt);
await Db.AddAsync(newUser);
Db.Remove(inv);
await Db.SaveChangesAsync();
var userIdentity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
userIdentity.AddClaims(new Claim[] {
new Claim(ClaimTypes.PrimarySid, newUser.Id.ToString()),
new Claim(ClaimTypes.NameIdentifier, newUser.Username),
new Claim(ClaimTypes.Name, newUser.FullName),
new Claim(ClaimTypes.Role, newUser.RoleId.ToString())
});
var principal = new ClaimsPrincipal(userIdentity);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
try
{
return(Redirect(new PathString(redirect)));
}
catch (ArgumentException)
{
return(RedirectToAction("News", "Issue"));
}
}
public async Task RemoveAsync(string key)
{
using (var ctx = new PBugContext(dbOptions))
{
Session s = await ctx.Sessions.FindAsync(Convert.FromBase64String(key));
if (s != null)
{
ctx.Remove(s);
await ctx.SaveChangesAsync();
}
}
}
public async Task <IActionResult> EditIssue([FromRoute] uint id, EditIssueRequest req)
{
if (!ModelState.IsValid)
{
return(View());
}
Issue i = await Db.Issues.FindAsync(id);
if (!HttpContext.UserCan("issue.editissue.all") &&
!(HttpContext.UserCan("issue.editissue.own") && ((int?)i.AuthorId ?? -1) == HttpContext.User.GetUserId()))
{
if (HttpContext.User.IsAnonymous())
{
return(Challenge());
}
else
{
return(Forbid());
}
}
string[] filesremovedproc = JsonSerializer.Deserialize <string[]>(req.RemovedFiles);
if (filesremovedproc.Length > 0 ||
req.NewName != i.Name ||
req.NewTags != i.Tags ||
req.NewDescription != i.Description ||
req.NewProjectID != i.ProjectId ||
req.NewAssigneeID != i.AssigneeId ||
req.NewStatus != i.Status ||
HttpContext.Request.Form.Files.Count > 0)
{
await Db.IssueActivities.AddIssueActivity(HttpContext, id, new EditIssueActivity()
{
OldName = i.Name,
NewName = req.NewName,
OldTags = i.Tags,
NewTags = req.NewTags ?? "",
OldDescription = i.Description,
NewDescription = req.NewDescription,
OldProjectId = i.ProjectId,
NewProjectId = req.NewProjectID,
OldAssigneeId = i.AssigneeId,
NewAssigneeId = req.NewAssigneeID == -1 ? null : new uint?((uint)req.NewAssigneeID),
OldStatus = i.Status,
NewStatus = req.NewStatus
});
i.Name = req.NewName;
i.Tags = req.NewTags ?? "";
i.Description = req.NewDescription;
i.ProjectId = req.NewProjectID;
i.AssigneeId = req.NewAssigneeID == -1 ? null : new uint?((uint)req.NewAssigneeID);
i.Status = req.NewStatus;
foreach (string uid in filesremovedproc)
{
if (Path.GetFileName(uid) != uid)
{
// Something's fishy...
return(Forbid());
}
Db.Remove(await Db.IssueFiles.FirstAsync(x => x.FileId == uid));
System.IO.File.Delete(Path.Combine("files", uid));
}
List <(IssueFile, IFormFile)> toProcess = new List <(IssueFile, IFormFile)>();
foreach (IFormFile file in HttpContext.Request.Form.Files)
{
toProcess.Add((
(await Db.IssueFiles.AddAsync(new IssueFile()
{
Issue = i,
FileName = file.FileName,
FileId = Convert.ToBase64String(AuthUtils.GetRandomData(12))
.Replace('/', '_')
.Replace('+', '-')
})).Entity,
file));
}
await Db.SaveChangesAsync();
foreach ((IssueFile, IFormFile)pack in toProcess)
{
using (FileStream fs = System.IO.File.OpenWrite(Path.Combine("files", pack.Item1.FileId)))
await pack.Item2.CopyToAsync(fs);
}
}
return(RedirectToAction("ViewTalk", new { id = id }));
}