public IActionResult ChangePassword(UserRegistrationModel existingUser) { //hash and store the password existingUser.HashedPassword = _passwordHelper.Hash(existingUser.Password); existingUser.RefreshMetadata(existingUser.UserName); //validate input model ModelState.Clear(); TryValidateModel(existingUser); if (!ModelState.IsValid) { //if invalid, return validation errors ModelState.AddModelError("", "Invalid input detected"); existingUser.Password = ""; existingUser.HashedPassword = ""; return(View("ManageAccount", existingUser)); } // Look for the user var user = _dbContext.Users.SingleOrDefault(x => x.UserName == HttpContext.User.Identity.Name); //sanity checks if (existingUser.UserName != user.UserName) { //if invalid, return validation errors ModelState.AddModelError("UserName", "You can't change another user's password!"); existingUser.Password = ""; existingUser.HashedPassword = ""; existingUser.UserName = user.UserName; return(View("ManageAccount", existingUser)); } //update metadata and password on DB copy of data (so we dont risk a request being allowed to update random unrelated fields!) user.RefreshMetadata(existingUser.UserName); user.HashedPassword = existingUser.HashedPassword;//already computed, so no need to do so again //persist to database _dbContext.Users.Update(user); _dbContext.SaveChanges(); //refresh the page existingUser.Password = ""; existingUser.HashedPassword = ""; existingUser.StatusMessage = "Password successfully changed!"; return(View("ManageAccount", existingUser)); }
public async Task <IActionResult> RegisterNewUserAsync(UserRegistrationModel newUser) { var adminNewUserSetupMode = ViewBag.IsAdmin ?? false; //update metadata newUser.RefreshMetadata(newUser.UserName); //hash and store the password newUser.HashedPassword = _passwordHelper.Hash(newUser.Password); //mark the user as active by default newUser.IsActive = true; //validate input model ModelState.Clear(); TryValidateModel(newUser); if (!ModelState.IsValid) { //if invalid, return validation errors ModelState.AddModelError("", "Invalid input detected"); newUser.Password = ""; newUser.HashedPassword = ""; return(View("Register", newUser)); } //if another user with the same user name exists, add a validation message and return the validation message to the page if (_dbContext.Users.Any(x => x.UserName == newUser.UserName)) { ModelState.AddModelError("UserName", "User Name already exists - please pick a different user name."); newUser.Password = ""; newUser.HashedPassword = ""; return(View("Register", newUser)); } //if this is the only user in the system, make them an admin if (_dbContext.Users.Where(x => x.IsActive).Count() == 0) { newUser.IsAdmin = true; } else { newUser.IsAdmin = false; } //persist to database _dbContext.Users.Add(newUser); _dbContext.SaveChanges(); if (adminNewUserSetupMode) { //redirect back to user management screen return(RedirectToAction("ManageUsers", "Admin")); } else { //log in the user await LoginUserAsync(newUser.UserName, newUser.RememberMe); //redirect to the home page return(RedirectToAction("Index", "Inventory")); } }